skill-scannerScan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
Install via ClawdBot CLI:
clawdbot install bvinci1-design/skill-scannerGrade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/passwdPotentially destructive shell commands in tool definitions
rm -rf /Accesses system directories or attempts privilege escalation
/etc/cronCalls external URL not in known-safe list
https://github.com/bvinci1-design/skill-scanner.gitGenerated Mar 1, 2026
Large organizations deploying multiple AI agents across departments use Skill Scanner to vet third-party skill packages before integration, ensuring compliance with internal security policies and preventing data breaches. It scans for malicious code in skills that handle sensitive data, such as financial or customer information, mitigating risks of data exfiltration.
Marketplace platforms for AI agent skills integrate Skill Scanner as a mandatory pre-upload check to automatically scan developer-submitted skills for malware and spyware. This maintains platform trust by preventing harmful skills from being listed, protecting end-users from crypto-mining or backdoor threats in shared repositories.
Healthcare or government agencies using AI agents for tasks like data processing employ Skill Scanner to audit skills for security vulnerabilities, ensuring they meet regulatory standards such as HIPAA or GDPR. It detects system modification attempts and obfuscation techniques that could compromise sensitive operations.
Universities and research labs teaching AI development use Skill Scanner in courses to demonstrate security best practices, allowing students to analyze skill code for threats like arbitrary execution risks. It provides hands-on learning with real-world examples of malicious patterns in agent ecosystems.
Offer a free basic version for individual users to scan skills locally, with paid tiers providing advanced features like batch scanning, detailed JSON reports, and API access for enterprises. Revenue is generated through subscription plans, targeting businesses that need continuous security monitoring.
License Skill Scanner to AI agent platforms or marketplaces as an embedded security tool, charging a flat fee or revenue share per scan. This model leverages partnerships to reach a broad user base, with revenue tied to platform usage and volume of skill audits conducted.
Provide professional services where security experts use Skill Scanner to conduct in-depth audits for clients, offering tailored reports and remediation advice. Revenue comes from project-based contracts, especially for high-stakes industries needing compliance or incident response support.
💬 Integration Tip
Integrate Skill Scanner into CI/CD pipelines for automated security checks during skill deployment, and use its JSON output to feed into existing monitoring tools for streamlined threat reporting.
Scored Apr 16, 2026
AI Analysis
The skill is a security scanner designed to detect malicious patterns in other skills, and the flagged signals appear to be examples or test patterns used for detection rather than its own malicious behavior. There is no evidence of hidden instructions, credential harvesting, or data exfiltration to unauthorized servers.
Audited Apr 16, 2026 · audit v1.0
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
577+ pattern prompt injection defense. Now with typo-tolerant bypass detection. TieredPatternLoader fully operational. Drop-in defense for any LLM application.