skill-scan

What This Skill Does

Skill-Scan is the primary security defense layer for the OpenClaw ecosystem, designed to protect your agentic environment from malicious software. It functions as a comprehensive, multi-layered security auditor that inspects skill packages before they are granted execution permissions. By performing both static analysis and deep LLM-based behavioral inspection, it detects a wide range of threats including obfuscated malicious code, prompt injection attempts designed to hijack agent behavior, and clandestine data exfiltration techniques. It evaluates packages for architectural integrity, ensuring that installed skills align with safety guidelines and operational transparency.

Installation

To install the security auditor, run the following command in your terminal:

clawhub install openclaw/skills/dgriffin831/skill-scan

Once installed, the skill-scan binary becomes available as a command-line interface (CLI) tool. It is recommended to add the binary path to your system environment variables if you intend to use it outside of the OpenClaw terminal context.

Use Cases

• Vetting Third-Party Skills: Automatically audit any skill downloaded from ClawHub or external public repositories before running the installation script.
• Security Compliance: Use the tool to generate standardized security reports for skills deployed within an enterprise or team environment.
• Periodic Audits: Regularly scan installed directories to ensure that existing skills have not been updated with malicious payloads or unintended behavioral changes.
• Automated CI/CD: Integrate the tool into your deployment pipeline using exit codes (0 for safe, 1 for risky) to block untrusted code from entering your production agent environment.

Example Prompts

1. "OpenClaw, scan the latest productivity suite from ClawHub for any potential prompt injection risks before I install it."
2. "Run a high-depth security audit on the local skill directory located at ~/dev/testing-skills and provide me with a summary of the findings."
3. "Is the 'crypto-tracker-bot' skill safe to install? Please perform a deep LLM analysis and show me the risk score."

Tips & Limitations

• LLM Deep Analysis: Use the --llm flag for critical or complex skills. This consumes more time and may require an active API key (OpenAI or Anthropic), but it is significantly better at detecting logical misalignments than standard pattern matching.
• Exit Codes: Always integrate the exit codes into your automated workflows. If the scanner returns a 1, do not bypass the warning; perform a manual inspection of the reported findings.
• False Positives: While highly accurate, some complex, legitimate API-wrapping skills may occasionally flag as medium-risk due to their broad file-system or network access requirements. In these cases, review the report manually to verify if the permissions are justified by the skill's functionality.