๐Ÿ”
12917 skills
โ† All skills
Tencent SkillHub ยท Security & Compliance

AI Skill Scanner

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

โฌ‡ 0 downloads โ˜… 0 stars Unverified but indexed

Install for OpenClaw

Item requires authentication.

This item appears to require sign-in or permission before the package can be fetched. Open the source page and confirm access manually.

Quick setup
  1. Open the source page and confirm the required access before downloading.
  2. Review SKILL.md after the source grants access.
  3. Treat the package as manual setup until the direct download works.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Manual review
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
SKILL.md, references/rules.md, scripts/advanced_checks.py, scripts/scan.py

Validation

  • Sign in or confirm the required access before retrying the download.
  • Review SKILL.md after authentication succeeds.
  • Treat this source as manual setup until the package can be fetched directly.

Install with your agent

Agent handoff

Use the source page and any available docs to guide the install because the item requires authentication or permission before the package can be fetched.

  1. Open the source page via Open source page.
  2. If you can obtain the package, extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the source page and extracted files.
New install

I tried to install a skill package from Yavira, but the item requires authentication or permission before the package can be fetched. Inspect the source page and any extracted docs, then tell me what you can confirm and any manual steps still required.

Upgrade existing

I tried to upgrade a skill package from Yavira, but the item requires authentication or permission before the package can be fetched. Compare the source page and any extracted docs with my current installation, then summarize what changed and what manual follow-up I still need.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
2.1.0

Documentation

ClawHub primary doc Primary doc: SKILL.md 7 sections Open source page

Skill Security Scanner

Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.

Quick Start

# Scan a local skill folder python3 scripts/scan.py /path/to/skill # Verbose output (show matched lines) python3 scripts/scan.py /path/to/skill --verbose # JSON output (for automation) python3 scripts/scan.py /path/to/skill --json

Workflow: Scan Before Install

Download or locate the skill folder Run python3 scripts/scan.py <skill-path> --verbose Review findings by severity (CRITICAL/HIGH = do not install) Report results to user with recommendation

Score Interpretation

ScoreMeaningRecommendationCLEANNo issues foundSafe to installINFOMinor notes onlySafe to installREVIEWMedium-severity findingsReview manually before installingSUSPICIOUSHigh-severity findingsDo NOT install without thorough manual reviewDANGEROUSCritical findings detectedDo NOT install โ€” likely malicious

Exit Codes

0 = CLEAN/INFO 1 = REVIEW 2 = SUSPICIOUS 3 = DANGEROUS

Rules Reference

See references/rules.md for full list of detection rules, severity levels, and whitelisted domains.

Limitations

Pattern-based detection โ€” cannot catch all obfuscation techniques No runtime analysis โ€” only static scanning False positives possible for legitimate tools that access network/files Always combine with manual review for HIGH/MEDIUM findings

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
2 Docs2 Scripts
  • SKILL.md Primary doc
  • references/rules.md Docs
  • scripts/advanced_checks.py Scripts
  • scripts/scan.py Scripts

Related skills

Tencent SkillHub Free

1-SEC: All-in-One Cybersecurity for AI Agent Hosts

Install, configure, and manage 1-SEC โ€” an open-source, all-in-one cybersecurity platform (16 modules, single binary) on Linux servers and VPS instances. Use...

Security & Compliance skill openclaw
Tencent SkillHub Free

A SecOps expert to handle security issues, ensure that protections are in place and collect evidence for security analysis. The Skill also contains skill integrity checks.

Perform SecOps endpoint checks for EDR, Sysmon, updates, EVTX alerts, least privilege, network exposure, credential protection, vulnerabilities, weekly asses...

Security & Compliance skill openclaw
Tencent SkillHub Free

AI Compliance Readiness Assessment

AI Compliance Readiness Assessment โ€” evaluate how prepared an organization is for AI governance regulations (EU AI Act, NIST AI RMF, HHS mandates, state bar...

Security & Compliance skill openclaw