← Back to Skills Marketplace
Skill Safety Checker
by
austindixson
· GitHub ↗
· v1.0.0
621
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-safety-checker
Description
Runs VirusTotal-style security checks on OpenClaw/Cursor skills before install, including remote code execution (RCE) and malicious code (obfuscation, exfilt...
Usage Guidance
This skill is internally coherent and appropriate for auditing other skills: it needs read access to skill folders and registry metadata to do its job, but it does not request credentials or install code. Before enabling automatic 'run-on-install' behavior, confirm you are comfortable granting the agent read access to your skills directories (e.g. ~/.openclaw/skills, ~/.cursor/skills). Treat the checker as a helpful filter, not a perfect oracle — for high-risk or complex skills manually inspect scripts and releases, verify upstream sources, and run untrusted installs in a sandbox. If you want extra caution, restrict the agent from automatically running the checker without your confirmation, or require the checker to run in a read-only/sandboxed environment.
Capability Analysis
Type: OpenClaw Skill
Name: skill-safety-checker
Version: 1.0.0
This skill bundle is a security analysis tool designed to detect vulnerabilities and malicious code in *other* OpenClaw skills. The `SKILL.md` and `reference.md` files meticulously describe various risky patterns (RCE, data exfiltration, backdoors, obfuscation, sensitive reads) but only in the context of *identifying* and *reporting* them. The instructions for the OpenClaw agent are to perform security checks and to *prevent* the installation of skills exhibiting these patterns, not to execute them itself. There is no evidence of prompt injection, malicious execution, or any harmful intent within the analyzed files; instead, the skill actively promotes secure practices.
Capability Assessment
Purpose & Capability
Name/description match the SKILL.md and reference.md: the skill inspects a target skill's SKILL.md, registry metadata, install spec, and files in the target skill directory to look for RCE/malicious patterns and registry inconsistencies. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
Runtime instructions describe reading a target skill's metadata, SKILL.md, and any scripts in the skill folder to detect unsafe patterns. That scope is appropriate for a security checker. The instructions explicitly avoid recommending reading unrelated secrets (e.g. ~/.ssh, ~/.aws) and call those out as malicious patterns to flag.
Install Mechanism
No install specification and no code files (instruction-only). This minimizes on-disk persistence and risk from third-party installs; expected and proportional for this kind of audit skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its checks examine skill metadata and files only, which is proportionate to the stated purpose.
Persistence & Privilege
Skill is user-invocable and allows model invocation (platform default). SKILL.md recommends an agent rule to run the checker automatically 'whenever the user installs or adds a skill' — the skill itself does not set always:true, but if an agent is configured to run it automatically during install flows, it will be invoked frequently and will need read access to skill directories. This is expected for its purpose but operators should ensure the agent's automatic invocation policy and filesystem permissions are appropriate.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-safety-checker - After installation, invoke the skill by name or use
/skill-safety-checker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the skill-security-check tool for OpenClaw/Cursor skills.
- Provides structured, VirusTotal-style security checks for skills before install, focusing on remote code execution (RCE) and malicious code detection.
- Compares registry metadata with SKILL.md for consistency in purpose, required binaries, install steps, and credential declarations.
- Flags suspicious patterns such as obfuscated code, install instructions from untrusted sources, and unexpected credential or privilege requirements.
- Ensures all skills in the user’s directory can be batch-checked and classified as Benign or Suspicious, supporting user security decisions.
- Designed to help both skill authors and users objectively assess and improve skill safety before installation or credential sharing.
Metadata
Frequently Asked Questions
What is Skill Safety Checker?
Runs VirusTotal-style security checks on OpenClaw/Cursor skills before install, including remote code execution (RCE) and malicious code (obfuscation, exfilt... It is an AI Agent Skill for Claude Code / OpenClaw, with 621 downloads so far.
How do I install Skill Safety Checker?
Run "/install skill-safety-checker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Safety Checker free?
Yes, Skill Safety Checker is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Safety Checker support?
Skill Safety Checker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Safety Checker?
It is built and maintained by austindixson (@austindixson); the current version is v1.0.0.
More Skills