Skill Security Scanner
Security checks across malware telemetry and agentic risk
Overview
This security scanner mostly matches its stated purpose, but one included CLI wrapper can let a crafted scan target run unintended shell commands.
Review before installing or using. Prefer running the documented scripts/scan.sh with a clearly typed, trusted target, avoid passing untrusted shell-like strings to the root index.js wrapper, and check any generated LLM prompt for sensitive code before approving semantic analysis.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrapper is used with an untrusted skill URL/path/name, the scanner could execute unintended local shell commands.
The wrapper concatenates raw command-line arguments into a shell command. A malicious or malformed scan target containing shell metacharacters could cause arbitrary commands to run as the local user.
const args = process.argv.slice(2).join(' ');
const result = execSync(`"${scriptDir}/scripts/scan.sh" ${args}`, {Replace execSync with execFileSync/spawn using an argument array, validate allowed target formats, and avoid passing untrusted strings through the shell.
Private or proprietary skill source code may be included in the LLM analysis context if the user approves semantic analysis.
The skill discloses that, after user confirmation, risky file code and context are placed into an LLM analysis prompt. This is purpose-aligned, but it may expose private local skill code to the agent/model context.
用户确认后才生成提示 ... LLM 语义分析提示(包含:风险文件代码 + 上下文)
Review the generated prompt before semantic analysis and avoid sending code that contains secrets or proprietary information unless that sharing is acceptable.