Security Scan
by @shadowloong
Security review workflow for OpenClaw skills and other small code folders. Use when auditing a skill before publishing or installing it, checking for dangero...
clawhub install security-scanπ About This Skill
name: security-scan description: Security review workflow for OpenClaw skills and other small code folders. Use when auditing a skill before publishing or installing it, checking for dangerous code patterns, possible hardcoded secrets, risky file permissions, or lightweight supply-chain concerns. Best for quick static review and cautious go/no-go recommendations, not full malware analysis or sandbox forensics.
Security Scan
Perform a lightweight security review before trusting, publishing, or installing a skill.
What this skill does
Use this skill to:
This skill is intentionally conservative and lightweight. Treat findings as review signals, not proof of compromise.
What this skill does not do
Do not claim capabilities that are not present in the bundled resources.
This skill does not provide:
If deeper reverse engineering or threat analysis is needed, do a manual review and use stronger external tooling.
Bundled resource
scripts/scan.sh
Run the included shell scanner for a quick static pass:
bash scripts/scan.sh /path/to/target
The script currently checks for:
eval(, exec(, system(, and spawn(Because the script uses grep-style heuristics, expect both false positives and false negatives.
Recommended workflow
1. Scope the review
Confirm what you are reviewing:
2. Run the quick scan
From the skill directory:
bash scripts/scan.sh /path/to/target
If the target is the current directory:
bash scripts/scan.sh .
3. Review the findings manually
Do not stop at raw matches. Inspect the surrounding code and decide whether each finding is:
Pay special attention to:
4. Give a practical verdict
Summarize the result in plain language using a simple rubric:
5. Recommend next actions
Examples:
Reporting pattern
Use a compact structure like this:
Security scan summary
Target:
Result: Low risk | Needs review | High risk
Findings:
-
-
Confidence: Low | Medium | High
Recommended action: