Heimdall
Skill by henrino3
Why use this skill?
Use Heimdall to scan and audit OpenClaw agent skills for malicious patterns, credential theft, and security vulnerabilities before installation.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/henrino3/heimdallWhat This Skill Does
Heimdall is a robust security auditing and vulnerability scanning tool designed specifically for the OpenClaw AI ecosystem. It acts as a gatekeeper, inspecting external or unknown skill repositories for malicious patterns, hidden payloads, and insecure configurations before they are integrated into your environment. By leveraging both pattern-matching heuristics and AI-powered narrative analysis, Heimdall identifies risks ranging from credential exfiltration and unauthorized network access to shell injection attacks. It is an essential component for any power user who frequently experiments with third-party extensions and needs to ensure their workspace remains secure.
Installation
To begin using Heimdall, ensure you have the OpenClaw agent environment set up. You can install the skill by cloning the repository from the provided source or via your preferred OpenClaw manager. Ensure that if you intend to use the AI-powered analysis features, you have configured your environment variables:
- Obtain an OpenRouter API key.
- Set the
OPENROUTER_API_KEYenvironment variable or store the key in~/clawd/secrets/openrouter.key. - Verify the installation by running
~/clawd/skills/heimdall/scripts/skill-scan.py --help.
Use Cases
Heimdall is best utilized in the following scenarios: verifying third-party skills before installation, performing periodic security audits of your current workspace to detect persistence mechanisms, and analyzing suspicious URLs or GitHub repositories that you intend to pull into your agent's capability set. It is specifically useful for organizations or developers building on OpenClaw who need a repeatable, automated way to enforce a 'zero-trust' policy for agentic skills.
Example Prompts
- "Heimdall, scan the directory ~/clawd/skills/experimental-web-scraper and provide a detailed risk report."
- "Run an AI-powered security analysis on the skill located at https://github.com/developer/suspicious-plugin and tell me if it requests unauthorized network permissions."
- "Audit all my currently installed skills and list any that have flagrant violations like shell execution or hardcoded API keys."
Tips & Limitations
To maximize effectiveness, always use the --analyze flag for new skills, as simple pattern matching can miss complex social engineering or sophisticated obfuscation. Note that while Heimdall is a powerful tool, it does not replace common-sense security practices. Always review the source code of any skill that flags as 'High' or 'Critical' risk. Keep the scanner updated to ensure its detection database covers the latest 100+ patterns for current exploit vectors.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-henrino3-heimdall": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
task-orchestrator
Autonomous multi-agent task orchestration with dependency analysis, parallel tmux/Codex execution, and self-healing heartbeat monitoring. Use for large projects with multiple issues/tasks that need coordinated parallel execution.
skill-sharer
Share a skill publicly to the Enterprise-Crew-skills GitHub repo. Strips personal/security info, generates a README, and updates the repo index.
Ec Ralph Loop
Skill by henrino3
Heimdall Security
Skill by henrino3
excalidraw
Generate hand-drawn style diagrams, flowcharts, and architecture diagrams as PNG images from Excalidraw JSON