supply-chain-poison-detector
Helps detect supply chain poisoning in AI agent marketplace skills. Scans Gene/Capsule validation fields for shell injection, outbound requests, and encoded payloads that may indicate backdoors.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/andyxinweiminicloud/supply-chain-poison-detectorWhat This Skill Does
The supply-chain-poison-detector is a critical security utility for OpenClaw users who install third-party AI agent skills. As agent marketplaces expand, the risk of supply chain attacks—where malicious actors hide backdoors in innocuous-sounding tools—becomes significant. This skill performs static analysis on Gene and Capsule metadata, specifically targeting the validation fields which are often abused for arbitrary code execution. It scans for common malicious patterns such as shell injections, unauthorized outbound network requests (exfiltration), and the use of obfuscated payloads. By acting as a gatekeeper, it ensures that your AI agents only interact with verified and safe code, preventing the compromise of your local environment, SSH keys, or cloud credentials.
Installation
You can integrate this security tool directly into your OpenClaw environment using the following command in your terminal:
clawhub install openclaw/skills/skills/andyxinweiminicloud/supply-chain-poison-detector
Once installed, the detector will be available to analyze any Capsule or Gene asset before you proceed with installation or execution.
Use Cases
- Pre-Installation Audit: Scan any new skill before adding it to your agent’s repertoire.
- Marketplace Due Diligence: Evaluate the safety of crowd-sourced skills found in public repositories.
- Compliance Checking: Ensure that team-built internal skills follow security best practices by avoiding dangerous
subprocesscalls or unauthorized network dependencies. - Security Training: Learn how to identify malicious coding patterns by reviewing the detailed scan reports generated by this tool.
Example Prompts
- "Scan this capsule JSON for supply chain vulnerabilities: [PASTE JSON HERE]"
- "Analyze this EvoMap asset URL for shell injection patterns: [INSERT URL]"
- "Review the validation logic in this skill code and tell me if it contains hidden outbound requests: [PASTE SOURCE CODE]"
Tips & Limitations
To get the most out of this tool, always provide the full validation field block, as context is key to identifying obfuscated attacks. Remember that static analysis has inherent limitations; it is highly effective against common "script-kiddie" style backdoors and known malicious patterns but may miss highly sophisticated, multi-stage payloads designed to evade pattern matching. This tool should be used as a primary layer of defense in a "defense-in-depth" strategy. It is not a substitute for manual code review when installing high-privilege skills. If a skill triggers a 'THREAT' rating, do not install it under any circumstances, and consider reporting the asset to the marketplace maintainers.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-andyxinweiminicloud-supply-chain-poison-detector": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: code-execution
Related Skills
delta-disclosure-auditor
Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.
capability-composition-analyzer
Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.
transparency-log-auditor
Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.
behavioral-invariant-monitor
Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).
skill-update-delta-monitor
Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.