skill-net
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: skill-net Version: 3.0.0 The skill bundle is a diagnostic tool designed to analyze the OpenClaw skill ecosystem by scanning local directories (~/.openclaw/skills) for dependency relationships and metadata. The primary script, scripts/analyze_deps.py, uses standard Python libraries to perform local file I/O and regex-based parsing to generate health reports and dependency graphs. There is no evidence of network activity, data exfiltration, obfuscation, or malicious prompt injection; the code and instructions are transparent and strictly aligned with the stated purpose of ecosystem health monitoring.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run a local Python script on your machine to inspect OpenClaw skill files.
The skill's normal workflow runs an included Python analyzer locally. This is expected for the diagnostic purpose, but users should know local code will execute.
python3 scripts/analyze_deps.py # default: ZH then EN
Run it from the intended skill directory, avoid elevated privileges, and review the script if you need high assurance.
Generated reports could expose local skill names, relationships, and metadata if shared, and cached data may become stale.
The skill creates persistent local summaries from installed skill files. Reports may reveal a user's installed skill inventory and can reflect whatever text exists in those local SKILL.md files.
walk `~/.openclaw/skills/` and `~/.openclaw/workspace/skills/`, read every SKILL.md ... save `data/ecosystem.json` + `data/report.md`
Review generated reports before sharing them and rerun a fresh scan when accuracy matters.
A user who manually installs requirements may fetch an additional package version not tightly pinned by the skill.
A requirements file declares a lower-bound dependency even though no install spec is present. There is no evidence it is installed automatically, but the dependency declaration is looser than ideal.
PyYAML>=6.0
Publisher should either remove the unused requirements file or pin/declare dependencies consistently; users should not install requirements unless needed.