⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

🔐 Security & Audit

Security Checkerv1.0.1

Name: Security Checker
Author: johstracke

security-checker

johstracke

Security scanner for Python skills before publishing to ClawHub. Use before publishing any skill to check for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions like eval/exec/subprocess. Essential for maintaining trust and ensuring published skills are safe for others to install and run.

securitysecurity-scan

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

1.5K

Stars

CreatedFeb 7, 2026

UpdatedFeb 28, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install johstracke/security-checker

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B60/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation7/35

· 1 installs (minimal)
· 1118 downloads (moderate demand)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness8/15

· skillAssets present (1 files)

Security Analysis

💙 Low Risk

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

eval(

Audited Apr 17, 2026 · audit v1.0

💡

Usage Guide

Generated Mar 21, 2026

Python developersAI skill creatorsSecurity auditorsOpen-source maintainersbeginner

💡 Application Scenarios

Pre-Publishing Code Review for AI Skill DevelopersSoftware Development, AI Platforms

Developers creating Python skills for ClawHub use this tool to scan their code before publishing, ensuring it doesn't contain dangerous imports, hardcoded secrets, or unsafe operations. This helps maintain trust and safety in the community by preventing malicious or vulnerable code from being distributed.

Compliance and Security Auditing for Open Source ProjectsOpen Source, DevOps

Open-source project maintainers integrate this scanner into their CI/CD pipelines to automatically check contributions for security risks like eval/exec usage or exposed secrets. It ensures code quality and reduces manual review effort, especially for projects with many contributors.

Educational Tool for Secure Coding PracticesEducation, Training

Instructors in coding bootcamps or university courses use this tool to teach students about common security pitfalls in Python, such as avoiding hardcoded API keys and dangerous functions. It provides practical, hands-on feedback to reinforce safe development habits.

Internal Security Policy Enforcement for EnterprisesEnterprise IT, Cybersecurity

Companies with internal skill development teams deploy this scanner to enforce security policies, ensuring all custom Python tools meet safety standards before deployment. It helps prevent data breaches and operational risks by flagging risky code patterns automatically.

Quality Assurance for Third-Party Skill MarketplacesE-commerce, Platform Ecosystems

Marketplace operators like ClawHub use this tool to vet submitted skills, scanning for vulnerabilities before listing them publicly. This builds user trust by ensuring all available skills are safe and reduces support issues related to malicious code.

💼 Business Models

Freemium Tool with Premium FeaturesSubscription fees, tiered pricing

Offer a basic version for free to attract users, with premium features like detailed reporting, integration with CI/CD tools, or advanced scanning for obfuscated code. Revenue comes from subscriptions for teams or enterprises needing enhanced security.

Integration as a Service for PlatformsLicensing fees, annual contracts

License the scanner to platforms like ClawHub or other AI marketplaces, where it's embedded as a mandatory pre-publish check. Revenue is generated through licensing fees based on usage volume or a flat annual rate for platform-wide integration.

Consulting and Customization ServicesProject fees, retainer agreements

Provide consulting services to organizations needing tailored security scans, such as adding custom rules for specific industries or integrating with proprietary systems. Revenue comes from project-based fees and ongoing support contracts.

💬 Integration Tip

Integrate the scanner into pre-commit hooks or CI pipelines to automate security checks, ensuring all code changes are scanned before merging or publishing.