Neckr0ik Security Scanner

Skill Security Audit

Scan OpenClaw skills for security vulnerabilities before installation or publication.

Quick Start

# Audit a single skill
skill-security-audit audit /path/to/skill-folder
Audit all installed skills
skill-security-audit audit-all
Generate security report
skill-security-audit report /path/to/skill-folder --format json

What This Detects

Critical Issues (Block Installation)

| Issue | Description | Risk Level | |-------|-------------|------------| | Hardcoded Secrets | API keys, tokens, passwords in code | Critical | | Shell Injection | Unsanitized input to shell commands | Critical | | Code Execution | eval(), exec(), dynamic code execution | Critical | | Unauthorized Network | Calls to unknown/suspicious domains | Critical |

High Issues (Review Required)

| Issue | Description | Risk Level | |-------|-------------|------------| | Prompt Injection | User input in system prompts without sanitization | High | | File Path Traversal | Unchecked file paths from user input | High | | Excessive Permissions | Requests unnecessary system access | High |

Medium Issues (Warnings)

| Issue | Description | Risk Level | |-------|-------------|------------| | Outdated Dependencies | Packages with known CVEs | Medium | | Unpinned Versions | Floating dependency versions | Medium | | Missing License | No license file for distribution | Medium |

Security Patterns

Good Pattern: Environment Variables

# CORRECT: Load secrets from environment
import os
api_key = os.environ.get("OPENAI_API_KEY")

Bad Pattern: Hardcoded Secrets

# DANGEROUS: Secret in code
api_key = "sk-abc123def456..."  # NEVER DO THIS

Good Pattern: Sanitized Input

# CORRECT: Validate and sanitize
import re
def safe_filename(name):
    return re.sub(r'[^a-zA-Z0-9_-]', '', name)

Bad Pattern: Shell Injection

# DANGEROUS: User input to shell
os.system(f"convert {user_file} output.png")  # NEVER DO THIS

Running Audits

Important: Self-Scan Results

When running skill-security-audit audit skill-security-audit/, you will see findings for the pattern definitions themselves. This is expected — the scanner detects the example patterns in its own documentation. These are not real vulnerabilities.

For actual skill audits, this produces accurate results.

Single Skill Audit

skill-security-audit audit ./my-skill/

Output:

Batch Audit (All Installed Skills)

skill-security-audit audit-all

Scans ~/.openclaw/skills/ and reports on all installed skills.

Report Formats

# JSON for CI/CD integration
skill-security-audit audit ./skill/ --format json
Markdown for documentation
skill-security-audit audit ./skill/ --format markdown
Summary for quick review
skill-security-audit audit ./skill/ --format summary

CI/CD Integration

Add to your skill publishing pipeline:

# .github/workflows/publish.yml
name: Security Audit
  run: skill-security-audit audit ./skill/

Exit codes:

Publishing Secure Skills

Before publishing to ClawHub:

1. Run skill-security-audit audit ./your-skill/ 2. Fix all critical and high issues 3. Document any required secrets in README 4. Include .env.example with placeholder values 5. Re-run audit to confirm clean

See Also

# Audit a single skill
skill-security-audit audit /path/to/skill-folder
Audit all installed skills
skill-security-audit audit-all
Generate security report
skill-security-audit report /path/to/skill-folder --format json