{
  "schemaVersion": "1.0",
  "item": {
    "slug": "openclaw-skill-scanner",
    "name": "OpenClaw Skill Scanner",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/epwhesq/openclaw-skill-scanner",
    "canonicalUrl": "https://clawhub.ai/epwhesq/openclaw-skill-scanner",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/openclaw-skill-scanner",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-skill-scanner",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "SKILL.md",
      "install-hook.sh",
      "report-template.md",
      "scanner.py",
      "whitelist.json"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/openclaw-skill-scanner"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw-skill-scanner",
    "agentPageUrl": "https://openagent3.xyz/skills/openclaw-skill-scanner/agent",
    "manifestUrl": "https://openagent3.xyz/skills/openclaw-skill-scanner/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/openclaw-skill-scanner/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "Skill Scanner",
        "body": "Name: skill-scanner\nVersion: 1.0.0\nAuthor: vrtlly.us\nCategory: Security"
      },
      {
        "title": "Description",
        "body": "Scans ClawHub skills for malicious patterns before and after installation. Detects base64 payloads, reverse shells, data exfiltration, crypto miners, obfuscated URLs, and more."
      },
      {
        "title": "Scan all installed skills",
        "body": "python3 scanner.py"
      },
      {
        "title": "Scan a specific skill",
        "body": "python3 scanner.py --skill <skill-name>"
      },
      {
        "title": "Scan a specific file",
        "body": "python3 scanner.py --file <path-to-file>"
      },
      {
        "title": "Pre-install scan (download → scan → report → cleanup)",
        "body": "python3 scanner.py --pre-install <clawhub-slug>"
      },
      {
        "title": "JSON output",
        "body": "python3 scanner.py --json\npython3 scanner.py --skill <name> --json"
      },
      {
        "title": "Safe install hook",
        "body": "bash install-hook.sh <clawhub-slug>\nbash install-hook.sh <clawhub-slug> --force"
      },
      {
        "title": "Detection Patterns",
        "body": "CategoryWhat it catchesBase64 payloadsLong base64 strings near exec/bash/evalPipe to shellcurl ... | bash, wget ... | shRaw IP connectionshttp://1.2.3.4 style URLsDangerous functionseval(), exec(), os.system(), subprocess(shell=True)Hidden filesDotfile creation in unexpected placesEnv exfiltrationReading .env, API keys sent outboundObfuscated URLsrentry.co, pastebin, hastebin redirectorsFake dependenciesReferences to non-existent packagesData exfil endpointswebhook.site, requestbin, etc.Crypto miningxmrig, stratum, mining pool referencesPassword archivesPassword-protected zip/tar downloads"
      },
      {
        "title": "Risk Scores",
        "body": "0-29 (Green): Clean — no suspicious patterns found\n30-69 (Yellow): Suspicious — review warnings before use\n70-100 (Red): Dangerous — likely malicious, do not install"
      },
      {
        "title": "Files",
        "body": "scanner.py — Main scanner engine\ninstall-hook.sh — Safe installation wrapper\nwhitelist.json — Known-good and known-bad skill lists\nreport-template.md — Markdown report template"
      }
    ],
    "body": "Skill Scanner\n\nName: skill-scanner Version: 1.0.0 Author: vrtlly.us Category: Security\n\nDescription\n\nScans ClawHub skills for malicious patterns before and after installation. Detects base64 payloads, reverse shells, data exfiltration, crypto miners, obfuscated URLs, and more.\n\nUsage\nScan all installed skills\npython3 scanner.py\n\nScan a specific skill\npython3 scanner.py --skill <skill-name>\n\nScan a specific file\npython3 scanner.py --file <path-to-file>\n\nPre-install scan (download → scan → report → cleanup)\npython3 scanner.py --pre-install <clawhub-slug>\n\nJSON output\npython3 scanner.py --json\npython3 scanner.py --skill <name> --json\n\nSafe install hook\nbash install-hook.sh <clawhub-slug>\nbash install-hook.sh <clawhub-slug> --force\n\nDetection Patterns\nCategory\tWhat it catches\nBase64 payloads\tLong base64 strings near exec/bash/eval\nPipe to shell\tcurl ... | bash, wget ... | sh\nRaw IP connections\thttp://1.2.3.4 style URLs\nDangerous functions\teval(), exec(), os.system(), subprocess(shell=True)\nHidden files\tDotfile creation in unexpected places\nEnv exfiltration\tReading .env, API keys sent outbound\nObfuscated URLs\trentry.co, pastebin, hastebin redirectors\nFake dependencies\tReferences to non-existent packages\nData exfil endpoints\twebhook.site, requestbin, etc.\nCrypto mining\txmrig, stratum, mining pool references\nPassword archives\tPassword-protected zip/tar downloads\nRisk Scores\n0-29 (Green): Clean — no suspicious patterns found\n30-69 (Yellow): Suspicious — review warnings before use\n70-100 (Red): Dangerous — likely malicious, do not install\nFiles\nscanner.py — Main scanner engine\ninstall-hook.sh — Safe installation wrapper\nwhitelist.json — Known-good and known-bad skill lists\nreport-template.md — Markdown report template"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/epwhesq/openclaw-skill-scanner",
    "publisherUrl": "https://clawhub.ai/epwhesq/openclaw-skill-scanner",
    "owner": "epwhesq",
    "version": "1.0.0",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/openclaw-skill-scanner",
    "downloadUrl": "https://openagent3.xyz/downloads/openclaw-skill-scanner",
    "agentUrl": "https://openagent3.xyz/skills/openclaw-skill-scanner/agent",
    "manifestUrl": "https://openagent3.xyz/skills/openclaw-skill-scanner/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/openclaw-skill-scanner/agent.md"
  }
}