← Back to Skills Marketplace
113
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install skillscan-wrapper
Description
Security audit tool for AI agent skills. Scans skill packages for malware, credential theft, and suspicious patterns before installation. Defensive security...
Usage Guidance
This skill purports to be a defensive scanner but asks you to fetch and run a prebuilt binary from external URLs whose checksums are published only inside the same SKILL.md (and the referenced download version differs from the registry version). Before using/instantiating this skill: 1) Prefer obtaining the binary from a verified, authoritative release page (or build from source yourself) and independently verify checksums from the project repository; 2) Do not provide an --upload-url to unknown endpoints (that option could send scanned contents elsewhere); 3) Ask the publisher for a signed release or reproducible build instructions (the doc claims source is on Gitee—verify the repo and tags); 4) If you cannot independently verify the binary or source, treat this skill as untrusted and avoid running the downloaded executable. I have medium confidence in this assessment because there are clear inconsistencies (version mismatch, external binary) but no direct evidence of malicious intent in the instruction text.
Capability Analysis
Type: OpenClaw Skill
Name: skillscan-wrapper
Version: 0.4.1
The skill acts as a wrapper for an external binary (skillscan-wrapper) hosted on Gitee, which is a high-risk pattern for AI agents. While it presents as a defensive security tool and provides SHA-256 checksums for integrity, it includes functionality for data exfiltration via an optional `--upload-url` and requires the execution of opaque binaries. The reliance on external artifacts from gitee.com/random_player/cmic-skill-scanner without local source code for the binary itself warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The declared purpose (security scanner for skills) matches the instructions: the SKILL.md describes a native Rust binary that scans skill directories. However, the package includes no binary or install spec and instead instructs the user to download a prebuilt binary from external URLs — this is a plausible design for a scanner but elevates risk compared with an included or buildable artifact.
Instruction Scope
Instructions claim the tool will only read explicit skill directories and only upload when the user supplies --upload-url, which is reasonable. But the doc also provides download URLs and SHA256 sums inside the same document (weakens independent verification), references an external engine/enterprise upload feature (potential exfil path if misused), and contains a notable inconsistency: registry version 0.4.1 vs download links for v0.4.0. These points widen the scope for accidental or malicious misuse.
Install Mechanism
There is no install spec in the registry; the SKILL.md instructs downloading ZIPs from Gitee and running a compiled binary. Downloading and executing prebuilt binaries from an external host is higher-risk than instruction-only behavior or reproducible builds. While Gitee is a known host (not a URL shortener or IP), providing checksums in the same document and mismatched version numbers weakens integrity guarantees.
Credentials
No environment variables, credentials, or config paths are requested. The declared file/network access (reading only user-specified skill directories, optional upload-url) aligns with the scanner's purpose. Still, an upload option can exfiltrate scanned contents if an attacker-controlled URL is provided — the doc states this is user-controlled.
Persistence & Privilege
The skill does not request always:true, does not include installers that write persistent agent config, and is instruction-only. Autonomous invocation is allowed by default (not a fault by itself) and is not combined with broad credentials or always:true here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skillscan-wrapper - After installation, invoke the skill by name or use
/skillscan-wrapper - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.1
Updated description with security guarantees, permissions disclosure, and checksums
v0.4.0
- Added comprehensive documentation on skillscan-wrapper features, usage examples, and installation steps.
- Described built-in Rust engine for native, dependency-free scanning, with optional external engine support.
- Listed download links and SHA256 checksums for multiple platforms.
- Included example commands for single skill, batch, and enterprise integration scenarios.
- Detailed supported detection rules and scanning capabilities.
- Clarified open license terms.
Metadata
Frequently Asked Questions
What is Publish Skill?
Security audit tool for AI agent skills. Scans skill packages for malware, credential theft, and suspicious patterns before installation. Defensive security... It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.
How do I install Publish Skill?
Run "/install skillscan-wrapper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Publish Skill free?
Yes, Publish Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Publish Skill support?
Publish Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Publish Skill?
It is built and maintained by cyzlmh (@cyzlmh); the current version is v0.4.1.
More Skills