skill-scanner

Scan OpenClaw skills for security vulnerabilities before installing them. Use when evaluating a new skill from ClawHub or any third-party source. Detects credential stealers, data exfiltration, malicious URLs, obfuscated code, and supply chain attacks.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skill-scanner" with this command: npx skills add Trypto1019/arc-skill-scanner

Skill Scanner

Scan OpenClaw skills for security issues before you install them. 341 malicious skills were found on ClawHub — don't be the next victim.

Why This Exists

The ClawHub marketplace had 22-26% of skills flagged as containing vulnerabilities. Common attacks include:

  • Credential stealers disguised as benign plugins
  • Typosquatting (fake names similar to popular skills)
  • Data exfiltration via hidden HTTP requests
  • Obfuscated code hiding malicious payloads
  • Prompt injection via SKILL.md content

Commands

Scan a local skill directory

python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/

Scan a SKILL.md file directly

python3 {baseDir}/scripts/scanner.py scan --file ./SKILL.md

Scan with verbose output

python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/ --verbose

Scan all installed skills

python3 {baseDir}/scripts/scanner.py scan-all

Scan with binary checksum verification

python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/ --checksum checksums.json

Generate checksums for binary assets

python3 {baseDir}/scripts/scanner.py checksum --path ~/.openclaw/skills/some-skill/ -o checksums.json

Verify checksums against a manifest

python3 {baseDir}/scripts/scanner.py checksum --path ~/.openclaw/skills/some-skill/ --verify checksums.json

Output as JSON

python3 {baseDir}/scripts/scanner.py scan --path ./skill-dir/ --json

What It Checks

SKILL.md Analysis

  • Suspicious URLs (non-HTTPS, IP addresses, URL shorteners)
  • Prompt injection patterns (hidden instructions, override attempts)
  • Requests for credentials, API keys, or tokens
  • Obfuscated or encoded content (base64, hex, unicode escapes)

Script Analysis

  • Network calls (curl, wget, requests, urllib, fetch)
  • File system writes outside expected paths
  • Environment variable access (credential harvesting)
  • Shell command execution (os.system, subprocess, exec)
  • Obfuscated strings (base64 decode, eval, exec)
  • Data exfiltration patterns (POSTing to external URLs)
  • Cryptocurrency wallet patterns
  • Known malicious domains
  • Dynamic instruction fetching (remote .md/.yaml/.json downloads)
  • Fetch-and-execute patterns (remote code execution)
  • Telemetry leaks (printenv, logging env vars/configs/secrets to stdout)
  • Binary/asset risks (prebuilt executables, compiled code, library injection)
  • Shell=True in subprocess calls (RCE risk)
  • Path traversal patterns (directory escape via ../ sequences)

Name Analysis

  • Typosquatting detection (compares against known popular skills)
  • Edit distance calculation to catch misspellings and character swaps

Binary/Asset Checksum Verification

  • SHA-256 checksums for all binary files (.exe, .dll, .so, .wasm, .pyc, etc.)
  • Generate checksum manifests for trusted skill versions
  • Verify binaries against expected checksums on update
  • Flags unverified binaries and checksum mismatches (tampering detection)

Metadata Analysis

  • Excessive permission requirements
  • Suspicious install scripts
  • Env requirements that seem unnecessary

Risk Levels

  • CRITICAL — Almost certainly malicious. Do NOT install.
  • HIGH — Likely malicious or extremely risky. Manual review required.
  • MEDIUM — Suspicious patterns found. Review before installing.
  • LOW — Minor concerns. Probably safe but worth checking.
  • CLEAN — No issues detected. Safe to install.

Tips

  • Always scan before installing ANY third-party skill
  • Even "CLEAN" results aren't a guarantee — this catches known patterns
  • If a skill needs network access, verify the domains it contacts
  • Cross-reference skill names with known typosquats
  • When in doubt, read the source code yourself

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Skill Guardian

Safely manage your AI skill collection with trust scoring, security vetting, delayed auto-updates, and pending periods for new skills. Use when adding new sk...

Registry SourceRecently Updated
013
Profile unavailable
Security

AgentShield Scanner

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

Registry SourceRecently Updated
066
Profile unavailable
Security

Security Check

🔒 Pre-installation security verification for external code and dependencies. Automated risk analysis for GitHub repos, npm packages, PyPI libraries, and she...

Registry SourceRecently Updated
0104
Profile unavailable