🧪 Skills

AI Skill Scanner

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, sca

v2.1.0
❤️ 3
⬇️ 2.4k
👁 1
Save📁 Collect
Share

Description

name: skill-scanner description: Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Skill Security Scanner

Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.

Quick Start

# Scan a local skill folder
python3 scripts/scan.py /path/to/skill

# Verbose output (show matched lines)
python3 scripts/scan.py /path/to/skill --verbose

# JSON output (for automation)
python3 scripts/scan.py /path/to/skill --json

Workflow: Scan Before Install

  1. Download or locate the skill folder
  2. Run python3 scripts/scan.py <skill-path> --verbose
  3. Review findings by severity (CRITICAL/HIGH = do not install)
  4. Report results to user with recommendation

Score Interpretation

Score Meaning Recommendation
CLEAN No issues found Safe to install
INFO Minor notes only Safe to install
REVIEW Medium-severity findings Review manually before installing
SUSPICIOUS High-severity findings Do NOT install without thorough manual review
DANGEROUS Critical findings detected Do NOT install — likely malicious

Exit Codes

  • 0 = CLEAN/INFO
  • 1 = REVIEW
  • 2 = SUSPICIOUS
  • 3 = DANGEROUS

Rules Reference

See references/rules.md for full list of detection rules, severity levels, and whitelisted domains.

Limitations

  • Pattern-based detection — cannot catch all obfuscation techniques
  • No runtime analysis — only static scanning
  • False positives possible for legitimate tools that access network/files
  • Always combine with manual review for HIGH/MEDIUM findings

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k