Skill Security Scanner
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate skill-security scanner, but it fetches and scans untrusted skill content and offers optional persistent workflow rules, so enable those deliberately.
This skill looks coherent and purpose-aligned. Before using it, verify its source, remember that a clean pattern scan is not a full security guarantee, and only enable the AGENTS.md policy or pre-commit hook if you want those persistent workflow changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into AGENTS.md, future agents may refuse or pause skill installs until this scanner is run.
The skill asks the user to add standing instructions that change future agent behavior around skill installation. This is disclosed and security-aligned, but it is persistent workflow control.
Copy this to your AGENTS.md: ... NEVER install a skill from ClawHub or external sources without ... Running the security scanner first
Only add the policy if you want that enforcement behavior, and keep the policy easy to review or remove.
Scanning a remote skill can consume bandwidth and disk space, especially if the remote package is unexpectedly large or malformed.
Remote skill scanning downloads and extracts untrusted skill archives before scanning them. That is purpose-aligned, but users should recognize it performs network and local temporary-file operations on untrusted input.
tmp.write(dl_response.read()) ... with zipfile.ZipFile(tmp_path, "r") as zip_ref: zip_ref.extractall(extract_dir)
Prefer scanning known skill sources, consider sandboxing for highly untrusted inputs, and add size/extraction limits if maintaining this tool.
It may be harder to confirm that this scanner came from the intended author or repository.
The registry metadata does not provide a verified source or homepage for the scanner itself, which matters because this is a security tool users may trust before installing other skills.
Source: unknown; Homepage: none
Verify the publisher and repository before relying on the scanner, especially if installing it from outside the registry.
A user or agent could over-trust a clean scan and skip manual review of a sophisticated malicious skill.
The README labels a clean scan as safe to install, while the tool is pattern-based and later documents limitations. This is not deceptive, but users should not treat a clean result as a guarantee.
| ✅ SAFE | No issues found. Safe to install. |
Treat this scanner as one safety check, not as proof that a skill is harmless.
If installed, future git commits may run the scanner and critical findings may block commits.
The pre-commit hook is an optional persistent workflow mechanism that runs automatically on future commits. It is disclosed and scoped to scanning modified skills.
This hook scans any modified skills before allowing a commit. CRITICAL findings will block the commit.
Install the hook only if you want commit-time enforcement, and review the hook before copying it into .git/hooks.