← Back to Skills Marketplace
goog

361SCAN security check your skill python scripts

by Jay · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
86
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install 361
Description
Scan and analyze installed skills. Use when user wants to (1) scan a specific skill directory to view its name, description, and details, or (2) scan all ins...
README (SKILL.md)

361scan - Skill Scanner

Scan and analyze installed skills in the OpenClaw workspace's skills directory.

Setup

pip install skill-361

Usage

Scan a specific skill

361 scan \x3Cskill-path>

Example: 361 scan ~/.openclaw/skills/my-skill

Scan all installed skills

361 scan-all \x3Cskills-directory>

Example: 361 scan-all ~/.openclaw/skills

How It Works

  1. Validate the target path - Check if the directory exists
  2. Find all SKILL.md files - Recursively search for SKILL.md in subdirectories
  3. Parse skill metadata - Extract name and description from YAML frontmatter
  4. Display results - Show skill name, path, and description in a readable format

Output Format

For each skill found:

  • Name: Extracted from frontmatter name field
  • Path: Relative or absolute path to the skill
  • Description: Extracted from frontmatter description field

Examples

Scan specific skill:

361 scan ~/.openclaw/workspace/skills/clawbackup

Output:

Skill:  clawbackup
  Status: 🟢 SAFE
  Score:  87/100
  Issues: 4
  Breakdown: ☠️ 0  🚨 0  ⚠️ 1  ℹ️ 1

Scan all skills:

361 scan-all ~/.openclaw/workspace/skills

Implementation Notes

  • Skills are directories containing a SKILL.md file
  • YAML frontmatter must have name and description fields
  • Recursive search allows scanning nested skill directories
  • Handle missing or malformed SKILL.md files gracefully
Usage Guidance
This skill's behavior (reading SKILL.md files and extracting YAML frontmatter) is coherent with its description, but the SKILL.md tells you to run `pip install skill-361` even though the package is not declared in the registry metadata. Before installing or running it: (1) verify the pip package's source and maintainer on PyPI (or inspect the package contents) — don't install unknown packages into your main environment, (2) run the package in an isolated environment (virtualenv, container) if you must install it, (3) avoid scanning sensitive directories — the CLI accepts arbitrary paths and will read files it is pointed at, and (4) prefer tools with an explicit install spec or source repository you can audit. If you can, request the upstream package repository or source files for review; that would change this assessment to benign if the install is from a trusted, auditable source.
Capability Analysis
Type: OpenClaw Skill Name: 361 Version: 1.0.0 The bundle contains metadata and documentation for a skill-scanning utility called '361scan'. The SKILL.md file describes a tool designed to list and analyze installed skills by parsing YAML frontmatter from SKILL.md files within a workspace. No malicious code, data exfiltration logic, or harmful prompt-injection instructions are present in the provided files.
Capability Assessment
Purpose & Capability
Name and description match the instructions: the skill is an instruction-only scanner that searches for SKILL.md files and extracts frontmatter. The required resources declared in the registry are minimal and consistent with this purpose.
Instruction Scope
Runtime instructions are limited to validating paths, recursively finding SKILL.md files, parsing YAML frontmatter, and displaying results — all consistent with a local skills scanner. However, the CLI usage allows scanning any filesystem path the user supplies, so misuse could expose arbitrary local files if pointed outside the skills directory. The SKILL.md does not specify safeguards, nor does it outline what metadata is collected beyond name/description.
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md tells users to run `pip install skill-361`. That requires downloading and executing code from PyPI (or another pip index) outside of the registry's control. Because the package name is not declared in metadata and the source/maintainer is unknown, this is a risk: the installer could contain arbitrary code, which is higher risk than a pure instruction-only skill.
Credentials
No environment variables, credentials, or config paths are requested. The scanner only needs filesystem read access to the target directories. That access level is proportionate to the stated purpose, though the tool's ability to scan arbitrary paths should be considered when granting it filesystem access.
Persistence & Privilege
The skill does not request always: true, does not declare autonomous-only behavior, and does not request persistent privileges or modify other skills. No elevated persistence or cross-skill configuration changes are indicated.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install 361
  3. After installation, invoke the skill by name or use /361
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the 361scan skill. - Scan a specific skill directory to display its name, description, and details. - Scan all installed skills in a directory, listing each skill's name and description. - Recursively searches for SKILL.md files and extracts metadata from YAML frontmatter. - Handles missing or malformed SKILL.md files gracefully. - Output includes name, path, and description for each skill found.
Metadata
Slug 361
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 361SCAN security check your skill python scripts?

Scan and analyze installed skills. Use when user wants to (1) scan a specific skill directory to view its name, description, and details, or (2) scan all ins... It is an AI Agent Skill for Claude Code / OpenClaw, with 86 downloads so far.

How do I install 361SCAN security check your skill python scripts?

Run "/install 361" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 361SCAN security check your skill python scripts free?

Yes, 361SCAN security check your skill python scripts is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 361SCAN security check your skill python scripts support?

361SCAN security check your skill python scripts is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 361SCAN security check your skill python scripts?

It is built and maintained by Jay (@goog); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments