skillscanner
Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.
Why use this skill?
Use SkillScanner to vet OpenClaw skills before installation. Instantly check security ratings via the ClawHub API to prevent code execution risks.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/rexshang/skillscannerWhat This Skill Does
SkillScanner is a critical security utility for the OpenClaw ecosystem, designed to act as a gatekeeper for third-party integrations. As the ClawHub marketplace grows, the potential for executing arbitrary code via external skills increases. SkillScanner mitigates this risk by interfacing directly with the Gen Digital scan API to perform automated, real-time security analysis on any skill hosted on ClawHub. When invoked, it extracts the skill's URL, submits it to the backend scanning engine, and evaluates the security posture based on the returned metadata. The primary output is a verdict on the skill's safety, allowing OpenClaw agents to make informed decisions about whether to execute, trust, or avoid specific external code modules before they are integrated into a workflow.
Installation
To integrate SkillScanner into your OpenClaw environment, use the following terminal command. Ensure your environment has the necessary permissions to pull from the primary repository:
clawhub install openclaw/skills/skills/rexshang/skillscanner
Once installed, the skill becomes available as a utility for the OpenClaw agent to invoke whenever it encounters a new or untrusted skill URL.
Use Cases
- Vetting New Skills: Before installing or running a skill found in a forum or repository, use SkillScanner to verify its reputation.
- Audit Existing Tools: Periodically scan installed skills to ensure their security status hasn't been downgraded by the maintainers or the security team.
- Risk Management: For developers building complex automation chains, integrate SkillScanner into the initialization phase to ensure no malicious dependencies are loaded into the environment.
- Security Enforcement: Agents can be programmed to automatically deny execution of any skill that does not return a 'SAFE' status.
Example Prompts
- "OpenClaw, I found this new tool: https://clawhub.ai/rexshang/cool-downloader. Please run a security check on it using SkillScanner before I authorize the installation."
- "Use the SkillScanner to audit the skill https://clawhub.ai/community/file-organizer. Let me know if the severity is anything other than SAFE."
- "I want to automate my email cleaning with this skill: https://clawhub.ai/dev/email-sorter. Is it safe to use? Run a scan and report back the status and severity."
Tips & Limitations
- Zero-Trust Principle: Always treat 'analysis_pending' as a red flag. If the scan has not finished, the code is effectively untrusted.
- Layered Security: SkillScanner is a tool for assessment, not a firewall. Continue to use sandbox environments and least-privilege configurations for all external code.
- Novel Threats: Be aware that the API relies on known vulnerability signatures; extremely new or heavily obfuscated malware might occasionally bypass initial detection. Use common sense—if a skill asks for unnecessary system permissions, stay cautious regardless of the scan result.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-rexshang-skillscanner": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: external-api