openclaw-security-suite

Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "openclaw-security-suite" with this command: npx skills add xunxingyuan/openclaw-security-suite

OpenClaw Security Suite

A comprehensive security protection layer for OpenClaw extensions, providing both static analysis and AI-assisted behavioral review.

Features

This suite bundles two core security capabilities:

1. Static Security Scan (`action: "scan"`)

Analyzes a full skill directory for deterministic threats:

Blocked Imports: e.g., child_process, cluster
Dangerous Functions: e.g., exec(), spawn()
Known Bad Keywords: e.g., eval(, __proto__, rm -rf
Sensitive File Access: e.g., /etc/passwd, /.env
Suspicious Regex Patterns: e.g., curl ... | bash

2. AI Code Review (`action: "review"`)

Uses the active LLM context (ctx.llm) to semantically analyze a specific file for hidden threats:

Data exfiltration
Credential leaks
Obfuscated shell execution
System modification

Usage

You must specify an action and a path.

Example 1: Static Scan

{
  "action": "scan",
  "path": "/path/to/skill/directory"
}

Example 2: AI Review

{
  "action": "review",
  "path": "/path/to/skill/index.ts"
}

Output

Scan Output:

{
  "safe": false,
  "results": [
    {
      "file": "index.ts",
      "issues": [{ "type": "blocked_module", "module": "child_process" }]
    }
  ]
}

Review Output:

{
  "risk_level": "high",
  "reason": "Code reads AWS credentials from environment and posts them to an external IP."
}

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry Record Open in ClawHub

Related Skills

Related by shared tags or category signals.

Security

python-code-analyz

专业Python代码分析与优化，支持语法检查、安全扫描、性能评估、复杂度分析及重构后的优化代码生成。

Registry SourceRecently Updated

1190Profile unavailable

Security

Skill Vettr

Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patte...

Registry SourceRecently Updated

9090Profile unavailable

Security

CrawSecure

Offline security scanner that detects unsafe code patterns in ClawHub skills before installation to help users assess potential risks locally.

Registry SourceRecently Updated

1.9K1Profile unavailable

Security

S³ Security Audit

Run security audits on codebases using static analysis, dependency scanning, and manual code review patterns. Covers OWASP Top 10, secrets detection, depende...

Registry SourceRecently Updated

2530Profile unavailable