← Back to Skills Marketplace

Skill Security Scanner

Name: Skill Security Scanner
Author: torchesfrms

by moer · GitHub ↗ · v4.4.1 · MIT-0

cross-platform ⚠ suspicious

320

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-sec-scan

Description

自动检测并评分 ClawHub、GitHub 和本地 Skill 中 JS、TS、Python、Shell 文件的安全风险，识别数据泄露、注入、混淆和木马等威胁。

Usage Guidance

What to consider before installing or running this skill: - Purpose vs implementation: The skill's description and SKILL.md claim multi-language scanning and remote-URL support, but the Node scanner only walks .js files; confirm which script is actually used in your environment (the shell scripts appear to implement more checks). If you rely on .py or .sh scanning, verify the scanner actually inspects those files. - Remote targets: SKILL.md shows commands that accept GitHub/ClawHub URLs. Before passing a URL, inspect scan.sh to confirm it clones/downloads repositories in a safe, read-only way (and does not run any install scripts from the target). If unsure, clone the target manually into a sandbox and run the scanner against the local copy. - Execution risk: Running index.js will invoke the included shell scanner via execSync; running the bundled scripts will execute grep/sed/other command-line utilities and read many files. That is expected, but avoid running the scanner as root and run it in an isolated/sandboxed environment when scanning untrusted repos. - False positives and coverage: The scanner is rule-based with many aggressive regexes; expect false positives. The SKILL.md enforces a two-step flow (static report then optional LLM analysis) which helps avoid blind automated decisions — keep that workflow. - Verify truncations: Parts of scripts were truncated in the provided content. Review the full scripts/scan.sh and scan-all.sh to ensure there are no hidden fetch-or-execute steps (e.g., automatic 'curl | bash', running postinstall hooks, or executing target code). If you cannot inspect the full code, treat the skill as untrusted and run only in a sandbox. If you want, I can: (1) point out exact lines to inspect in scripts/scan.sh for remote-fetch behavior, (2) summarize where the node scanner and shell scanner differ, or (3) recommend a safe command sequence to run this scanner against a cloned repository in a disposable environment.

Capability Analysis

Type: OpenClaw Skill Name: skill-sec-scan Version: 4.4.1 The bundle is a security scanner tool designed to audit other OpenClaw skills for malicious patterns. It uses a combination of static analysis (via shell scripts and Node.js) and guided LLM semantic analysis to identify risks such as data exfiltration, command injection, and backdoors. The core logic in `scripts/scan.sh` and `node/scanner.js` uses regular expressions to flag dangerous code patterns (e.g., private keys, `eval`, `rm -rf`) and generates a detailed security report. While the tool performs high-risk operations like downloading remote content and executing shell commands, these actions are strictly aligned with its stated purpose as a security utility and are transparently documented in `SKILL.md` and `SKILL_EN.md`.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md and scripts claim multi-language support (.js, .ts, .py, .sh) and remote ClawHub/GitHub scanning. The shipped Bash scripts implement many language checks, but the Node SecurityDetector (node/scanner.js) only recursively scans .js files. index.js simply invokes scripts/scan.sh via execSync. This mismatch (Node code scanning only .js while other scripts claim broader coverage) and the advertised ability to scan remote URLs are not fully substantiated in the visible code.

ℹ Instruction Scope

The SKILL.md explicitly instructs the agent to run scripts/scan.sh and to not proceed to LLM analysis without user confirmation; that flow is clear and reduces some risk. The instructions ask the agent to scan local skill directories (e.g., ~/.openclaw/workspace/skills) and to optionally perform semantic LLM analysis using prompts derived from the scan output. The agent will read many files under the target path (expected), but the README claims remote scanning of URLs — the provided scripts as shown do not clearly include safe, explicit remote-fetch handling (clone/download) in the visible portions, so behavior on URL inputs is ambiguous.

✓ Install Mechanism

There is no install spec (instruction-only from the registry standpoint). The package includes shell scripts and Node code; nothing in the manifest downloads external code during install. Running the provided scripts will write nothing to system paths beyond typical transient console output. Risk comes from executing the included scripts (they run locally) rather than an external installer URL.

✓ Credentials

The skill declares no required env vars or credentials. The scanner contains detection rules that look for patterns like process.env.AWS_/AZURE_ etc. — this is expected for a scanner (it flags code that references credentials) and does not itself require those secrets.

✓ Persistence & Privilege

always:false and no special persistence or system-wide modifications are requested. The skill reads files in skill directories (its stated purpose) and does not request to modify other skills or global agent configuration.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-sec-scan
After installation, invoke the skill by name or use /skill-sec-scan
Provide required inputs per the skill's parameter spec and get structured output

Version History

v4.4.1

v4.4.1: 重构 LLM prompt - 六维评估框架（数据透明/权限边界/行为透明/供应链风险/用户控制/成本告知）+ 越界行为列 + 额外判断标准

v4.4.0

v4.4: 逐文件分析改为表格格式，新增越界行为列（⚠️ 维度X+Y / 无明显越界行为），与六维评估一一对应

v4.3.0

v4.3: 重构 LLM 语义分析 prompt - 引入安全评估六维框架（数据透明/权限边界/行为透明/供应链风险/用户控制/成本告知）+ 六维额外判断标准；修复文件内容重复输出 bug

v4.2.0

v4.2: 规范 Agent 操作流程（先报告→询问→确认后语义分析）；新增双层检测机制文档；修复下载逻辑（HTTP验证+git clone降级）；精简 LLM 提示；交互式用户体验 v4.1: 新增 LLM 语义分析提示生成（解决静态扫描误报） v4.0: 威胁分类、完整报告规范、JSONL 输出

v1.0.0

Initial release of skill-sec-scan – a comprehensive security scanner for ClawHub, GitHub, and local skills. - Supports JavaScript, TypeScript, Python, and Shell file scanning. - Detects 4 major threat categories: Data Exfiltration, Injection Attacks, Code Obfuscation, and Trojans. - Includes 57 specialized detection rules covering 60+ risk patterns. - Provides automated security scoring, full threat report, and customizable whitelist. - Offers command-line usage for both remote and local scanning, with batch scan and multiple report formats (Markdown, JSON, JSONL). - Outputs standardized, detailed security reports with clear recommendations.

Metadata

Slug skill-sec-scan

Version 4.4.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is Skill Security Scanner?

自动检测并评分 ClawHub、GitHub 和本地 Skill 中 JS、TS、Python、Shell 文件的安全风险，识别数据泄露、注入、混淆和木马等威胁。 It is an AI Agent Skill for Claude Code / OpenClaw, with 320 downloads so far.

How do I install Skill Security Scanner?

Run "/install skill-sec-scan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Security Scanner free?

Yes, Skill Security Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Security Scanner support?

Skill Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Security Scanner?

It is built and maintained by moer (@torchesfrms); the current version is v4.4.1.

More Skills