← Back to Skills Marketplace
Skill Safety Scanner
by
infectit007
· GitHub ↗
· v1.0.0
· MIT-0
81
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-safety-scanner
Description
Scan your installed ClawHub skills for dangerous code patterns — credential harvesting, shell injection, unauthorized network calls, and known malicious sign...
Usage Guidance
This instruction-only skill is largely consistent with its stated purpose (running the local OpenClaw scanner and formatting results), but check a few things before using it:
- Confirm the CLIs: make sure `openclaw` and `clawhub` are the correct, expected local tools on your system. The SKILL.md mixes both names; verify `clawhub uninstall` will remove skills safely.
- Run the scanner manually first: run `openclaw security audit --deep --json` yourself and inspect the raw JSON before using any automation from this skill.
- Be careful with scheduling and memory: avoid using the example prompt that reports findings 'to memory' unless you know where memory is stored and that it never leaves your machine. Prefer local-only storage (files) for scan reports.
- Review deletion commands before running: the provided `rm -rf` is destructive. Only use auto-remove after manually verifying evidence.
- Understand data access: the skill will read every installed skill's source (including any secrets embedded there). That is necessary for auditing but means scan outputs may contain sensitive values — handle reports accordingly.
If you want higher assurance: run the OpenClaw audit manually, inspect the SKILL.md content yourself (it is provided), and avoid enabling scheduled/automatic reporting to agent memory or remote services.
Capability Analysis
Type: OpenClaw Skill
Name: skill-safety-scanner
Version: 1.0.0
The skill is a security utility designed to audit other installed skills using the native 'openclaw security audit' command. It identifies dangerous patterns like credential harvesting or shell injection and provides a structured report and uninstallation options (SKILL.md). There is no evidence of data exfiltration, obfuscation, or malicious intent; all actions are local and aligned with the stated purpose of enhancing workspace security.
Capability Assessment
Purpose & Capability
The name/description match the actions: it runs a local OpenClaw audit and formats results. However the SKILL.md mixes tooling names (openclaw security audit vs clawhub uninstall) — this may be benign (two CLIs for related functionality) but you should confirm both commands exist on your system and are the correct managers for installed skills.
Instruction Scope
Instructions tell the agent to run `openclaw security audit --deep --json`, parse JSON, read every installed skill under ~/.openclaw/workspace/skills, show evidence, and (optionally) run `clawhub uninstall` + `rm -rf`. Those actions require reading arbitrary skill source files. The doc repeatedly claims 'zero network calls' and 'no data leaves your machine', but the scheduling example stores results 'to memory' (agent memory) — if the platform syncs memory to a cloud service, that could leak scan output. Verify where 'memory' is stored and whether 'openclaw cron add' actually persists prompts externally.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install risk. It executes existing local CLIs; nothing is downloaded or written by default.
Credentials
No environment variables, credentials, or config paths are declared or required. The skill does instruct reading installed-skill files (under ~/.openclaw/workspace/skills), which is proportional to auditing purposes but means the scanner will inspect any secrets present in skill code — expected, but worth knowing.
Persistence & Privilege
The skill itself is not always-enabled. However the SKILL.md encourages creating a cron job via `openclaw cron add` that runs the scan automatically and (in the example) writes results to 'memory'. That creates persistent scheduled runs and stored outputs; if your agent platform persists or syncs memory to external services, scheduled runs and stored scan reports could leak sensitive info. Also automated removal commands (rm -rf) are destructive if misapplied — the skill does say to ask confirmation, but automated workflows increase risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-safety-scanner - After installation, invoke the skill by name or use
/skill-safety-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. Scans installed ClawHub skills for dangerous patterns using OpenClaw built-in scanner. Single SKILL.md file — fully transparent source.
Metadata
Frequently Asked Questions
What is Skill Safety Scanner?
Scan your installed ClawHub skills for dangerous code patterns — credential harvesting, shell injection, unauthorized network calls, and known malicious sign... It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.
How do I install Skill Safety Scanner?
Run "/install skill-safety-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Safety Scanner free?
Yes, Skill Safety Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Safety Scanner support?
Skill Safety Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Safety Scanner?
It is built and maintained by infectit007 (@infectit007); the current version is v1.0.0.
More Skills