Official Verified developer tools Safety 5/5

agent-security-skill-scanner

AI Agent 安全扫描器 - 多语言检测 + AST 分析 + 意图识别 + LLM 验证

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/caidongyun/agent-security-skill-scanner

Download Source Code (.zip)

What This Skill Does

The Agent Security Skill Scanner (v2.2.1) is an essential diagnostic utility designed to bolster the integrity of your AI agent ecosystem. As OpenClaw agents increasingly leverage third-party skills, the risk of supply chain attacks, unauthorized code execution, and credential exfiltration grows. This scanner performs deep static analysis on skill repositories, identifying malicious patterns such as ClawHavoc payloads, MCP backdoors, obfuscated logic, and dangerous eval/exec abuse. It maintains a robust rule-based database of over 3,000 known threat signatures, including malicious npm/Python packages and hardcoded secrets. By integrating this scanner into your deployment pipeline, you can proactively audit AI behavior and ensure that agents operate within secure parameters, reducing the attack surface of your automation infrastructure.

Installation

To integrate this security scanner into your OpenClaw environment, execute the following command in your terminal: clawhub install openclaw/skills/skills/caidongyun/agent-security-skill-scanner Alternatively, you can navigate to the local directory and run the provided shell script: cd skills/agent-security-skill-scanner && ./install.sh Ensure you have Python 3.10+ installed, as the scanner relies on advanced AST (Abstract Syntax Tree) parsing for its detection engines.

Use Cases

Continuous Integration (CI): Automate the scanning of internal agent skills before they are published to your team’s private registry.
Third-Party Auditing: Verify external skills from the ClawHub community for hardcoded API keys or unauthorized network call patterns before execution.
Post-Incident Forensics: If an agent displays anomalous behavior, run the scanner against suspected local skill directories to isolate potential malicious logic.
Compliance Monitoring: Ensure all organizational skills adhere to strict file access and execution policies through automated routine audits.

Example Prompts

"Scan the local directory ./skills/my-custom-assistant for any potential security backdoors or sensitive hardcoded credentials."
"Perform a comprehensive security audit of all installed agent skills in the standard library and generate a report in JSON format."
"Check if the newly downloaded 'data-fetcher' skill contains any obfuscated code or unauthorized network request patterns."

Tips & Limitations

This is a Beta version (v2.2.1), and while it boasts a 95% detection rate, it should not replace manual code review for mission-critical production environments. The tool primarily utilizes static analysis; thus, it may struggle with highly dynamic, multi-stage polymorphic payloads that only manifest behavior during runtime. We recommend running this scanner alongside a sandbox environment for maximum security coverage. Always keep your rule definitions updated to ensure the scanner can identify the latest emerging threat vectors.

Read Full Documentation on GitHub

Metadata

Author@caidongyun

Stars4097

Updated2026-04-14

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-caidongyun-agent-security-skill-scanner": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#cybersecurity#scanning#static-analysis#devsecops

Safety Score: 5/5

Flags: file-read, code-execution

Related Skills

security-skill-hub

安全技能插座 - 统一的安全技能管理和调用平台这是一个安全技能的"插座"框架，提供统一的安全能力入口。已集成以下技能： **全网技能搜索 (ClawHub)**: - clawhub: 从 clawhub.com 搜索安装全网技能 **信息收集类**: - collector-strategy: 采集策略Skill - skill-sample-collector: 样本采集Skill **漏洞扫描类**: - security-vuln-scanner: 漏洞扫描Skill - agent-security-code-scanner: 代码安全扫描 **威胁情报类**: - ioc-validator: IOC验证Skill - security-ioc-research: IOC研究Skill - threat-monitoring: 威胁监控 **恶意软件分析**: - code-malware-scanner: 恶意代码扫描 - agent-security-skill-scanner: 技能安全扫描 **防护类**: - agent-defender: Agent Defender安全防护 - agent-security-network-guardian: 网络防护监控 **审计类**: - agent-security-openclaw-audit: OpenClaw安全审计 - agent-security-governance-audit: 治理审计 **其他安全类**: - agent-security-password-hardening: 密码硬化检测 - agent-security-key-manager: 密钥管理 - security-ioc-research: IOC研究使用场景: - 需要调用安全能力时 - 不知道用哪个安全技能时 - 需要组合多个安全技能时 - 扩展新的安全能力时

caidongyun 4097

agent-security-scanner

AI Agent 安全扫描器 - 多语言检测 + AST 分析 + 意图识别 + LLM 验证

caidongyun 4097

aagent-system

多智能体自动化系统，用于AI Agent技能样本采集、安全扫描、威胁情报收集和研究分析。支持单机多进程架构，可自动采集样本、检测恶意技能、提取IOC、更新规则。触发命令: /aagent start

caidongyun 4097

Srs

Skill by caidongyun

caidongyun 4097

agent-security-dlp

Agent Security DLP - 企业级数据防泄漏系统功能: 入口防护、记忆保护、工具管控、出口过滤、审计日志规则: 170条，覆盖金融、医疗、汽车、销售、人力资源、物流等25+行业触发: check-output(对话出口) / check-input(对话入口) / check-tool(工具执行) 场景: 命令行 / Python集成 / 装饰器自动触发

caidongyun 4097