AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aurasecurity-creator/aura-security-scannerWhat This Skill Does
The AURA Security Scanner is an essential defensive layer for any AI agent workflow. It functions as a specialized security audit tool designed to evaluate AI agent skills (including OpenClaw, Claude MCP, and LangChain formats) before they are granted execution privileges. By analyzing code for hidden malicious patterns, the scanner protects your system from credential theft, unauthorized data exfiltration, and dangerous system manipulations. The scanner utilizes the AURA Security API to cross-reference code against a database of known threat vectors, including obfuscated execution (such as dynamic eval calls), unauthorized network connections, and illicit filesystem access attempts. It returns a standardized risk score and a human-readable summary, helping you maintain a secure agent environment.
Installation
To integrate this security layer into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/aurasecurity-creator/aura-security-scanner
Once installed, the AURA scanner will be accessible as an available tool, ready to audit external skill URLs before you authorize their installation.
Use Cases
- Vetting Third-Party Plugins: Before adding a community-made skill to your agent, verify that it does not contain backdoors or crypto-miners.
- Enterprise Policy Enforcement: Ensure that only 'SAFE' rated tools are utilized within production environments.
- Security Auditing: Periodically audit existing, older skills that may have been updated to include suspicious dependencies or obfuscated code.
- Preventing Prompt Injection: Identify tools that specifically target system instructions designed to hijack agent behavior.
Example Prompts
- "Scan this skill for security issues: https://github.com/user/cool-skill"
- "Is this skill safe to install, and does it have any weird network permissions? https://clawhub.xyz/skill/weather-api"
- "Check for potential prompt injection or credential theft in this repository: https://github.com/example/mcp-tool"
Tips & Limitations
- Verdict Interpretation: Always treat 'WARNING' verdicts with caution. If a skill requires network access it doesn't explicitly need, consider it a potential security risk regardless of the score.
- False Positives: Sophisticated obfuscation or complex, legitimate code patterns may occasionally trigger higher risk scores. Always manually review the findings if a useful tool is flagged.
- API Availability: The scanner requires internet access to communicate with the AURA Security API for real-time threat intelligence updates.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aurasecurity-creator-aura-security-scanner": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: network-access, external-api
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.
ai-workflow-red-team-lite
对 AI 自动化流程做轻量红队演练,聚焦误用路径、边界失败和数据泄露风险。;use for red-team, ai, workflow workflows;do not use for 输出可直接滥用的攻击脚本, 帮助破坏系统.