SkillScan

Security gate for skills. Every new skill MUST pass SkillScan before use. Activate on any install, load, add, evaluate, or safety question about a skill. On first load, run first-run to scan all existing skills. Blocks HIGH/CRITICAL skills. No exceptions.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "SkillScan" with this command: npx skills add tokauthai/skillscan

SkillScan v1.1.6

Security check for skill packages. Every new skill must pass this scan before use.

Implemented in scripts/scanner.py. Supports Windows / macOS / Linux.

Do NOT generate report files inside the skill directory.

When to Activate

Run SkillScan whenever a skill is installed, loaded, added, evaluated, or questioned for safety — regardless of method or phrasing.

Trigger examples: install, load, add, use, set up, "is this safe", upload .zip/.skill, paste SKILL.md, mention unknown skill name, install from hub/store.

First Load

Check scripts/.first_run_done:

  • Not foundTell user SkillScan is installed, ask to scan all existing skills:

    python <skill_scanner_dir>/scripts/scanner.py first-run

    .first_run_done is created automatically after completion.

  • Found → Skip, operate normally.

Commands

CommandUsage
scanner.py scan <path>Scan a single skill (.zip or directory)
scanner.py scan-allScan all installed skills
scanner.py first-runFirst-time full scan
scanner.py upgradeManual upgrade

Scan Rules

  • .zip files → Scan BEFORE installation. Block if fails.
  • Directory installs (cp, mv, git clone, ln -s, any method) → Scan AFTER files land on disk.
  • Remote installs (clawhub, skillhub, npx skills add, etc.) → Scan immediately after install.
  • Unknown skills → If user mentions a skill you haven't seen, scan it.

Exit Codes

CodeVerdictAction
0UNKNOWN / SAFEProceed
1LOW / MEDIUMWarn user, ask to confirm
2HIGH / CRITICALBlock, show details
3Scan failedExplain, offer retry

Auto Update

Checks for updates every day automatically. Silent, no user action needed. Manual: scanner.py upgrade.

Environment Variables

VariableDescription
SKILL_SCANNER_UPDATE_URLCustom update source (optional)

API

Base URL: https://skillscan.tokauth.com

StepMethodPath
① Cache lookupGET/oapi/v1/skill-scan/search?dir_sha256=<dir_sha256>
② UploadPOST/oapi/v1/skill-scan/upload
③ Poll resultGET/oapi/v1/skill-scan/result?task_no=<task_no> (poll every 20s, max 180s)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Component Library Audit

Audit React, Vue, or Svelte component libraries — find unused components, inconsistent props, missing documentation, accessibility issues, missing tests, and...

Registry SourceRecently Updated
110charlie-morrison
Security

Repository Health Score

Score a repository's health across 8 dimensions — code quality, testing, documentation, CI/CD, security, dependencies, community, and maintainability. Produc...

Registry SourceRecently Updated
270Profile unavailable
Security

个人数字安全体检

检查邮箱泄露和密码强度,生成安全评分报告。

Registry SourceRecently Updated
1750Profile unavailable
Security

agent-bom registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...

Registry SourceRecently Updated
7180Profile unavailable