ClawShield Lite – AI Skill Security Scanner
v1.0.0Scans AI skills for potential security risks and unsafe commands
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (static security scanner) matches the included files (main.py, rules.json, README, SKILL.md). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and main.py instruct the agent to read code from stdin and scan it against rules.json. The runtime only reads rules.json from the same package and does not reference other system paths, environment variables, or external endpoints.
Install Mechanism
There is no install spec and the tool uses only the Python standard library. No downloads, extract steps, or third‑party packages are required.
Credentials
The skill requests no environment variables, credentials, or config paths. All required inputs are provided via stdin and the local rules.json file.
Persistence & Privilege
Flags show the skill is not forced-always and does not modify agent/system configuration. It runs on-demand and does not persist credentials or change other skills.
Assessment
This skill appears coherent and low-risk: it statically scans text from stdin against local patterns. Before installing, consider that pattern-based scanners have limitations — they can produce false positives and false negatives (they may miss obfuscated or novel malicious code). Review and, if needed, expand rules.json to cover patterns important to you. Because the skill's source and homepage are unknown, prefer running it in a sandbox or CI job first, manually inspect rules.json and main.py yourself, and do not rely solely on this tool for security decisions; combine it with AST-based analysis and manual review for higher assurance.Like a lobster shell, security has layers — review code before you run it.
#security #ai #scanner #safety #analysisvk970dq95pm1m7qrrrh0zdwa6k983me1zlatestvk970dq95pm1m7qrrrh0zdwa6k983me1z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.