ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

Skill Flag

Skill by patfire94

Why use this skill?

Protect your OpenClaw agent with Skill Flag. Audit installed skills for backdoors, data exfiltration, and malicious code to ensure your system remains secure.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/patfire94/skill-flag
Or

What This Skill Does

Skill Flag is an essential security auditing tool for the OpenClaw/Clawdbot ecosystem, designed to protect your local environment from malicious code. As AI agents increasingly interact with your file system and network, the risk of executing insecure third-party skills grows. This skill acts as a static analysis engine that scans your installed packages for common security anti-patterns, such as unauthorized data exfiltration, reverse shell backdoors, and attempts to access sensitive credentials like SSH keys or AWS configuration files. By utilizing a categorized risk scoring system (0-100), it provides instant feedback on the safety of your environment, flagging potential risks before they can compromise your system integrity.

Installation

To install Skill Flag, run the following command in your terminal: clawhub install openclaw/skills/skills/patfire94/skill-flag Once installed, the skill resides within your local directory, allowing it to hook into your agent's command interface for immediate scanning capabilities. Ensure your environment has Python 3 installed, as the core scanner logic relies on a Python-based engine to parse skill source code and identify suspicious patterns.

Use Cases

This skill is perfect for power users who frequently install community-provided modules from ClawdHub. Use it to:

  • Audit new skills immediately after installation to verify they perform only requested tasks.
  • Conduct routine security health checks on your agent environment to ensure no persistent threats exist.
  • Perform pre-installation checks on downloaded scripts to identify hidden code execution vulnerabilities like 'eval()' or 'exec()' calls.
  • Maintain a security-first workflow in professional settings where agent data privacy is paramount.

Example Prompts

  1. "Scan all my installed skills for security issues and generate a report."
  2. "Check if the recently installed web-scraper skill is safe to run."
  3. "Provide a security risk report for all my active clawdbot modules."

Tips & Limitations

  • Understand False Positives: Legitimate skills (like email or crypto trackers) require network access. The scanner identifies these as 'Suspicious' because they behave like malicious tools, but you should judge them based on their known functionality.
  • Regular Audits: Run security report weekly, especially if you modify your skill list frequently.
  • Limitations: This is a static analysis tool; it cannot detect advanced zero-day exploits or logic-based attacks that hide in highly obfuscated code. Always supplement this with manual review of skill source code when in doubt.
Read Full Documentation on GitHub

Metadata

Author@patfire94
Stars1217
Views0
Updated2026-02-20
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-patfire94-skill-flag": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#audit#privacy#scanner#bot-safety
Safety Score: 5/5

Flags: file-read, code-execution