security-scanner
Scans OpenClaw skills for security vulnerabilities and suspicious patterns before installation
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/anikrahman0/security-skill-scannerWhat This Skill Does
The security-scanner is a specialized diagnostic utility for OpenClaw designed to fortify your agentic ecosystem. It functions as a gatekeeper, performing deep static analysis on SKILL.md files and associated installation packages. By parsing instructions, dependency requirements, and metadata, the scanner identifies potential threats such as unauthorized external data exfiltration, malicious shell command injection, obfuscated scripts, and risky filesystem interactions. Instead of blindly trusting external agent skills, this tool acts as an automated security auditor, providing you with a transparent risk assessment before you integrate new capabilities into your workflow.
Installation
You can integrate this tool directly into your OpenClaw environment via ClawHub using the command: clawhub install openclaw/skills/skills/anikrahman0/security-scanner. Alternatively, you can clone the repository from GitHub and utilize the scanner.js file independently. For optimal usage, place the .security-scanner-config.json file in your root directory to define your custom domain whitelists and strict mode preferences, ensuring the agent aligns with your specific security posture.
Use Cases
This skill is essential for power users who frequently pull custom skills from community repositories. It is particularly useful for verifying the integrity of complex automation scripts that require elevated system permissions. By using this tool, you ensure that any script requesting file-write or network access is explicitly vetted for suspicious payloads before execution. It serves as an essential component for developers and enterprise users managing multiple third-party agentic skills in a shared production environment.
Example Prompts
- "Scan the SKILL.md file located at ~/projects/scripts/web-scraper.md and tell me if it contains any dangerous shell commands."
- "I just downloaded a new file automation tool. Perform a security audit on it and highlight any suspicious API endpoints it tries to connect to."
- "Run a risk assessment on this skill file and let me know if it violates my current security-scanner configuration."
Tips & Limitations
To get the best results, always keep your whitelistedDomains updated in your configuration file. Remember that this tool performs static analysis; while it is highly effective at identifying known patterns and suspicious syntax, it cannot guarantee complete immunity from zero-day vulnerabilities or highly sophisticated, non-malicious-looking logic. Always exercise caution and perform manual inspection on any skill flagged as 'CRITICAL' or 'HIGH' risk.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-anikrahman0-security-skill-scanner": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: file-read, code-execution
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.