← Back to Skills Marketplace
Aura Security Scanner
by
aurasecurity-creator
· GitHub ↗
· v1.0.0
1380
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install aura-security-scanner
Description
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
README (SKILL.md)
AURA Security Scanner
Protect your AI agent from malicious skills. Scan any OpenClaw, Claude MCP, or LangChain skill before installation.
What It Detects
- Malware Patterns - Credential theft, file exfiltration, crypto miners, backdoors
- Prompt Injection - Attempts to override system instructions or jailbreak agents
- Permission Issues - Overly broad filesystem, network, or execution permissions
- Suspicious Networks - Connections to known exfiltration domains (webhook.site, etc.)
- Obfuscated Code - Base64/hex encoded execution, dynamic eval patterns
Usage
Ask me to scan a skill before you install it:
"Scan this skill for security issues: https://github.com/user/cool-skill"
"Is this skill safe? https://github.com/example/mcp-tool"
"Check https://clawhub.xyz/skill/weather-api for malware"
Verdicts
| Verdict | Risk Score | Meaning |
|---|---|---|
| SAFE | 0-20 | No issues found, safe to install |
| WARNING | 21-50 | Minor concerns, review before installing |
| DANGEROUS | 51-80 | Significant risks detected, avoid |
| BLOCKED | 81-100 | Critical threats, do not install |
AURA Verified Badge
Skills with a SAFE verdict can display the AURA Verified badge, showing users they've been scanned and approved.
Examples
Safe Skill Response
AURA Skill Scan: weather-api
Verdict: SAFE
Risk Score: 5/100
AURA Verified: Yes
Summary: Clean skill with minimal permissions.
Requests only weather API access.
Recommendation: Safe to install.
Dangerous Skill Response
AURA Skill Scan: suspicious-helper
Verdict: DANGEROUS
Risk Score: 78/100
AURA Verified: No
Findings:
- CRITICAL: Accesses SSH keys (~/.ssh/id_rsa)
- HIGH: Sends data to webhook.site
- HIGH: Runs eval() on decoded base64
Recommendation: Do not install. Contains credential
theft and data exfiltration patterns.
API
This skill calls the AURA Security API:
POST https://api.aurasecurity.io/scan-skill
{
"skillUrl": "https://github.com/user/skill",
"format": "auto",
"includeRepoTrust": true
}
About AURA
AURA (Agent Universal Reputation & Assurance) provides security infrastructure for the AI agent ecosystem. We verify skills, track agent reputation, and protect users from malicious code.
- Website: https://aurasecurity.io
- GitHub: https://github.com/aurasecurityio/aura-security
- X/Twitter: @aurasecurityio
Usage Guidance
This skill appears to do what it says: it sends the provided skill URL to an external AURA scanning API and formats the returned report. Before installing, consider: 1) Trust the external service — scanning sends the skill URL (and the scanner may fetch the repo) to api.aurasecurity.io; verify the operator/publisher (the registry record shows unknown source/homepage while package files reference aurasecurity.io). 2) Watch the AURA_API_URL env var — if an env var overrides it, the skill will call whatever endpoint is set; ensure that variable isn't set to an untrusted domain. 3) If you want to be extra cautious, inspect/execute the code in a sandbox or run it locally with AURA_API_URL pointed to a test endpoint to observe behavior. 4) Ask the publisher to reconcile metadata inconsistencies (registry metadata vs SKILL.md/package.json) and provide an official homepage or repository link. If you cannot verify the external service or the publisher, do not install.
Capability Analysis
Type: OpenClaw Skill
Name: aura-security-scanner
Version: 1.0.0
The OpenClaw skill 'AURA Security Scanner' is designed to scan other AI agent skills for security issues by sending their URLs to the AURA Security API. The `SKILL.md` explicitly declares highly restricted permissions: no filesystem access, no execution of binaries, and network access limited solely to `api.aurasecurity.io`. The `index.ts` code strictly adheres to these permissions, performing only a `fetch` request to the AURA API with the user-provided skill URL. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection against the agent itself. The skill's behavior is entirely aligned with its stated purpose and lacks any high-risk activities.
Capability Assessment
Purpose & Capability
The skill's name/description claim to scan skills and the index.ts implements that by POSTing the skill URL to an AURA API endpoint — this is coherent. However registry metadata at the top-level said "Required env vars: none" while SKILL.md declares AURA_API_URL and network access to api.aurasecurity.io; package.json and SKILL.md reference aurasecurity.io/GitHub but the registry record lists source/homepage as unknown/none. These metadata mismatches should be resolved or explained by the publisher.
Instruction Scope
SKILL.md and index.ts keep runtime behavior narrowly scoped: extract a URL from the user's query and send it to the AURA API. The instructions do not request reading local files, credentials, or other system state. The expected network call will transmit the skill URL (and includeRepoTrust flag) to a third-party service, which is appropriate for a remote scanning service but is a privacy/trust consideration.
Install Mechanism
No install spec (instruction-only plus a simple TypeScript handler) — nothing is downloaded or written by an installer. No external packages or archives are fetched during install. This is lower-risk from an install-mechanism standpoint.
Credentials
The code reads AURA_API_URL (with a sensible default); SKILL.md lists AURA_API_URL under requires.env and network access to api.aurasecurity.io, but the registry metadata claims no required env vars. While no secrets/credentials are requested (no TOKENS/KEYS), the ability to override AURA_API_URL could redirect requests to an attacker-controlled endpoint if an operator sets that env var. The skill does not request unrelated credentials, but the env-var/metadata mismatch and the reliance on an external API are noteworthy.
Persistence & Privilege
The skill does not request always:true and does not alter other skills or system-wide settings. It runs only when invoked and does not ask for persistent privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install aura-security-scanner - After installation, invoke the skill by name or use
/aura-security-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of AURA Security Scanner.
- Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installation.
- Integrates with AURA Security API to assess skill safety and provide verdicts: SAFE, WARNING, DANGEROUS, or BLOCKED.
- Supports scanning of OpenClaw, Claude MCP, and LangChain skills via skill URLs.
- Requires AURA_API_URL environment variable for API access.
- Skills passing the scan can display the AURA Verified badge.
Metadata
Frequently Asked Questions
What is Aura Security Scanner?
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them. It is an AI Agent Skill for Claude Code / OpenClaw, with 1380 downloads so far.
How do I install Aura Security Scanner?
Run "/install aura-security-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Aura Security Scanner free?
Yes, Aura Security Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Aura Security Scanner support?
Aura Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Aura Security Scanner?
It is built and maintained by aurasecurity-creator (@aurasecurity-creator); the current version is v1.0.0.
More Skills