← Back to Skills Marketplace
Skill Scan
by
dgriffin831
· GitHub ↗
· v1.0.0
2192
Downloads
3
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install skill-scan
Description
Security scanner for OpenClaw skill packages. Scans skills for malicious code, evasion techniques, prompt injection, and misaligned behavior BEFORE installation. Use to audit any skill from ClawHub or local directories.
Usage Guidance
This package appears to be a legitimate, featureful skill-scanner, but there are some red flags you should act on before installing or enabling automatic behavior:
1) Inspect the SKILL.md and AGENTS.md templates for hidden or coercive instructions (look for 'ignore previous instructions' language and any invisible/unicode-control characters). If present, remove or sanitize those lines.
2) Review the included source files (skill_scan/ and test-fixtures/) locally or in a sandbox before running the CLI, especially if you will grant it permission to edit AGENTS.md or run LLM-enabled analysis. The code bundle contains both safe test fixtures and explicit malicious examples used for evaluation — confirming behaviour matters.
3) Be cautious about granting LLM API keys (OPENAI_API_KEY/ANTHROPIC_API_KEY) to the environment unless you trust the skill; LLM layers run arbitrary prompt content against those providers.
4) Prefer manual (on-demand) scanning over automatic installation hooks. If you choose automatic integration, require an explicit review step and backup the current AGENTS.md before allowing modifications.
5) If you accept the skill, run it initially with static analysis only (no --llm) and examine JSON output (--json) to verify the scanner's behavior; only enable alerting channels after testing.
If you want, I can: (a) show the exact AGENTS.md templates included so you can inspect them, (b) list files in skill_scan/ that perform code execution or network calls, or (c) produce a sanitized AGENTS.md patch you can apply manually instead of allowing the skill to change it automatically.
Capability Analysis
Type: OpenClaw Skill
Name: skill-scan
Version: 1.0.0
The OpenClaw AgentSkills skill bundle 'skill-scan' is a security scanner designed to detect malicious code, evasion techniques, and prompt injection in *other* skill packages. Its code (`scanner.py`, `ast_analyzer.py`, `prompt_analyzer.py`, `llm_analyzer.py`, `rules/dangerous-patterns.json`) implements various detection mechanisms, which inherently involve looking for high-risk patterns. The `SKILL.md` provides instructions for the agent to integrate this scanner into its workflow to *enhance* security, not compromise it. Files containing actual malicious code (e.g., reverse shells, credential exfiltration) are clearly labeled as `test-fixtures` and are used solely for evaluating the scanner's effectiveness, not as part of its operational logic. All observed behaviors are aligned with its stated purpose as a security tool.
Capability Assessment
Purpose & Capability
The name/description match the included functionality: a multi-layer scanner with optional LLM analysis and ClawHub integration. Requested environment variables (OPENAI_API_KEY, ANTHROPIC_API_KEY, PROMPTINTEL_API_KEY, alert channel vars) are consistent with LLM scanning and alerting. One mismatch: the registry metadata says 'instruction-only / no install spec' but the package contains a full Python project (CLI, analyzers, tests, 100+ files). That isn't necessarily malicious, but it's an inconsistency you should be aware of (code will be present in the skill directory even though no platform-level installer is declared).
Instruction Scope
The SKILL.md contains explicit runtime instructions for the agent (scan-before-install workflow) and templates to insert into AGENTS.md. Option A uses strong language ('non-negotiable — never skip the scan') and recommends automatic pre-install scanning/blocking behavior. While this is plausible for a security tool, it also instructs the agent to alter its install workflow and to block installs automatically — a higher-scope action than simply providing a scanner. Additionally, automated alerting and LLM-provider auto-detection are described; the SKILL.md also includes content that triggered prompt-injection detections (see scan_findings_in_context).
Install Mechanism
No external install spec or remote download is declared (low install-mechanism risk). However, the repository includes a full Python CLI and many code files that would be written into the workspace when the skill is installed. There are no suspicious remote URLs or archive installs in the metadata, but because code is present, review the included source before running any CLI or LLM-enabled features.
Credentials
Environment variables mentioned are appropriate for the stated features: LLM provider keys for optional deep analysis (OPENAI_API_KEY, ANTHROPIC_API_KEY), a PROMPTINTEL key for an optional integration, and alert-channel variables for sending notifications. No unrelated or excessive credentials are demanded in SKILL.md or project metadata.
Persistence & Privilege
The skill suggests automatically modifying your AGENTS.md (agent instruction file) during installation to enforce pre-install scanning. That amounts to persistent changes to the agent's behavior/configuration and is outside a simple on-demand scanner's minimal scope. The skill does not set always:true, but it does recommend automatic, non-optional integration which increases its effective privilege. If you allow the skill to edit agent instructions, you should review/approve the exact changes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-scan - After installation, invoke the skill by name or use
/skill-scan - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skill-scan – a multi-layered security scanner for OpenClaw skills.
- Scans skills (local or from ClawHub) for malicious code, evasion, prompt injection, and misaligned behavior before installation.
- Features 6 analysis layers, 60+ detection rules, and context-aware scoring to reduce false positives.
- Supports static and optional LLM-powered deep inspection.
- Provides detailed risk scores with actionable exit codes for automation.
- Integrates with agent workflows via AGENTS.md templates (automatic or manual scanning).
- Flexible output (text, JSON, compact, quiet) and supports batch audits.
Metadata
Frequently Asked Questions
What is Skill Scan?
Security scanner for OpenClaw skill packages. Scans skills for malicious code, evasion techniques, prompt injection, and misaligned behavior BEFORE installation. Use to audit any skill from ClawHub or local directories. It is an AI Agent Skill for Claude Code / OpenClaw, with 2192 downloads so far.
How do I install Skill Scan?
Run "/install skill-scan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Scan free?
Yes, Skill Scan is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Scan support?
Skill Scan is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Scan?
It is built and maintained by dgriffin831 (@dgriffin831); the current version is v1.0.0.
More Skills