Skill
v0.6.1Security audit tool for ClawHub skills. Scans a skill directory with 65 detection patterns, anti-obfuscation analysis, and dual rating system (Security + Com...
⭐ 0· 664·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (skill-shield, security auditor) matches the code and SKILL.md: it ships a Python scanner (scripts/scan.py) and test harness. There are no unrelated environment variables, binaries, or install steps requested. The scanner's permission-audit feature explains why it will compare declared SKILL.md permissions to tools discovered in code.
Instruction Scope
The runtime instructions tell the agent to run python3 scripts/scan.py on a skill directory — that naturally requires reading all files under the supplied directory (including .env, scripts, docs, etc.). This is expected for a scanner, but you should be aware it will read any sensitive files placed in the scanned directory. The SKILL.md and scanner also intentionally decode base64/hex to detect obfuscation (explains the base64 decode finding).
Install Mechanism
No install spec or third-party downloads are present; the tool is instruction-only and provides Python scripts. This is the lowest-risk install mechanism. It assumes a Python3 runtime available on PATH.
Credentials
The skill declares no required environment variables or credentials. The scanner does look for credential-like strings (e.g., .ssh, .aws) inside scanned content but does not itself request secrets. This is proportionate to an auditing tool.
Persistence & Privilege
The skill does not request permanent inclusion (always: false). It does not modify other skills or system-wide settings. Model invocation is allowed (default), which is normal for skills; there are no additional elevated privileges requested.
Scan Findings in Context
[base64_decode] expected: The scanner advertises anti-obfuscation analysis and explicitly decodes base64/hex to re-scan decoded content. The static finding of base64.b64decode in scripts/scan.py is consistent with that feature and not unexpected.
Assessment
This tool appears to do what it says: it reads a skill directory and flags dangerous patterns. Before using it, keep in mind: (1) it will read every file you point it at — don't scan directories that contain private keys or secrets you don't want loaded by a third-party script; run the scanner in an isolated/sandboxed environment if you are unsure. (2) The scanner intentionally suppresses or reduces severity for patterns inside strings, docs, and pattern-definition blocks (to avoid false positives). That behavior is reasonable for a scanner, but it can be abused by a malicious author who formats dangerous code to look like a pattern definition or comment — treat its 'A'/'B' grade as a starting point and manually inspect any high-sensitivity items the scanner flags, especially undeclared permissions (gateway, write, nodes, edit, etc.). (3) Reports embedded in the package appear to be snapshots (older version numbers in reports); prefer running the bundled scanner yourself rather than relying on packaged reports. Overall: the package is coherent with its purpose, but do manual review and run it in a safe environment when scanning untrusted skill directories.Like a lobster shell, security has layers — review code before you run it.
auditvk972zcty46m2741zyz300mmqks81k413latestvk97c9g7m5hp4qrgg3nwrnqtfwx81qn9xsecurityvk972zcty46m2741zyz300mmqks81k413
License
MIT-0
Free to use, modify, and redistribute. No attribution required.