Openclaw Skill Tools
by @krishnakumarmahadevan-cmd
Generate and security-scan OpenClaw SKILL.md files. Use when creating new OpenClaw skills, scanning skills for security vulnerabilities like prompt injection...
clawhub install openclaw-skill-toolsπ About This Skill
name: openclaw-skill-tools description: Generate and security-scan OpenClaw SKILL.md files. Use when creating new OpenClaw skills, scanning skills for security vulnerabilities like prompt injection or data exfiltration, auditing ClawHub skills before installation, or building agent skill packages. version: 1.0.0 homepage: https://portal.toolweb.in metadata: openclaw: emoji: "π¦" requires: env: - TOOLWEB_API_KEY bins: - curl primaryEnv: TOOLWEB_API_KEY os: - linux - darwin - win32 category: security
OpenClaw Skill Generator & Security Scanner π¦π§
Two-in-one tool for the OpenClaw ecosystem: (1) Generate professional SKILL.md files from a description, and (2) Security-scan existing skills for prompt injection, data exfiltration, credential theft, permission abuse, and scope creep. Essential for both skill authors and users who want to vet skills before installing.
Built by a CISSP/CISM certified security professional at ToolWeb.in
When to Use
Skill Generator:
Security Scanner:
Prerequisites
TOOLWEB_API_KEY β Get your API key from portal.toolweb.incurl must be available on the systemCRITICAL: Always Call the API
API Endpoints
Generate Skill:
POST https://portal.toolweb.in/apis/tools/openclaw
Path: /generate-skillScan Skill:
POST https://portal.toolweb.in/apis/tools/openclaw
Path: /scan-skillWorkflow β Generate Skill
1. Gather inputs:
- name β Skill name in kebab-case (e.g., "my-awesome-skill")
- description β What the skill does (used for agent activation)
- detail β Extended description with more context (optional)
- triggers β List of trigger phrases, e.g., ["when user asks to...", "when user mentions..."] (optional)
- primary_env β Main environment variable needed (optional, e.g., "MY_API_KEY")
- env_vars β Additional env vars needed (optional)
- bins β Required CLI binaries (optional, e.g., ["curl", "jq"])
- version β Version string (default: "1.0.0")
2. Call the API:
curl -s -X POST "https://portal.toolweb.in/apis/tools/openclaw" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"name": "",
"description": "",
"detail": "",
"triggers": ["", ""],
"primary_env": "",
"env_vars": ["", ""],
"bins": ["curl"],
"version": "1.0.0"
}'
3. Present the generated SKILL.md content to the user.
Workflow β Scan Skill
1. Get the skill content:
- content β The full SKILL.md text to scan
- scan_depth β "quick", "standard", or "deep" (default: "deep")
- context β Additional context about the skill (optional)
Security checks (all true by default):
- check_injection β Scan for prompt injection patterns
- check_exfil β Scan for data exfiltration attempts
- check_creds β Scan for credential harvesting
- check_perms β Scan for excessive permission requests
- check_meta β Scan metadata for anomalies
- check_scope β Scan for scope creep beyond stated purpose
2. Call the API:
curl -s -X POST "https://portal.toolweb.in/apis/tools/openclaw" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"content": "",
"scan_depth": "deep",
"check_injection": true,
"check_exfil": true,
"check_creds": true,
"check_perms": true,
"check_meta": true,
"check_scope": true
}'
3. Present the security findings with severity and recommendations.
Output Format β Generate
π¦ OpenClaw Skill Generated
βββββββββββββββββββββββββββName: [skill-name]
Version: [version]
[Full SKILL.md content ready to save]
π Next steps:
1. Save as ~/.openclaw/skills/[name]/SKILL.md
2. Test with your agent
3. Publish: clawhub publish . --version 1.0.0
Output Format β Scan
π Skill Security Scan Report
βββββββββββββββββββββββββββββScan Depth: [deep/standard/quick]
π΄ CRITICAL Findings:
[List critical security issues]
π HIGH Findings:
[List high-severity issues]
π‘ MEDIUM Findings:
[List medium issues]
β
Passed Checks:
[List clean checks]
π‘οΈ Recommendation: [SAFE / CAUTION / DO NOT INSTALL]
π Scan powered by ToolWeb.in
Error Handling
TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.inExample Interactions
Generate:
User: "Create an OpenClaw skill that monitors GitHub PRs and notifies me on Telegram"Agent: I'll generate the SKILL.md for you...
[Calls /generate-skill with name, description, triggers]
[Returns complete SKILL.md]
Scan:
User: "Scan this skill before I install it: [pastes SKILL.md content]"Agent: I'll run a deep security scan...
[Calls /scan-skill with content]
[Returns findings: prompt injection risk, data exfiltration check, etc.]
Pricing
About
Created by ToolWeb.in β a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.
Related Skills
Tips
β‘ When to Use
βοΈ Configuration
TOOLWEB_API_KEY β Get your API key from portal.toolweb.incurl must be available on the system