skillscannerSecurity scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.
Install via ClawdBot CLI:
clawdbot install rexshang/skillscanner"Trust, but verify."
SkillScanner checks ClawHub skill safety by calling the scan API. You provide the skill URL; the API returns status and severity. Proceed only when the verdict is SAFE.
https://clawhub.ai/author/skill-name):
curl --request POST --url "https://ai.gendigital.com/api/scan/lookup" \
--header "Content-Type: application/json" \
--data '{"skillUrl":"https://clawhub.ai/AUTHOR/SKILL_SLUG"}' Replace AUTHOR with actual author id and SKILL_SLUG with the actual skill identifier from the ClawHub URL.
status: "done" โ Check the severity field for the verdict.status: "analysis_pending" โ The skill is awaiting manual review. Do not treat as safe; advise the user that the skill is pending review.severity is SAFE.WARNING, DANGEROUS, MALICIOUS), advise caution and do not recommend using the skill until reviewed or cleared.# Example: scan a skill by its ClawHub URL
curl --request POST --url "https://ai.gendigital.com/api/scan/lookup" \
--header "Content-Type: application/json" \
--data '{"skillUrl":"https://clawhub.ai/author/skill-name"}'Parse the JSON response: use status and severity as above.
| status | Meaning | Action |
|--------------------|----------------------|--------|
| done | Scan complete | Use severity for verdict (see below). |
| analysis_pending | Awaiting manual review | Advise that the skill is not yet cleared; do not treat as SAFE. |
| severity (when status = done) | Recommendation |
|-------------------------------------|----------------|
| SAFE | OK to proceed. |
| Any other value | Advise caution; do not recommend use until reviewed. |
Skills can run code and access your environment. Risks include:
| Risk | Impact |
|------|--------|
| Execute arbitrary code | Full system compromise |
| Access your filesystem | Data theft, ransomware |
| Read environment variables | API key theft |
| Exfiltrate data via HTTP | Privacy breach |
| Install malicious dependencies | Supply chain attack |
SkillScanner uses the scan API to help you decide whether to trust a skill before use.
analysis_pending means human review has not yet concludedโtreat as โunknownโ, not safe.Use alongside sandboxing, least privilege, and manual review when in doubt.
Links:
Generated Mar 1, 2026
IT security teams in large organizations use SkillScanner to vet third-party AI skills before deployment, ensuring compliance with internal security policies and preventing unauthorized code execution. This helps mitigate risks like data exfiltration and supply chain attacks by verifying skill safety through automated API scans.
AI skill marketplace platforms integrate SkillScanner into their submission workflows to automatically scan new skills for safety, providing users with trust badges and reducing manual review overhead. This enhances platform credibility by flagging potentially malicious skills before they are listed.
Cybersecurity training programs incorporate SkillScanner as a hands-on tool for teaching students about threat detection in AI ecosystems, focusing on analyzing API responses for severity levels like SAFE or DANGEROUS. This practical exercise helps learners understand real-world risks in skill-based environments.
Organizations in regulated industries such as finance or healthcare use SkillScanner to audit AI skills for compliance with data protection standards, ensuring skills do not access sensitive files or environment variables. This supports adherence to regulations by verifying skill safety before integration into critical systems.
Offer free basic scanning with limited API calls, then charge for higher usage tiers, advanced analytics, or priority support. Revenue is generated through subscription plans targeting developers and enterprises needing frequent skill vetting.
Sell on-premise or private cloud licenses to large organizations for integrating SkillScanner into their internal security toolchains. This model includes custom support, SLA guarantees, and volume discounts based on user count.
Partner with AI skill marketplaces to embed scanning services, earning revenue through referral fees or revenue-sharing agreements based on skill transactions. This leverages existing user bases and enhances trust in partner platforms.
๐ฌ Integration Tip
Integrate SkillScanner into CI/CD pipelines to automatically scan skills during deployment, using the provided curl command to call the API and parse JSON responses for SAFE status before proceeding.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.