Skill Security Check

Runs structured security checks against skills (especially from registries) and produces a report similar to VirusTotal-style analysis: purpose vs capability, registry vs SKILL.md consistency, remote code execution (RCE), malicious code (obfuscation, backdoors, exfiltration, mining, secret reads), install mechanism, credentials, and persistence/privilege.

User goals

• Achieve a Benign safety rating on the skill I made — Authors use the check (and the author checklist in reference.md) to fix issues until their skill reports Benign before publishing.
• Ensure all downloaded skills are Benign — Before using or trusting any skill obtained from a registry (e.g. ClawHub), a URL, or a shared folder, run this security check. Only treat the skill as safe to use if the verdict is Benign; if Suspicious or any RCE/malicious findings, do not install or follow "what to consider" (verify source, audit in sandbox, or do not install).

Agent rule for "ensure all downloaded skills are benign": Whenever the user installs or adds a skill (e.g. clawhub install, download, or copy into skills dir), run the skill security check on that skill. If the verdict is not Benign, show the report and do not recommend using the skill until the user has verified the source or the report is resolved. For existing skills in the user's skills directory, the user can ask to "check all my downloaded skills" or "ensure all my skills are benign" — run the check on each and list which are Benign vs Suspicious.

Pain points this skill addresses

• "Is this skill safe to install?" — Users and agents often see skills on ClawHub or elsewhere with no clear way to judge risk. This skill gives a structured, repeatable checklist and a single verdict (Benign / Suspicious) plus what to consider before installing.
• "The skill wants my OAuth / API keys" — Credentials are a common attack surface. The check verifies that credential requirements are declared and proportionate, and recommends test accounts and least privilege so users don’t blindly grant access.
• "Registry and SKILL.md don’t match" — When the registry listing omits binaries, install steps, or credentials that SKILL.md requires, installs can fail or users get surprised. The skill flags these mismatches so publishers can fix them or users can decide with full context.
• "Could it run malicious code or steal my data?" — Explicit RCE and malicious-code checks (curl|sh, eval, obfuscation, exfiltration, secret reads) address the fear that a skill might execute untrusted code or send secrets off-box. Findings here drive a "do not install" or "audit first" recommendation.
• "I need one process, not ad-hoc judgment" — A single, documented flow (purpose → registry consistency → scope → RCE → malicious → install → credentials → persistence) ensures consistent evaluations and report format every time.

When to use