AURA Security Scanner

Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "AURA Security Scanner" with this command: npx skills add aurasecurity-creator/aura-security-scanner

AURA Security Scanner

Protect your AI agent from malicious skills. Scan any OpenClaw, Claude MCP, or LangChain skill before installation.

What It Detects

  • Malware Patterns - Credential theft, file exfiltration, crypto miners, backdoors
  • Prompt Injection - Attempts to override system instructions or jailbreak agents
  • Permission Issues - Overly broad filesystem, network, or execution permissions
  • Suspicious Networks - Connections to known exfiltration domains (webhook.site, etc.)
  • Obfuscated Code - Base64/hex encoded execution, dynamic eval patterns

Usage

Ask me to scan a skill before you install it:

"Scan this skill for security issues: https://github.com/user/cool-skill"

"Is this skill safe? https://github.com/example/mcp-tool"

"Check https://clawhub.xyz/skill/weather-api for malware"

Verdicts

VerdictRisk ScoreMeaning
SAFE0-20No issues found, safe to install
WARNING21-50Minor concerns, review before installing
DANGEROUS51-80Significant risks detected, avoid
BLOCKED81-100Critical threats, do not install

AURA Verified Badge

Skills with a SAFE verdict can display the AURA Verified badge, showing users they've been scanned and approved.

Examples

Safe Skill Response

AURA Skill Scan: weather-api

Verdict: SAFE
Risk Score: 5/100
AURA Verified: Yes

Summary: Clean skill with minimal permissions.
Requests only weather API access.

Recommendation: Safe to install.

Dangerous Skill Response

AURA Skill Scan: suspicious-helper

Verdict: DANGEROUS
Risk Score: 78/100
AURA Verified: No

Findings:
- CRITICAL: Accesses SSH keys (~/.ssh/id_rsa)
- HIGH: Sends data to webhook.site
- HIGH: Runs eval() on decoded base64

Recommendation: Do not install. Contains credential
theft and data exfiltration patterns.

API

This skill calls the AURA Security API:

POST https://api.aurasecurity.io/scan-skill
{
  "skillUrl": "https://github.com/user/skill",
  "format": "auto",
  "includeRepoTrust": true
}

About AURA

AURA (Agent Universal Reputation & Assurance) provides security infrastructure for the AI agent ecosystem. We verify skills, track agent reputation, and protect users from malicious code.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

GauntletScore

Trust verification for AI output — verify any document or code before you act on it

Registry SourceRecently Updated
3010Profile unavailable
Security

Bank of Bots

Trust scoring for AI agents. Log transactions and submit payment proofs to build a verifiable BOB Score — a trust score (think FICO but for AI Agents) that o...

Registry SourceRecently Updated
2590Profile unavailable
Security

GEO Content Guard

Detects GEO/SEO soft articles, synthetic promotion pages, abnormal brand mention density, and low-credibility sources in external web content. Use when OpenC...

Registry SourceRecently Updated
2570Profile unavailable
Security

AgentTrust — Security Scanner for AI Skills

Scan AI skills for malware, injections, data leaks, verify integrity, and check agent wallet reputation without API keys or accounts.

Registry SourceRecently Updated
760Profile unavailable