ClawHub

Skill Security Scanner

v1.1.0

Security scanner for OpenClaw skills. Detects malicious patterns, suspicious URLs, and install traps before you install a skill. Use before installing ANY sk...

5· 1.7k·4 current·4 all-time
by@vincentchan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (security scanner) match the included code and patterns. The script fetches skills (ClawHub/GitHub/raw URLs), extracts archives, and runs regex checks — all expected for a pre-install scanner. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md and README instruct users to run the scanner before installing skills, add a policy to AGENTS.md, or install a pre-commit hook. The instructions reference only scanner operations (scan, scan-all, check-url) and do not instruct the agent to read unrelated secrets or to send scanned data to third parties. The enforcement recommendations are manual and limited in scope.
Install Mechanism
No install spec; the skill is delivered as instruction + code files. There are no download-from-arbitrary-URL installers in the skill itself. The scanner does download remote skill zip archives when asked to scan a remote ClawHub skill — this is expected behavior for its purpose, and the code extracts to a temp dir and does not execute extracted files.
Credentials
The skill requests no environment variables, no credentials, and no special config paths. Network access is required to fetch remote skills/URLs (expected). The allowlist and pattern files are local and explainable. There are no hidden requests for tokens/keys.
Persistence & Privilege
always is false and user-invocable is true — appropriate for a utility scanner. The skill does not modify other skills' configurations or agent-wide settings. Pre-commit/CI integration examples are optional and run only when the user installs them.
Assessment
This skill appears to do what it says: it downloads skill bundles (when asked), extracts them to temporary directories, and performs pattern-based checks. That behavior is necessary for a pre-install scanner and is not itself malicious. Before installing or running it: 1) review the scanner code (scripts/scanner.py) yourself or run it in a sandbox to confirm behavior; 2) remember pattern-based scanners have false positives and false negatives — don't rely on it as the sole defense; 3) when integrating into CI or pre-commit hooks, check the hook logic so you understand when commits can be blocked or bypassed (git commit --no-verify); and 4) keep the allowlist/patterns under version control and review updates from third parties before trusting them. If you want higher assurance, run the scanner in an offline environment or container and inspect downloaded skill contents before any install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97716gejng3nntdx6njw4gx7s815s5s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments