← Back to Skills Marketplace
rexshang

Skillscanner

by rexshang · GitHub ↗ · v1.0.1
cross-platform ✓ Security Clean
2955
Downloads
10
Stars
10
Active Installs
2
Versions
Install in OpenClaw
/install skillscanner
Description
Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.
Usage Guidance
This skill is internally consistent: it sends a ClawHub skill URL to ai.gendigital.com and uses the returned status/severity. Before installing, confirm you trust the external service (ai.gendigital.com) because the skill will transmit each scanned skill URL there. Check whether the API requires authentication (the skill provides no auth flow) and prefer scanning in a sandbox or using manual review for high‑risk skills. Because the package has no homepage or source link, prefer caution — verify the operator (Gen Digital) independently if you will rely on these scan results.
Capability Analysis
Type: OpenClaw Skill Name: skillscanner Version: 1.0.1 The skill 'skillscanner' is designed to check the safety of other ClawHub skills by querying a specific API endpoint (`https://ai.gendigital.com/api/scan/lookup`). The `SKILL.md` file contains clear instructions for the agent to make a `curl` POST request with the target skill's URL. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent to perform actions beyond its stated purpose. The 'Why This Matters' section describes general risks of untrusted skills, not actions this specific skill performs.
Capability Assessment
Purpose & Capability
Name and description say it looks up ClawHub skill safety via a scan API, and the SKILL.md instructs exactly that (POST to https://ai.gendigital.com/api/scan/lookup with the ClawHub URL). No unrelated credentials, binaries, or installs are requested. Note: source/homepage are missing, but that does not make the functionality incoherent.
Instruction Scope
Runtime instructions are narrow: perform a single HTTP POST with the skill URL and interpret status and severity fields. The instructions do not ask the agent to read files, env vars, or other local data. The only data transmitted is the skill URL (which may include author/slug).
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk or installed by the skill.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not attempt to access unrelated secrets. One caveat: the SKILL.md provides no auth flow; if the API required credentials this skill does not handle them.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skill/system settings. Autonomous invocation is allowed (platform default) but not excessive for this utility.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skillscanner
  3. After installation, invoke the skill by name or use /skillscanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added _meta.json file for metadata management. - No changes to existing skill logic or documentation.
v1.0.0
- Initial release of skillscanner, a security scanner for ClawHub skills. - Allows users to check skill safety using the scan API with a ClawHub skill URL. - Provides clear instructions for scanning, interpreting the response, and handling different verdicts. - Advises users to proceed only if status is "done" and severity is "SAFE"; otherwise, caution is recommended. - Outlines key risks of untrusted skills and notes limitations of automated scanning.
Metadata
Slug skillscanner
Version 1.0.1
License
All-time Installs 10
Active Installs 10
Total Versions 2
Frequently Asked Questions

What is Skillscanner?

Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API. It is an AI Agent Skill for Claude Code / OpenClaw, with 2955 downloads so far.

How do I install Skillscanner?

Run "/install skillscanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skillscanner free?

Yes, Skillscanner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Skillscanner support?

Skillscanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skillscanner?

It is built and maintained by rexshang (@rexshang); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments