ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SpiderShield Security Scanner

v0.3.0

Security scanning and trust scoring for OpenClaw skills with commands for trust lookup, malware detection, config audit and auto-fix, rug pull detection, and...

0· 137·0 current·0 all-time
by@teehooai
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, commands, and declared permissions match a security scanner that audits OpenClaw config, pins content hashes, and queries a trust API. The scripts only call a 'spidershield' CLI / module (or curl to api.spiderrating.com for /check), and they read/write ~/.openclaw and ~/.spidershield as expected for audit/fix/pin operations. This is proportionate to the stated purpose.
!
Instruction Scope
The SKILL.md and bundled scripts are wrappers that delegate real work to an external 'spidershield' Python package (spidershield CLI or python3 -m spidershield). The wrappers access local config paths (~/.openclaw, ~/.spidershield) and will prompt before writing for fixes, which matches intent. However the SKILL.md asserts the local commands run "entirely locally"; that is only true if the external spidershield package behaves; the wrappers themselves make no effort to constrain network access or inspect what the installed package will do. Because the skill will execute third-party code on the user's machine, this is a scope risk (possible exfiltration, remote network calls, or arbitrary changes executed by the installed package).
!
Install Mechanism
There is no packaged install spec in the registry bundle — users are told to run 'pip install spidershield'. Installing and executing a PyPI package is the primary install path. That is a supply-chain risk: the package could contain arbitrary code, run with the user's privileges, and perform network I/O or modify files. The skill points to a GitHub repo (https://github.com/teehooai/spidershield) which helps review, but the registry does not vendor or pin the package or verify its origin. This elevates risk compared with an instruction-only wrapper that uses only built-in tools.
Credentials
The skill does not request environment variables or credentials in the manifest. It legitimately reads and may write OpenClaw config (~/.openclaw/) and stores pins under ~/.spidershield/, which aligns with its features. The proportionality concern is indirect: the external spidershield package (not included) could request credentials or read other files — the wrapper gives it that opportunity by invoking it.
Persistence & Privilege
The skill is not 'always:true' and does not request unusual system-wide privileges. It will create/use ~/.spidershield/ for pin data and may modify ~/.openclaw/ during 'fix' (with an explicit user confirmation prompt in the script). Autonomous invocation is allowed by default (disable-model-invocation: false) — combined with the install-time execution of an external package, that increases blast radius but is not itself proof of malicious intent.
What to consider before installing
This skill is a set of bash wrappers that call an external Python package (spidershield) or the SpiderRating API. The main risk is the external pip package: when you run 'pip install spidershield' the package's code will execute locally with your user privileges and could contact remote servers or modify files (including ~/.openclaw/). Before installing or running the local scan/fix/pin commands, do one or more of the following: 1) Inspect the spidershield package source at the referenced GitHub repo (https://github.com/teehooai/spidershield) or PyPI package code to verify it only does what you expect; 2) Prefer using the read-only /spidershield check command which only sends an author/skill slug to api.spiderrating.com (as documented) instead of installing the CLI; 3) Run 'pip install' in an isolated environment (virtualenv or throwaway container) and review the installed package before allowing it to access your real ~/.openclaw/; 4) If you need to run 'fix', use --dry-run first and back up ~/.openclaw/ before accepting changes; 5) Consider verifying the pip package's integrity (signed release, pinned version, or checksum) and the maintainers' reputation. If you cannot audit the spidershield package, treat installing and running the local commands as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk972dd05dypvcg1d6b9c9mv4en839zn2
137downloads
0stars
3versions
Updated 2h ago
v0.3.0
MIT-0
@teehooai
latest
Download

SpiderShield Security Scanner

Security scanning and trust scoring for OpenClaw skills. 6 commands covering the full security lifecycle: trust lookup, malware scan, config audit, auto-fix, rug pull detection, and bulk scanning.

4,000+ skills pre-scanned. Precision 93%+ (improving). 0.1s trust score lookup.

Setup

The /spidershield check command works immediately — no installation needed. It queries the SpiderRating Trust API (public, no key required).

For local scanning commands (scan, audit-config, fix, pin, scan-all), install the scanner:

pip install spidershield

Commands

/spidershield check <author/skill>

Check the Trust Score for a published skill. Queries the SpiderRating Trust Registry (4,000+ pre-scanned skills) and returns score, grade, capabilities, ecosystem ranking, and VirusTotal comparison.

Examples:

/spidershield check spclaudehome/web-search-pro
/spidershield check alice/my-skill

Output:

SpiderRating Skill Trust Report
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  Skill:      spclaudehome/web-search-pro
  Score:      7.2 / 10   Grade: B
  Verdict:    ✅ SAFE
  Precision:  93%+ (improving)

  📦 Capabilities:
    🌐 Browser  📦 Installs Deps  🔗 Webhook

  🔍 Security: 0 critical · 0 high · 1 medium · 0 low
    [HIGH] No sandbox — Agent can execute arbitrary shell commands

  📊 Ecosystem: #142 / 4,037 skills (Top 4%)
    Breakdown: Description 6.5 · Security 8.0 · Metadata 5.5
    Downloads: 5,000  Active installs: 42

  💡 Rated B (7.2/10) — safe to install.
  🔗 https://spiderrating.com/servers/spclaudehome__web-search-pro

Implementation: calls scripts/check.sh $1

/spidershield scan <path>

Scan a single skill for malicious patterns using 24 detection rules. Detects credential theft, prompt injection, crypto wallet access, obfuscated payloads, and more.

Examples:

/spidershield scan ./my-skill/
/spidershield scan ./my-skill/SKILL.md

Output:

SAFE — my-skill

or

MALICIOUS — evil-skill
  • Reads ~/.ssh/id_rsa and sends to external webhook
  • Base64-encoded shell command detected

Implementation: calls scripts/scan.sh $1

/spidershield audit-config [--skills] [--verify]

Audit your OpenClaw installation for insecure settings. Checks 10 configuration items including gateway binding, auth strength, sandbox mode, and file permissions.

Options:

  • --skills — Also scan all installed skills for malware
  • --verify — Also verify pinned skills for tampering

Examples:

/spidershield audit-config
/spidershield audit-config --skills --verify

Implementation: calls scripts/audit-config.sh

/spidershield fix [--dry-run]

Scan OpenClaw config and auto-fix insecure settings. Shows before/after score change.

Options:

  • --dry-run — Preview what would be fixed without making changes

Examples:

/spidershield fix --dry-run
/spidershield fix

Output:

Score: 5.2/10 -> 8.1/10
Fixed: gateway binding, auth strength, sandbox mode

Implementation: calls scripts/fix.sh

/spidershield pin add|verify|list|remove [path]

Pin skill content hashes to detect rug pull attacks — when a skill is silently modified after installation (supply chain attack).

Subcommands:

  • pin add <path> — Record current content hash
  • pin verify [path] — Check if any pinned skills were modified
  • pin list — Show all pinned skills
  • pin remove <name> — Remove a pin

Examples:

/spidershield pin add ~/.openclaw/skills/web-search-pro/
/spidershield pin verify
/spidershield pin list

Output:

OK web-search-pro
TAMPERED evil-skill
  - Content hash changed since pin (possible rug pull)

Results: 12 OK, 1 TAMPERED, 0 UNKNOWN

Implementation: calls scripts/pin.sh $1 $2

/spidershield scan-all

Scan ALL installed OpenClaw skills for malicious patterns in one command. Equivalent to /spidershield audit-config --skills.

Example:

/spidershield scan-all

Implementation: calls scripts/scan-all.sh

Privacy

  • /check: sends only author/skill slug to SpiderRating API
  • /scan, /audit-config, /fix, /pin, /scan-all: run entirely locally — no data leaves your machine
  • SpiderRating never stores your code, credentials, or session data

Links

Comments

Loading comments...