← Back to Skills Marketplace
Skill Defender
by
itsclawdbro
· GitHub ↗
· v1.0.0
2099
Downloads
5
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install skill-defender
Description
Scans installed OpenClaw skills for malicious patterns including prompt injection, credential theft, data exfiltration, obfuscated payloads, and backdoors. Use when installing new skills, after skill updates, or for periodic security scans. Runs deterministic pattern matching — fast, offline, no API cost.
Usage Guidance
This skill appears internally consistent: it's an offline, deterministic pattern scanner implemented in Python that reads skill directories and reports findings. Before installing or running it, consider these points: (1) Source provenance — the skill's owner and homepage are unknown; prefer code from a trusted publisher or review the code yourself. (2) Local file access — the scanner will read all files in your skills directory (which is necessary for scanning). If your skills contain sensitive secrets, consider auditing those files separately or run the scanner in a controlled environment. (3) Allowlist/false positives — the tool includes a built-in allowlist that can suppress findings; review that allowlist to ensure it isn’t silencing legitimate issues. (4) No network I/O is visible in the provided code, but always review the full scripts before running. If you cannot inspect the code, run it in a sandboxed environment or a VM and verify behavior (stdout, exit codes) on a non-production copy of your skills directory.
Capability Analysis
Type: OpenClaw Skill
Name: skill-defender
Version: 1.0.0
The 'skill-defender' skill is a security scanner designed to detect malicious patterns like prompt injection, RCE, and credential theft. Its documentation (SKILL.md, references/threat-patterns.md) and core scanning script (scripts/scan_skill.py) necessarily contain examples and regexes of these malicious patterns. The skill explicitly states it will flag itself without an allowlist, which is implemented in scripts/aggregate_scan.py. All file system access and subprocess execution are aligned with its stated purpose of scanning other skills, with no evidence of intentional harmful behavior or prompt injection against the agent itself.
Capability Assessment
Purpose & Capability
Name/description (malicious-pattern scanner) align with the included artifacts: SKILL.md, a threat-patterns reference, and two Python scanner scripts. No unrelated env vars, binaries, or install steps are requested. The scripts' behavior (walking skill dirs, regex-based detections, aggregating results) is coherent with a scanner.
Instruction Scope
SKILL.md instructs scanning single skills or all installed skills and documents auto-detection of the skills directory (searching ~/.clawd/skills, ~/skills, ~/.openclaw/skills and walking up from the script). It also documents allowlisting and output handling. The SKILL.md contains explicit prompt-injection examples (e.g., "ignore previous instructions", "you are now") which triggered pre-scan flags — this is expected because the scanner documents the patterns it detects. The scanner will read skill files (required for its purpose); verify you are comfortable with a local tool reading installed skill files (these files can contain secrets).
Install Mechanism
Instruction-only with bundled Python scripts; no install spec, no downloads, no external packages required (scripts state standard library only). No evidence of downloading/executing remote payloads in the provided code.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code includes regexes that look for credential paths in scanned skills (expected) but the scanner itself does not request or require secrets.
Persistence & Privilege
No always:true, no automatic modification of agent configuration is described. The tool scans files and produces reports; it includes an allowlist stored in the script (normal). There is no code shown that writes to core agent files or modifies other skills' configurations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-defender - After installation, invoke the skill by name or use
/skill-defender - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: deterministic malicious pattern scanner for OpenClaw skills. Includes single-skill and batch scanning with built-in false-positive allowlist.
Metadata
Frequently Asked Questions
What is Skill Defender?
Scans installed OpenClaw skills for malicious patterns including prompt injection, credential theft, data exfiltration, obfuscated payloads, and backdoors. Use when installing new skills, after skill updates, or for periodic security scans. Runs deterministic pattern matching — fast, offline, no API cost. It is an AI Agent Skill for Claude Code / OpenClaw, with 2099 downloads so far.
How do I install Skill Defender?
Run "/install skill-defender" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Defender free?
Yes, Skill Defender is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Defender support?
Skill Defender is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Defender?
It is built and maintained by itsclawdbro (@itsclawdbro); the current version is v1.0.0.
More Skills