skill-safety-scanner

Scan your installed ClawHub skills for dangerous code patterns — credential harvesting, shell injection, unauthorized network calls, and known malicious signatures. Produces a per-skill safety report with SAFE/WARN/DANGEROUS ratings and one-command removal instructions. Use when you want to audit skills before trusting them, after installing new skills, or after the ClawHub security incident. No data leaves your machine.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skill-safety-scanner" with this command: npx skills add infectit007/skill-safety-scanner

Skill Safety Scanner

Scans every installed skill in your OpenClaw workspace for dangerous code patterns. Produces a per-skill SAFE / WARN / DANGEROUS rating with exact evidence and removal commands.

Why this exists: ~20% of ClawHub skills have been flagged for malicious patterns including credential harvesting, shell injection, and C2 callbacks. This skill surfaces those issues before they can cause damage — using OpenClaw's own built-in scanner, not a third party.

Privacy guarantee: Runs entirely on your machine. Zero network calls. Zero data exfiltration. You can read every line of this skill — it is a single SKILL.md file.

How it works

This skill uses openclaw security audit --deep --json which already scans all installed skills for dangerous patterns. It then parses, formats, and explains the findings per-skill.

No new scanning code. No dependencies. Just OpenClaw's own trusted scanner with better output.

Workflow

1. Run the scanner

openclaw security audit --deep --json

Capture the full JSON output.

2. Extract skill findings

From the JSON, find all entries where id starts with skills. — these are skill-specific findings.

Key finding IDs to look for:

Finding IDMeaning
skills.code_safetyDangerous patterns detected in skill code
skills.untrusted_execSkill executes shell commands
skills.env_harvestingSkill reads env vars AND makes network calls
skills.network_exfilSkill sends data to external hosts
skills.permission_escalationSkill requests elevated permissions

3. Rate each skill

For each installed skill, assign a rating:

RatingCriteria
✅ SAFENo dangerous patterns found
⚠️ WARNShell exec OR env access (not combined) — review source
🔴 DANGEROUSEnv harvesting + network send combined, or known malicious signature

4. Format the report

SKILL SAFETY SCAN — YYYY-MM-DD HH:MM
Scanned: X skills   Safe: X   Warn: X   Dangerous: X

──────────────────────────────────────
🔴 DANGEROUS — [skill-name]
   Path: ~/.openclaw/workspace/skills/[skill-name]
   Issue: [env-harvesting] Reads API keys and sends to external host
   Evidence: [filename]:[line] — [code snippet]
   Action: clawhub uninstall [skill-name]
           rm -rf ~/.openclaw/workspace/skills/[skill-name]

⚠️  WARN — [skill-name]
   Path: ~/.openclaw/workspace/skills/[skill-name]
   Issue: [dangerous-exec] Executes shell commands via child_process
   Evidence: [filename]:[line]
   Action: Review source before use. Remove if not needed:
           clawhub uninstall [skill-name]

✅ SAFE — [skill-name]   (no findings)
──────────────────────────────────────

RECOMMENDATION
[If any DANGEROUS skills]: Remove immediately — treat as compromised.
[If any WARN skills]: Review source at the path above before next use.
[If all SAFE]: Your skill set is clean. Re-scan after any new install.

5. Optional: Auto-remove dangerous skills

If the user confirms, execute removal for DANGEROUS-rated skills:

# For each DANGEROUS skill named [skill-name]:
clawhub uninstall [skill-name] 2>/dev/null
rm -rf ~/.openclaw/workspace/skills/[skill-name]

Always show the command and ask for confirmation before removing anything.

6. Re-scan to confirm

After any removals:

openclaw security audit --deep

Confirm the skills.code_safety finding is gone.

Scheduling

To scan automatically after every new skill install, or on a daily schedule:

openclaw cron add --name "skill-safety-scanner:daily" --cron "0 3 * * *" \
  --prompt "Run the skill-safety-scanner skill and report findings to memory."

What this skill does NOT do

  • Does not send any data to external servers
  • Does not modify any files without explicit confirmation
  • Does not connect to the internet
  • Does not access credentials or API keys
  • Does not install anything
  • Single SKILL.md file — inspect the full source above

Notes

  • Run this scan after every new ClawHub skill install
  • WARN ratings are not always malicious — many legitimate skills use shell exec (e.g., tools that run git or npm). Review the source and make your own judgment.
  • DANGEROUS = env harvesting + network send in the same file. This combination has no legitimate use case in a passive skill.
  • If OpenClaw updates its scanner signatures, re-run this skill to catch newly detected patterns.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

Claude Chrome

Use Claude Code with Chrome browser extension for web browsing and automation tasks. Alternative to OpenClaw's built-in browser tools.

Registry SourceRecently Updated
3.5K0dgriffin831
Coding

App Builder

Build, edit, and deploy Instant-backed apps using npx instant-cli, create-instant-app (Next.js + Codex), GitHub (gh), and Vercel (vercel). Use when asked to create a new app, modify an existing app, fix bugs, add features, or deploy/update an app. Projects live under ~/apps; always work inside the relevant app folder.

Registry SourceRecently Updated
2.9K2stopachka
Coding

Opengraph Io

Extract web data, capture screenshots, scrape content, and generate AI images via OpenGraph.io. Use when working with URLs (unfurling, previews, metadata), capturing webpage screenshots, scraping HTML content, asking questions about webpages, or generating images (diagrams, icons, social cards, QR codes). Triggers: 'get the OG tags', 'screenshot this page', 'scrape this URL', 'generate a diagram', 'create a social card', 'what does this page say about'.

Registry SourceRecently Updated
2.3K6primeobsession
Coding

Xlsx Pro

Compétence pour manipuler les fichiers Excel (.xlsx, .xlsm, .csv, .tsv). Utiliser quand l'utilisateur veut : ouvrir, lire, éditer ou créer un fichier tableur ; ajouter des colonnes, calculer des formules, formater, créer des graphiques, nettoyer des données ; convertir entre formats tabulaires. Le livrable doit être un fichier tableur. NE PAS utiliser si le livrable est un document Word, HTML, script Python standalone, ou intégration Google Sheets.

Registry SourceRecently Updated
2.1K0Profile unavailable