ai-skill-scannerScan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.
Install via ClawdBot CLI:
clawdbot install HugoSbl/ai-skill-scannerGrade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Potentially destructive shell commands in tool definitions
eval(Uses known external API (expected, informational)
api.anthropic.comAudited Apr 17, 2026 · audit v1.0
Generated Mar 1, 2026
Large organizations deploying AI agents across departments use this skill to vet third-party skills before integration. It helps ensure compliance with security policies and prevents credential leaks from untrusted sources, reducing risk in regulated industries like finance or healthcare.
Platforms hosting AI skill marketplaces integrate this scanner to automatically check uploaded skills for malicious code. It provides a safety rating for each skill, building user trust and preventing the spread of malware within developer ecosystems.
Universities and training labs use this tool to scan student-created skills in AI courses. It teaches security best practices by identifying vulnerabilities like prompt injection, ensuring a safe learning environment without exposing sensitive data.
Compliance teams in corporations employ this skill to audit AI agent skills for regulatory adherence. It detects suspicious patterns that might violate data protection laws, aiding in risk assessments and audit trails for legal oversight.
Open-source maintainers use the scanner to review contributions for security flaws before merging. It helps prevent the introduction of backdoors or credential exfiltration in community-driven projects, enhancing overall project integrity.
Offer a free basic scanning version with limited rules, then charge for advanced features like custom rule sets, priority support, and integration APIs. Revenue comes from subscriptions tailored to enterprises needing deeper security analysis.
License the scanner to AI skill marketplaces as a built-in safety feature. Charge based on usage volume or a flat fee, providing real-time scanning that boosts platform credibility and reduces liability from malicious skills.
Provide security consulting services where the tool is customized for specific client needs, such as adding industry-specific detection rules. Revenue is generated through project-based fees and ongoing maintenance contracts.
💬 Integration Tip
Integrate the scanner into CI/CD pipelines to automatically check skills during deployment, ensuring continuous security without manual intervention.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.