skill-scanner
Scan installed OpenClaw skills for malicious code patterns including ClickFix social engineering, reverse shell (RAT), and data exfiltration. Uses OG-Text model for agentic detection.
Why use this skill?
Scan your OpenClaw skills for malicious patterns like RATs, ClickFix social engineering, and data exfiltration using the advanced OG-Text model.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/thomaslwang/antivirusWhat This Skill Does
The skill-scanner is an essential security utility designed specifically for the OpenClaw ecosystem. It functions as an automated static and behavioral analysis tool that scans your installed skills for malicious patterns. By leveraging the advanced OG-Text security model, it inspects your source code, configuration files, and scripts to identify common attack vectors. The tool is engineered to detect ClickFix social engineering, where malicious actors attempt to trick users into executing unauthorized commands, reverse shells (RATs) that provide unauthorized access to your system, and sophisticated info stealers that attempt to exfiltrate tokens, SSH keys, or environment variables. By running this scanner regularly, you maintain the integrity of your agentic environment and ensure that your automated workflows remain free from external tampering.
Installation
To add this security layer to your environment, use the command: clawhub install openclaw/skills/skills/thomaslwang/antivirus. Once installed, you can invoke the scanner directly through your OpenClaw agent interface. No additional configuration is required, although you should ensure your agent has read-access to your local workspace directories where your skills are stored.
Use Cases
- Routine Audits: Automatically run the scanner after installing new third-party skills from untrusted or community sources.
- Suspicious Behavior: Use the scanner if your agent starts performing unexpected tasks or exhibits performance lags indicating background processes.
- Security Hardening: Periodically audit your existing plugin library to ensure that updates haven't introduced security regressions or malicious hooks.
Example Prompts
- "OpenClaw, run a full security scan on all my installed skills and report any findings."
- "I just installed a new extension from GitHub. Can you use the skill-scanner to verify it for backdoors?"
- "Is there any risk of data exfiltration in my current workspace? Perform an audit now."
Tips & Limitations
To get the most out of skill-scanner, run it within an isolated environment if you suspect a high-risk threat. While the OG-Text model is highly effective at identifying known patterns, static analysis cannot detect zero-day exploits hidden in obfuscated binaries. Always verify the source repository author before installing new skills, and rely on this tool as one part of a defense-in-depth strategy. Keep your OpenClaw installation updated to ensure the scanner uses the latest security definitions.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-thomaslwang-antivirus": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
flaw0
Security and vulnerability scanner for OpenClaw code, plugins, skills, and Node.js dependencies. Powered by OpenClaw AI models.
openguardrails-for-openclaw
Detect and block prompt injection attacks hidden in long content (emails, web pages, documents) using OpenGuardrails SOTA detection
flaw0
Security and vulnerability scanner for OpenClaw code, plugins, skills, and Node.js dependencies. Powered by OpenClaw AI models.
test
test
moltguard
Detect and block prompt injection attacks hidden in long content (emails, web pages, documents) using the MoltGuard API