ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

claw-lint

Security scanner for OpenClaw skills. Detects malware and backdoors before execution, scores risk levels, and monitors file integrity through static code analysis.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/parthghumatkar/claw-lint
Or

ClawLint

Security linter for OpenClaw skills

Runs a local audit over your installed OpenClaw skills without executing any code. Scans both workspace (~/.openclaw/workspace/skills) and system (~/.openclaw/skills) directories.

With 7.1% of ClawHub skills containing security flaws, ClawLint provides pre-execution defense by identifying malicious patterns before they run.

Summary

ClawLint audits OpenClaw skills for security threats without executing code. It detects malicious patterns like remote execution, credential theft, and backdoors, then assigns risk scores (0-100) and generates SHA256 hashes for integrity monitoring. Outputs JSON for automation and CI/CD pipelines.

What It Does

  • Risk scoring — assigns a numeric risk score (0-100) based on detected patterns
  • Audit flags — identifies suspicious behaviors (remote execution, secret access, etc.)
  • Inventory mode — optional SHA256 hashing of all files for change detection
  • JSON output — machine-readable results (requires Python 3)
  • No execution — static analysis only, safe to run on untrusted skills

Quick Start

Scan all skills (summary view)

{baseDir}/bin/claw-lint.sh

Scan one specific skill

{baseDir}/bin/claw-lint.sh --skill <skill-name>

Example: {baseDir}/bin/claw-lint.sh --skill hashnode-publisher

Full inventory with SHA256 hashes

{baseDir}/bin/claw-lint.sh --full --skill <skill-name>

JSON output (requires Python 3)

{baseDir}/bin/claw-lint.sh --format json

Options

FlagDescription
--skill <name>Scan only the specified skill
--fullInclude SHA256 inventory of all files
--format jsonOutput as JSON (needs python3)
--min-score <N>Show only skills with risk score ≥ N
--strictPrioritize high-severity patterns
--max-bytes <N>Skip files larger than N bytes (default: 2MB)

Understanding the Output

Risk Score

  • 0-30: Low risk (common patterns, minimal concerns)
  • 31-60: Medium risk (network access, file operations)
  • 61-100: High risk (remote execution, credential access, system tampering)

Common Flags

  • pipes_remote_to_shell — downloads and executes remote code
  • downloads_remote_content — fetches external files
  • has_executables — contains binary files
  • uses_ssh_or_scp — SSH/SCP operations
  • contains_symlinks — symbolic links present

Example Output

SCORE  SKILL                FILES  SIZE     FLAGS
-----  -----                -----  ----     -----
57     hashnode-publisher   2      1.1KB    downloads_remote_content,pipes_remote_to_shell
45     ec2-health-monitor   2      1.9KB    pipes_remote_to_shell

Risk Scoring Details

ClawLint assigns risk scores from 0 (safe) to 100 (critical) based on pattern detection:

Read Full Documentation on GitHub

Metadata

Author@parthghumatkar
Stars1249
Views0
Updated2026-02-21
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-parthghumatkar-claw-lint": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.