← Back to Skills Marketplace
billyhetech

skill-scanner

by billyhetech · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
106
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-scanner-v1
Description
Security-first skill vetting for AI agents on OpenClaw and Claude Code. Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and Cl...
Usage Guidance
This skill is internally consistent and reasonable for scanning SKILL.md files. Before using it: 1) Only allow network fetching when you trust the remote host — fetching an arbitrary URL could expose the skill to network-based hazards; prefer pasting content if you don't want the agent to fetch. 2) Be aware the scanner will read local SKILL.md files if you supply a path (e.g., ~/.openclaw/skills/...), so avoid passing files that contain secrets. 3) Treat the scanner's output as advisory — it can miss novel obfuscation techniques; for high assurance, run additional, isolated checks or inspect flagged lines manually. 4) If you plan to let the agent run scans automatically on install, consider restricting auto-fetching and reviewing any flagged evidence before installing a skill.
Capability Analysis
Type: OpenClaw Skill Name: skill-scanner-v1 Version: 1.0.0 The skill is a security auditing utility designed to help AI agents vet other OpenClaw skills for malicious patterns, permission abuse, and prompt injection. The instructions in SKILL.md provide a structured framework for static analysis and reporting without requesting any sensitive permissions or executing suspicious code itself.
Capability Assessment
Purpose & Capability
Name and description match the instructions: the SKILL.md describes fetching/parsing SKILL.md content from URLs, GitHub raw, or local paths and running static checks. No unrelated binaries, environment variables, or config paths are requested in the registry metadata.
Instruction Scope
Runtime instructions are limited to fetching/parsing SKILL.md content, running pattern checks, and returning evidence-backed flags. It explicitly accepts pasted content, local skill paths (~/.openclaw/skills/[name]/SKILL.md), and URLs. This file access and optional network fetch are coherent with the stated scanning purpose. The 'proactively offer to scan' guidance is broad but not dangerous by itself.
Install Mechanism
No install spec and no code files are present — this is instruction-only. That minimizes risk because nothing is written to disk or executed beyond the platform's normal agent behavior.
Credentials
The skill declares no required env vars, no primary credential, and no special config paths. The instructions reference local skill paths and remote URLs only — appropriate for a scanner and proportional to its function.
Persistence & Privilege
Flags: always=false and default model invocation allowed. There is no request for permanent presence, no modification of other skills' configs, and no privilege escalation behavior in the SKILL.md. Autonomous invocation is platform-default and not, by itself, a concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-scanner-v1
  3. After installation, invoke the skill by name or use /skill-scanner-v1
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skill-scanner: fast, security-first AI skill vetting tool. - Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and ClawHavoc attack vectors. - Assigns a clear Safe / Caution / Danger verdict based on five detailed static checks. - Accepts ClawHub/GitHub URLs, local paths, or pasted content for analysis. - Cites specific concerns with exact fields/lines and suggests fix recommendations. - Proactively offers to scan any skill the user mentions installing.
Metadata
Slug skill-scanner-v1
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is skill-scanner?

Security-first skill vetting for AI agents on OpenClaw and Claude Code. Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and Cl... It is an AI Agent Skill for Claude Code / OpenClaw, with 106 downloads so far.

How do I install skill-scanner?

Run "/install skill-scanner-v1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is skill-scanner free?

Yes, skill-scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does skill-scanner support?

skill-scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created skill-scanner?

It is built and maintained by billyhetech (@billyhetech); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments