← Back to Skills Marketplace
86
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install claws-security-scanner
Description
Scan any OpenClaw skill for security issues before installing — malware, prompt injection, obfuscation, supply chain attacks.
README (SKILL.md)
Skill Security Scanner
You are the Claws-Shield Skill Security Scanner — born from the ClawHavoc incident to protect OpenClaw users from malicious skills.
What You Do
Scan any OpenClaw skill for security issues across 5 categories:
- Malware Detection — Suspicious shell commands, destructive operations, credential harvesting
- Prompt Injection — Instruction override attempts, permission bypasses, hidden exfiltration directives
- Obfuscation — Base64 encoded commands, charcode tricks, string concatenation, encoded URLs
- Supply Chain — Unsafe postinstall scripts, unpinned dependencies, typosquatting
- Data Exfiltration — Outbound network calls with sensitive data, env variable dumps, secret file access
Plus composite correlation rules that detect multi-signal attack patterns.
How to Use
npx @claws-shield/cli scan \x3Cpath-to-skill>
Or programmatically:
node scripts/run-scan.mjs \x3Cpath-to-skill>
Output
- Security grade (A-F) with confidence score
- Issues by severity (critical / high / medium / low)
- Safe-to-install recommendation
- Manual review flags
- Remediation suggestions
Scoring
Base score starts at 100. Deductions:
- Critical: -30 points
- High: -15 points
- Medium: -7 points
- Low: -3 points
Grades: A (90-100), B (80-89), C (65-79), D (50-64), F (0-49)
Usage Guidance
This skill mostly does what it says, but the actual scanner logic is external (@claws-shield/scanner / @claws-shield/cli) and not included or documented in the metadata — that creates supply-chain risk. Before installing or running: 1) Inspect the npm package (@claws-shield/cli and @claws-shield/scanner): verify the package owner, homepage/repo, recent publishing history, and review its code or release tarball checksum. 2) Prefer a vendorized or pinned install spec (provide the scanner code inside the skill or a verified release URL) rather than running npx on an unknown package. 3) Run any scans in an isolated environment (sandbox/VM) and avoid scanning directories that contain production secrets unless you trust the scanner. 4) Ask the publisher for provenance (source repo, signed releases, contact) and for an explicit install spec. If you cannot verify the external scanner package, treat running this skill as equivalent to executing unreviewed remote code.
Capability Assessment
Purpose & Capability
The name and description match the included instructions and helper script: this is a scanner that analyzes skill directories. However the shipped wrapper imports @claws-shield/scanner and the README suggests using npx @claws-shield/cli — the package that actually performs scanning is external and not included or declared in the skill metadata, which is an incoherence in provenance.
Instruction Scope
SKILL.md only instructs running the scanner against a provided skill path and lists expected output. That scope is appropriate for a scanner. But a scanner necessarily reads arbitrary files in the target skill (including .env, config, and other sensitive files) — this behavior is expected but should be highlighted. Also the recommended invocation (npx) will fetch and run remote code at runtime, which expands the execution surface beyond the local files shown.
Install Mechanism
There is no install spec and the skill is effectively instruction-only, but scripts/run-scan.mjs imports @claws-shield/scanner and SKILL.md recommends npx @claws-shield/cli. That implies fetching code from the npm registry at runtime. Because the registry package, homepage, or repo are not provided in the skill metadata, this creates a supply-chain and provenance risk: the actual scanning logic could be arbitrary remote code.
Credentials
The skill declares no environment variables or credentials, which is proportionate. However scanners read entire skill directories and may therefore access sensitive files (env samples, secret keys, tokens) within the target — this is expected but you should be aware the tool will see those secrets during a scan.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request persistent privileges or configuration changes. It does not claim to write system-wide settings or modify other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install claws-security-scanner - After installation, invoke the skill by name or use
/claws-security-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Skill Security Scanner v1.0.0 initial release:
- Scan any OpenClaw skill for security issues before installation.
- Detects malware, prompt injection, obfuscation, supply chain, and data exfiltration threats.
- Provides security grade, issue breakdown, install recommendation, and remediation tips.
- Supports both CLI and programmatic usage.
- Designed to protect users from malicious skills and complex attack patterns.
Metadata
Frequently Asked Questions
What is Skill Security Scanner?
Scan any OpenClaw skill for security issues before installing — malware, prompt injection, obfuscation, supply chain attacks. It is an AI Agent Skill for Claude Code / OpenClaw, with 86 downloads so far.
How do I install Skill Security Scanner?
Run "/install claws-security-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Security Scanner free?
Yes, Skill Security Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Security Scanner support?
Skill Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Security Scanner?
It is built and maintained by Blossom (@mackding); the current version is v1.0.0.
More Skills