← Back to Skills Marketplace
933
Downloads
0
Stars
2
Active Installs
5
Versions
Install in OpenClaw
/install arc-skill-scanner
Description
Scan OpenClaw skills for security vulnerabilities before installing them. Use when evaluating a new skill from ClawHub or any third-party source. Detects cre...
README (SKILL.md)
Skill Scanner
Scan OpenClaw skills for security issues before you install them. 341 malicious skills were found on ClawHub — don't be the next victim.
Why This Exists
The ClawHub marketplace had 22-26% of skills flagged as containing vulnerabilities. Common attacks include:
- Credential stealers disguised as benign plugins
- Typosquatting (fake names similar to popular skills)
- Data exfiltration via hidden HTTP requests
- Obfuscated code hiding malicious payloads
- Prompt injection via SKILL.md content
Commands
Scan a local skill directory
python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/
Scan a SKILL.md file directly
python3 {baseDir}/scripts/scanner.py scan --file ./SKILL.md
Scan with verbose output
python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/ --verbose
Scan all installed skills
python3 {baseDir}/scripts/scanner.py scan-all
Scan with binary checksum verification
python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/ --checksum checksums.json
Generate checksums for binary assets
python3 {baseDir}/scripts/scanner.py checksum --path ~/.openclaw/skills/some-skill/ -o checksums.json
Verify checksums against a manifest
python3 {baseDir}/scripts/scanner.py checksum --path ~/.openclaw/skills/some-skill/ --verify checksums.json
Output as JSON
python3 {baseDir}/scripts/scanner.py scan --path ./skill-dir/ --json
What It Checks
SKILL.md Analysis
- Suspicious URLs (non-HTTPS, IP addresses, URL shorteners)
- Prompt injection patterns (hidden instructions, override attempts)
- Requests for credentials, API keys, or tokens
- Obfuscated or encoded content (base64, hex, unicode escapes)
Script Analysis
- Network calls (curl, wget, requests, urllib, fetch)
- File system writes outside expected paths
- Environment variable access (credential harvesting)
- Shell command execution (os.system, subprocess, exec)
- Obfuscated strings (base64 decode, eval, exec)
- Data exfiltration patterns (POSTing to external URLs)
- Cryptocurrency wallet patterns
- Known malicious domains
- Dynamic instruction fetching (remote .md/.yaml/.json downloads)
- Fetch-and-execute patterns (remote code execution)
- Telemetry leaks (printenv, logging env vars/configs/secrets to stdout)
- Binary/asset risks (prebuilt executables, compiled code, library injection)
- Shell=True in subprocess calls (RCE risk)
- Path traversal patterns (directory escape via ../ sequences)
Name Analysis
- Typosquatting detection (compares against known popular skills)
- Edit distance calculation to catch misspellings and character swaps
Binary/Asset Checksum Verification
- SHA-256 checksums for all binary files (.exe, .dll, .so, .wasm, .pyc, etc.)
- Generate checksum manifests for trusted skill versions
- Verify binaries against expected checksums on update
- Flags unverified binaries and checksum mismatches (tampering detection)
Metadata Analysis
- Excessive permission requirements
- Suspicious install scripts
- Env requirements that seem unnecessary
Risk Levels
- CRITICAL — Almost certainly malicious. Do NOT install.
- HIGH — Likely malicious or extremely risky. Manual review required.
- MEDIUM — Suspicious patterns found. Review before installing.
- LOW — Minor concerns. Probably safe but worth checking.
- CLEAN — No issues detected. Safe to install.
Tips
- Always scan before installing ANY third-party skill
- Even "CLEAN" results aren't a guarantee — this catches known patterns
- If a skill needs network access, verify the domains it contacts
- Cross-reference skill names with known typosquats
- When in doubt, read the source code yourself
Usage Guidance
This skill appears coherent and appropriate for scanning OpenClaw skills. Before running it: 1) only point the scanner at directories you control or intend to audit (it will read files under the given path), 2) treat results as heuristics—false positives and false negatives are possible (obfuscated or polymorphic malware can evade detection), 3) do not blindly execute any binaries the scanner flags; instead inspect or run them in a sandbox, and 4) if you rely on checksum verification, store and manage checksum manifests from trusted sources.
Capability Analysis
Type: OpenClaw Skill
Name: arc-skill-scanner
Version: 1.4.0
This skill bundle is a security scanner designed to detect vulnerabilities and malicious patterns in other OpenClaw skills. The `SKILL.md` clearly outlines its purpose and the types of threats it identifies (e.g., credential stealers, data exfiltration, prompt injection). The `scripts/scanner.py` code implements these detection mechanisms, defining extensive patterns for malicious activities but using them solely for analysis, not for self-exploitation. The scanner also incorporates defensive measures, such as preventing path traversal and symlink following, to protect itself from potentially malicious skills it scans. There is no evidence of intentional harmful behavior, data exfiltration, or unauthorized actions within this skill itself.
Capability Assessment
Purpose & Capability
Name/description, included scanner.py, and the runtime instructions all align: the tool is a local static/heuristic scanner for skill packages and does not request unrelated resources or credentials.
Instruction Scope
SKILL.md tells the agent/user to run the scanner against skill directories or SKILL.md files. The scanner will open and analyze any path the user supplies (including arbitrary filesystem paths if given), which is expected for a scanner but means you should only point it at skill directories you intend to analyze.
Install Mechanism
No install spec; it's instruction-only with a bundled Python script. Requiring python3 is proportional for a Python scanner and there are no external download/install steps.
Credentials
No environment variables, credentials, or config paths are requested. The scanner only contains detection patterns for common secrets and does not itself require those secrets.
Persistence & Privilege
always is false and there is no indication the skill attempts to persist, enable itself system-wide, or modify other skills. It runs on demand.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install arc-skill-scanner - After installation, invoke the skill by name or use
/arc-skill-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.0
- No user-facing changes.
- Internal update: modified scripts/scanner.py.
v1.3.0
- Adds binary/asset checksum verification with SHA-256 to detect tampering or untrusted changes.
- New commands for generating and verifying checksum manifests for binaries and assets.
- Flags unverified binaries and checksum mismatches during scans.
- Documentation updated with new checksum-related options and usage examples.
v1.2.0
- Added detection for use of shell=True in subprocess calls (identifies remote code execution risks).
- Added checks for path traversal patterns (e.g., directory escapes using ../).
- Updated documentation in SKILL.md to reflect new security checks.
v1.1.0
arc-skill-scanner 1.1.0
- Added detection of telemetry leaks (such as logging environment variables or secrets to stdout).
- Added new checks for binary/asset risks (including prebuilt executables, compiled code, and library injection).
v1.0.0
- Initial release of skill-scanner.
- Scan OpenClaw skills for security vulnerabilities before installing.
- Detects threats like credential stealers, data exfiltration, malicious URLs, obfuscated code, and supply chain attacks.
- Supports scanning local directories, individual SKILL.md files, or all installed skills with optional JSON and verbose output.
- Analyzes skill scripts, metadata, and names for suspicious patterns and typosquatting.
- Assigns risk levels (CRITICAL, HIGH, MEDIUM, LOW, CLEAN) based on findings to guide safe installation decisions.
Metadata
Frequently Asked Questions
What is Skill Scanner?
Scan OpenClaw skills for security vulnerabilities before installing them. Use when evaluating a new skill from ClawHub or any third-party source. Detects cre... It is an AI Agent Skill for Claude Code / OpenClaw, with 933 downloads so far.
How do I install Skill Scanner?
Run "/install arc-skill-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Scanner free?
Yes, Skill Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Scanner support?
Skill Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Skill Scanner?
It is built and maintained by ArcSelf (@trypto1019); the current version is v1.4.0.
More Skills