⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

🛡️ Agent Security

Skill Security Scannerv1.1.0

Name: Skill Security Scanner
Author: vincentchan

claw-skill-guard

vincentchan

Security scanner for OpenClaw skills. Detects malicious patterns, suspicious URLs, and install traps before you install a skill. Use before installing ANY sk...

security

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

1.8K

Stars

CreatedFeb 6, 2026

UpdatedFeb 26, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install vincentchan/claw-skill-guard

Skill Package10 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B60/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation10/35

· 3 installs (very low)
· 1234 downloads (moderate demand)
· 4 stars

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness11/15

Security Analysis

🔴 High Risk

UNKNOWN_DATA_SINKhigh

Sends data to undocumented external endpoint (potential exfiltration)

report → https://clawhub.com/user/malicious-skill

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

curl \| bash

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://github.com/vincentchan/clawd-workspace/tree/master/skills/claw-skill-gua

KNOWN_EXTERNALlow

Uses known external API (expected, informational)

raw.githubusercontent.com

💡

Usage Guide

Generated Mar 1, 2026

OpenClaw developers and administratorsIT security professionals in AI-driven organizationsbeginner

💡 Application Scenarios

Open-Source AI Platform SecurityTechnology/Software Development

Organizations using OpenClaw for AI agents need to vet third-party skills from ClawHub to prevent malware injection. This scanner helps DevOps teams automatically check skills for malicious code before deployment, ensuring secure AI workflows in production environments.

Enterprise AI IntegrationCorporate/IT Services

Large enterprises integrating AI skills into business processes, such as customer service or data analysis, require security audits. The scanner enables IT security teams to enforce policies by scanning skills for suspicious patterns like unauthorized sudo commands or credential access, mitigating insider threats.

Educational AI ResearchEducation/Research

Universities and research labs using OpenClaw for AI projects must protect sensitive data. This tool allows students and researchers to safely experiment with external skills by detecting risks like unknown URLs or obfuscated code, preventing data breaches in academic settings.

Freelancer AI DevelopmentFreelance/Consulting

Freelance developers building custom AI solutions for clients need to ensure the skills they use are trustworthy. The scanner provides a quick way to validate skills from various sources, flagging high-risk patterns such as npm installs of unknown packages, helping maintain client security and reputation.

Startup AI PrototypingStartups/Innovation

Startups rapidly prototyping AI agents with OpenClaw can use this scanner to avoid security pitfalls during development. It helps catch critical issues like curl | bash commands early, reducing the risk of malware that could compromise intellectual property or user data.

💼 Business Models

Freemium Security ToolSubscription-based, with tiers from $10/month to $1000+/year for enterprises

Offer a basic version of the scanner for free to individual developers and small teams, with premium features like advanced pattern detection, API access, and team management for enterprises. Revenue comes from subscription fees for premium tiers and enterprise licenses.

Consulting and Integration ServicesProject-based fees starting at $5000, plus annual support contracts

Provide paid consulting services to help organizations integrate the scanner into their CI/CD pipelines or AGENTS.md policies. Revenue is generated through one-time setup fees, ongoing support contracts, and custom pattern development for specific industry needs.

Open-Source with SponsorshipSponsorships and donations, potentially $1000-$50000 annually depending on adoption

Maintain the scanner as open-source to build community trust and adoption, while generating revenue through sponsorships from companies using it, donations via platforms like GitHub Sponsors, and grants for security research. This model fosters collaboration and continuous improvement.

💬 Integration Tip

Add the scanner to your AGENTS.md as a mandatory pre-installation step and use the provided pre-commit hook for automated scanning in development workflows.