skill-scanner-pro

Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skill-scanner-pro" with this command: npx skills add GravityPoet/skill-scanner-pro

Skill-Scanner-Pro

Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns. Pro enhanced edition.

Enhanced Edition (0.1.3)

  • Fixed Web UI scan result rendering and export compatibility
  • Reduced false positives in docs by limiting Markdown/RST scan scope to fenced code blocks
  • Reduced scanner self-trigger noise (pattern definitions/comments)
  • Skips noisy directories and oversized/binary files for cleaner output

Capabilities

  • Scan skill folders for security threats
  • Detect data exfiltration patterns
  • Identify system modification attempts
  • Catch crypto-mining indicators
  • Flag arbitrary code execution risks
  • Find backdoors and obfuscation techniques
  • Output reports in Markdown or JSON format
  • Provide Web UI via Streamlit

Usage

Command Line

python skill_scanner.py /path/to/skill-folder

Within Clawdbot

"Scan the [skill-name] skill for security issues using skill-scanner-pro"
"Use skill-scanner-pro to check the youtube-watcher skill"
"Run a security audit on the remotion skill"

Web UI

pip install streamlit
streamlit run streamlit_ui.py

Requirements

  • Python 3.7+
  • No additional dependencies (uses Python standard library)
  • Streamlit (optional, for Web UI)

Entry Point

  • CLI: skill_scanner.py
  • Web UI: streamlit_ui.py

Tags

#security #malware #spyware #crypto-mining #scanner #audit #code-analysis #mcp #clawdbot #agent-skills #safety #threat-detection #vulnerability

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

aig-scanner

Comprehensive OpenClaw security scanning powered by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). Use when the user asks to start a security health check or sec...

Registry SourceRecently Updated
0138
boy-hack
Security

Dataset Intake Auditor

在新数据集接入前检查字段、单位、缺失率、异常值与可用性。;use for data, dataset, audit workflows;do not use for 伪造统计结果, 替代正式数据治理平台.

Registry SourceRecently Updated
02
Profile unavailable
Security

Session Password

Provides secure session authentication using bcrypt-hashed passwords, security questions, email recovery, and lockout protection with audit logging.

Registry SourceRecently Updated
118
Profile unavailable