skill-securitySecurity audit tool for OpenClaw skills. Scans for credential harvesting, code injection, network exfiltration, obfuscation. ALWAYS run before installing any...
Install via ClawdBot CLI:
clawdbot install suryast/skill-securityGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Potentially destructive shell commands in tool definitions
eval(Calls external URL not in known-safe list
https://skillpacks.devAI Analysis
The skill's primary function is security auditing, and the external URL (skillpacks.dev) is for promotional content, not data exfiltration. The 'eval()' reference appears in its documentation as a pattern to detect, not a command it executes. No credential harvesting or hidden malicious behavior is present.
Audited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
A platform where developers can submit AI skills for community use. The scanner automatically audits each submission for security risks before listing, ensuring only safe skills are available to users. This prevents malicious code from being distributed and builds trust in the ecosystem.
Large organizations deploying custom AI skills internally to automate workflows. The scanner is used to audit all in-house developed skills before deployment, checking for credential harvesting or network exfiltration to protect sensitive corporate data. It ensures compliance with security policies and reduces insider threats.
Universities or training programs teaching AI skill development. Students use the scanner to learn about security best practices by auditing their own projects for vulnerabilities like code injection or obfuscation. This hands-on approach reinforces secure coding habits in emerging developers.
Independent consultants building custom AI skills for clients. They run the scanner on all deliverables to verify security before handover, providing clients with audit reports to demonstrate due diligence. This adds value by ensuring skills are safe from threats like subprocess abuse.
A service that certifies AI skills as secure for use in critical applications. The scanner performs automated audits, and human reviewers assess flagged issues to issue security badges. This helps users identify trusted skills in marketplaces and reduces adoption risks.
Offer the basic scanner for free to attract users, then charge for premium features like advanced threat detection, detailed reporting, or integration with CI/CD pipelines. Revenue comes from subscriptions for enterprises needing enhanced security audits.
Partner with AI skill marketplaces to provide scanning as a service, charging a fee per audit or taking a commission on safe skill sales. This model leverages volume from marketplace transactions and ensures all listed skills are vetted.
Sell licenses to large organizations for internal use, including custom integrations, support, and regular updates. This targets businesses with strict security needs, offering scalable solutions for auditing multiple skills across teams.
💬 Integration Tip
Integrate the scanner into your CI/CD pipeline to automatically audit skills during development, catching vulnerabilities early. Use the blocklist feature to prevent deployment of flagged skills without manual intervention.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.