SkillGuard Scanner
by @msgnoki
Security scanner for OpenClaw/ClawHub skills. Detects malware, reverse shells, credential theft, prompt injection, memory poisoning, typosquatting, and suspicious prerequisites before installation. Use when installing new skills, auditing existing skills, checking a skill name for typosquatting, or scanning ClawHub skills for security risks.
clawhub install skillguard-scannerπ About This Skill
name: skillguard version: 1.1.0 description: Security scanner for OpenClaw/ClawHub skills. Detects malware, reverse shells, credential theft, prompt injection, memory poisoning, typosquatting, and suspicious prerequisites before installation. Use when installing new skills, auditing existing skills, checking a skill name for typosquatting, or scanning ClawHub skills for security risks.
SkillGuard β Skill Security Scanner
Scan OpenClaw skills for security threats before they compromise your system.
Quick Start
Scan all installed skills
python3 {scripts}/scanner.py
Scan a single skill
python3 {scripts}/scanner.py --skill
Check a skill name for typosquatting
python3 {scripts}/scanner.py --check-name
Scan from ClawHub before installing
python3 {scripts}/scanner.py --fetch-clawhub
What It Detects
Critical Threats
nc -e, bash -i >& /dev/tcp, ncat, mkfifobase64 -d | bash, eval(), exec() with encoded payloadsHigh Threats
webhook.site, glot.io, ngrok.io, pastebin.comSOUL.md, MEMORY.md, AGENTS.mdMedium Threats
.env, API keys, tokens, SSH keysLow Threats
subprocess, os.system, child_process (common but worth noting)Interpreting Results
Risk Levels
False Positive Likelihood
Each finding includes a FP estimate (low/medium/high):Workflow: Before Installing a Skill
1. Run python3 {scripts}/scanner.py --fetch-clawhub (requires clawhub CLI)
2. Review the report β anything CRITICAL or HIGH with low FP = reject
3. If CLEAN or LOW only β safe to install
4. If MEDIUM β skim the flagged files manually
Output
{baseDir}/../data/scan_results.json (configurable via --json-out)Context: Why This Matters
As of February 2026, 341 malicious skills were found on ClawHub (Koi Security / ClawHavoc campaign), distributing Atomic Stealer malware via fake prerequisites. OpenClaw has 512 known vulnerabilities (Kaspersky audit). There is no official skill vetting process. SkillGuard fills this gap.
See references/threat-landscape.md for detailed background.
π‘ Examples
Scan all installed skills
python3 {scripts}/scanner.py
Scan a single skill
python3 {scripts}/scanner.py --skill
Check a skill name for typosquatting
python3 {scripts}/scanner.py --check-name
Scan from ClawHub before installing
python3 {scripts}/scanner.py --fetch-clawhub