openclaw-security-suite

Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "openclaw-security-suite" with this command: npx skills add xunxingyuan/openclaw-security-suite

OpenClaw Security Suite

A comprehensive security protection layer for OpenClaw extensions, providing both static analysis and AI-assisted behavioral review.

Features

This suite bundles two core security capabilities:

1. Static Security Scan (action: "scan")

Analyzes a full skill directory for deterministic threats:

  • Blocked Imports: e.g., child_process, cluster
  • Dangerous Functions: e.g., exec(), spawn()
  • Known Bad Keywords: e.g., eval(, __proto__, rm -rf
  • Sensitive File Access: e.g., /etc/passwd, /.env
  • Suspicious Regex Patterns: e.g., curl ... | bash

2. AI Code Review (action: "review")

Uses the active LLM context (ctx.llm) to semantically analyze a specific file for hidden threats:

  • Data exfiltration
  • Credential leaks
  • Obfuscated shell execution
  • System modification

Usage

You must specify an action and a path.

Example 1: Static Scan

{
  "action": "scan",
  "path": "/path/to/skill/directory"
}

Example 2: AI Review

{
  "action": "review",
  "path": "/path/to/skill/index.ts"
}

Output

Scan Output:

{
  "safe": false,
  "results": [
    {
      "file": "index.ts",
      "issues": [{ "type": "blocked_module", "module": "child_process" }]
    }
  ]
}

Review Output:

{
  "risk_level": "high",
  "reason": "Code reads AWS credentials from environment and posts them to an external IP."
}

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Skill Vettr

Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patte...

Registry SourceRecently Updated
0514
Profile unavailable
Security

CrawSecure

Offline security scanner that detects unsafe code patterns in ClawHub skills before installation to help users assess potential risks locally.

Registry SourceRecently Updated
11.6K
Profile unavailable
Security

Security Guardian

Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides...

Registry SourceRecently Updated
0585
Profile unavailable