skill-scanSecurity scanner for OpenClaw skill packages. Scans skills for malicious code, evasion techniques, prompt injection, and misaligned behavior BEFORE installation. Use to audit any skill from ClawHub or local directories.
Install via ClawdBot CLI:
clawdbot install dgriffin831/skill-scanMulti-layered security scanner for OpenClaw skill packages. Detects malicious code, evasion techniques, prompt injection, and misaligned behavior through static analysis and optional LLM-powered deep inspection. Run this BEFORE installing or enabling any untrusted skill.
--json, --compact, --quietMANDATORY before installing or enabling:
RECOMMENDED for periodic audits of already-installed skills.
# Scan a local skill directory
skill-scan scan /path/to/skill
# Scan a skill from ClawHub before installing it
skill-scan scan-hub some-skill-slug
# Batch scan all installed skills
skill-scan batch /path/to/skills-directory
# JSON output for programmatic use
skill-scan scan-hub some-skill-slug --json
# Quiet mode (just score + verdict)
skill-scan scan-hub some-skill-slug --quiet| Risk | Score | Action |
|------|-------|--------|
| LOW | 80-100 | Safe to install |
| MEDIUM | 50-79 | Review findings before installing |
| HIGH | 20-49 | Do NOT install ā serious threats detected |
| CRITICAL | 0-19 | Do NOT install ā multiple critical threats |
0 ā LOW risk (safe to proceed)1 ā MEDIUM or higher (block installation)skill-scan scan-hub slug --llm # Always run deep analysis (layers 4-5)
skill-scan scan-hub slug --llm-auto # LLM only if pattern scan finds MEDIUM+
skill-scan scan-hub slug --llm-only # Skip patterns, LLM analysis onlyProvider auto-detected from environment:
OPENAI_API_KEY -> gpt-4o-miniANTHROPIC_API_KEY -> claude-sonnet-4-5When the user asks to install a skill from ClawHub, follow this workflow:
skill-scan scan-hub BEFORE installingWhen a scan finds MEDIUM or higher risk:
š”ļø Skill-Scan Alert: {RISK_LEVEL} ({SCORE}/100)
Skill: {slug}
Findings: {count} issue(s) detected
Top threat: {highest severity finding title}
Action: Installation blocked pending review.To integrate skill-scan into your agent's workflow, add ONE of the following templates to your AGENTS.md (or equivalent agent instructions file).
All ClawHub skill installs are automatically scanned before installation. No manual step needed.
## Skill-Scan ā Automatic Pre-Install Security Scanning
BEFORE installing any skill from ClawHub, you MUST scan it with skill-scan first. This is non-negotiable ā never skip the scan.
### Workflow
1. When the user asks to install a skill (e.g. `clawhub install <slug>`), run the scan FIRST: skill-scan scan-hub
2. **Check the exit code and output**:
- **Exit code 0 (LOW risk)** ā proceed with `clawhub install <slug>`
- **Exit code 1 (MEDIUM risk)** ā show findings to the user, ask whether to proceed
- **Exit code 1 (HIGH/CRITICAL risk)** ā BLOCK installation, show the full report
3. **Never install a HIGH or CRITICAL risk skill** without explicit user override
4. **Always show the scan summary** to the user before proceeding with installation
### Periodic Audits
When asked to audit installed skills, batch scan the skills directory:skill-scan batch {skillsDir}
### LLM Deep Analysis
For high-stakes installs or when pattern scan returns MEDIUM, escalate to LLM analysis:skill-scan scan-hub
Skills are only scanned when the user explicitly asks. Installation proceeds without automatic checks.
## Skill-Scan ā On-Demand Skill Security Scanning
skill-scan is available to audit skill packages for security threats. Use it when the user requests a security scan.
### Commands
- **Scan a ClawHub skill**: `skill-scan scan-hub <slug>`
- **Scan a local skill**: `skill-scan scan /path/to/skill`
- **Batch scan installed skills**: `skill-scan batch {skillsDir}`
- **Deep analysis with LLM**: add `--llm` or `--llm-auto` to any scan command
### Risk Levels
- **LOW (80-100)** ā safe, no significant threats
- **MEDIUM (50-79)** ā review findings, use caution
- **HIGH (20-49)** ā serious threats, do not install
- **CRITICAL (0-19)** ā multiple critical threats, do not install
### When the User Asks to Scan
1. Run the appropriate scan command
2. Show the scan summary (score, risk level, finding count)
3. If MEDIUM+, list the top findings with severity and description
4. Let the user decide what to doWhen this skill is first installed, ask the user:
How should skill-scan integrate with your workflow?
>
1. Automatic (Recommended) ā Every clawhub install is scanned first. HIGH/CRITICAL installs are blocked automatically.
2. Manual ā Scanning only happens when you explicitly ask for it.
Based on their choice, add the corresponding template (Option A or Option B above) to the project's AGENTS.md.
Execution threats ā eval(), exec(), child_process, dynamic imports
Credential theft ā .env access, API keys, tokens, private keys, wallet files
Data exfiltration ā fetch(), axios, requests, sockets, webhooks
Filesystem manipulation ā Write/delete/rename operations
Obfuscation ā Base64, hex, unicode encoding, string construction
Prompt injection ā Jailbreaks, invisible characters, homoglyphs, roleplay framing, encoded instructions
Behavioral signatures ā Compound patterns: data exfiltration, trojan skills, evasive malware, persistent backdoors
httpx>=0.27 (for LLM API calls only)--llm modes (static analysis is self-contained)Generated Mar 1, 2026
Large organizations deploying AI agents with custom skills from public repositories use skill-scan to vet third-party packages before installation. It ensures compliance with internal security policies by detecting malicious code and prompt injection risks, preventing data breaches and unauthorized access.
Platforms like ClawHub integrate skill-scan to automatically screen uploaded skills for security threats before listing them publicly. This reduces the risk of distributing harmful packages, builds user trust, and maintains platform integrity through continuous monitoring and batch scanning.
Development teams incorporate skill-scan into their continuous integration workflows to audit custom skills during build processes. It catches evasion techniques and misaligned behavior early, ensuring only secure, vetted code is deployed in production AI agents.
Academic institutions and research labs use skill-scan to analyze AI agent skills for ethical alignment and security vulnerabilities. It helps students and researchers identify potential risks in experimental packages, promoting safe AI development practices.
MSPs offering AI agent management services deploy skill-scan to periodically audit installed skills across client environments. It detects credential theft and data exfiltration threats, enabling proactive security updates and risk mitigation for multiple clients.
Offer a free tier for basic scanning with limited features, while charging for advanced capabilities like LLM-powered deep analysis, batch scanning, and detailed reporting. This attracts individual users and small teams, with upsells to enterprises needing comprehensive security.
Sell annual licenses to large organizations for integrating skill-scan into their internal security frameworks. Include custom rule sets, priority support, and API access for seamless workflow automation, targeting sectors like finance and healthcare with high security needs.
Partner with platforms like ClawHub to embed skill-scan as a default security tool, taking a percentage of transaction fees from skill sales or charging per scan. This leverages existing user bases and drives adoption through mandatory pre-install checks.
š¬ Integration Tip
Integrate skill-scan early in your agent's workflow by adding the automatic scanning template to AGENTS.md, ensuring all skill installations are vetted for security risks before execution.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack š¦
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper ā gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard ā runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...