🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
BytesAgain β€Ί Skills β€Ί security scanner
πŸ¦€ ClawHub

security scanner

by @kennyzir

Scan AI agent skills for security vulnerabilities, dangerous code patterns, and undeclared permissions. Three-layer analysis: dependency CVE scanning, static...

Versionv1.0.7
#legal#hr
⚑ When to Use
TriggerAction
- Developer wants to self-check a skill before publishing
- Platform review pipeline needs automated security assessment
- User asks "is this skill safe?", "scan for vulnerabilities", "check skill security"
πŸ’‘ Examples

Input: 

{
  "skill": "security-scanner",
  "input": {
    "code": "const { exec } = require('child_process');\nexec(userInput);",
    "dependencies": { "lodash": "4.17.20" }
  }
}

Output: 

{
  "overall_risk": "high",
  "risk_score": 62,
  "input_mode": "direct",
  "repo_url": null,
  "dependency_scan": {
    "packages_scanned": 1,
    "vulnerabilities": [
      {
        "id": "GHSA-jf85-cpcp-j695",
        "summary": "Prototype Pollution in lodash",
        "severity": "high",
        "package_name": "lodash",
        "package_version": "4.17.20"
      }
    ],
    "vulnerability_counts": { "critical": 0, "high": 1, "medium": 0, "low": 0 }
  },
  "code_scan": {
    "findings": [
      {
        "rule_id": "SHELL_INJECT",
        "name": "Shell injection",
        "severity": "critical",
        "file": "input.ts",
        "line": 1,
        "match": "require('child_process')",
        "description": "Shell command execution detected"
      }
    ],
    "finding_counts": { "critical": 1, "high": 0, "medium": 0, "low": 0 },
    "rules_checked": 8
  },
  "permission_audit": {
    "declared_permissions": [],
    "detected_permissions": ["Bash(*)"],
    "undeclared_risks": ["Bash(*)"]
  },
  "recommendations": [
    "Critical: Shell injection pattern detected",
    "High: lodash@4.17.20 has known vulnerabilities",
    "Undeclared permission: Bash(*) detected but not declared"
  ],
  "scanned_at": "2025-01-15T10:30:00.000Z",
  "scan_duration_ms": 1250
}

βš™οΈ Configuration

1. Sign up at claw0x.com 2. Create API key in Dashboard 3. Set environment variable: 

   # Add to ~/.openclaw/.env or your agent's environment
   CLAW0X_API_KEY=ck_live_...

> Security note: Never embed API keys in prompts, source code, or version-controlled files. Use environment variables or secret managers.

No credit card or wallet balance needed. This skill is free to use.

View on ClawHub
TERMINAL
clawhub install security-scanner-plus

πŸ§ͺ Use this skill with your agent

Most visitors already have an agent. Pick your environment, install or copy the workflow, then run the smoke-test prompt above.

Manus
Task-oriented agent. Great for testing AI skills end-to-end.
Try Manus β†’
OpenClaw
Local-first agent. Install skills via ClawHub CLI.
Set up OpenClaw β†’
Claude Code
Anthropic's coding agent. Paste the prompt or SKILL.md into your session.
Claude Code docs β†’
Cursor
AI-powered IDE. Use the smoke-test prompt in Cursor Agent.
Open Cursor β†’
Continue.dev
Open-source AI code assistant. Add SKILL.md as a custom tool.
Continue docs β†’
Windsurf
Agentic IDE by Codeium. Paste the prompt into Cascade.
Try Windsurf β†’
Cline
VS Code extension for autonomous coding with MCP tools.
Cline on GitHub β†’
Copilot Workspace
GitHub's AI dev environment. Suitable for code-generation skills.
Copilot Workspace β†’

πŸ” Can't find the right skill?

Search 60,000+ AI agent skills β€” free, no login needed.

Search Skills β†’