skill-security-scannerScan OpenClaw skills for security risks, suspicious permissions, and provide a trust score to help evaluate skill safety before use or installation.
Install via ClawdBot CLI:
clawdbot install steffano198/skill-security-scannerGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
~/.aws/credentialsSends data to undocumented external endpoint (potential exfiltration)
POST → https://SUSPICIOUS-DOMAIN/exfilCalls external URL not in known-safe list
https://SUSPICIOUS-DOMAIN/exfilAI Analysis
The skill contains direct evidence of credential access targeting ~/.aws/credentials and sends data to an undocumented external endpoint labeled as a potential exfiltration channel. These actions constitute active data harvesting and exfiltration, which are severe security violations.
Audited Apr 16, 2026 · audit v1.0
Generated Mar 20, 2026
Users or organizations can use the skill to scan new skills from ClawHub before installation, identifying security risks like suspicious permissions or code patterns to prevent deploying malicious tools in their AI agent ecosystem.
IT or security teams can schedule automated scans of all installed skills to ensure ongoing compliance with security policies, detect vulnerabilities from updates, and maintain a secure AI environment.
AI developers and researchers can leverage the skill to evaluate the safety of third-party skills, using trust scores and detailed reports to make informed decisions when integrating external tools into their projects.
After security incidents like ClawHavoc, teams can use the skill to audit existing skills for malicious patterns, identify compromised tools, and generate reports for remediation and documentation.
Open-source communities or platform maintainers can integrate the skill to scan skills shared in repositories, flagging high-risk patterns to protect users and improve overall ecosystem security.
Offer basic scanning features for free to attract users, with premium tiers providing advanced analytics, automated reporting, and integration with enterprise systems for recurring subscription revenue.
Package the skill as part of a larger security suite for organizations, including features like centralized dashboards, compliance tracking, and support services, sold through licensing agreements.
Provide professional services where experts use the skill to conduct in-depth security audits for clients, offering customized reports, remediation advice, and training sessions for project-based fees.
💬 Integration Tip
Integrate with memory skills to log and recall trust scores over time, enhancing decision-making and reducing repetitive scans for known skills.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...