← Back to Skills Marketplace
ntaffffff

Skill Security Scanner by dxx

by ntaffffff · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
130
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-security-scan-dxx
Description
Scan installed OpenClaw skills for potential security risks. Use when you want to check if skills contain dangerous commands, access sensitive paths, or have...
Usage Guidance
This script appears to be a straightforward local scanner. Before running it, inspect the skill_scan.py yourself (you already have the source) and confirm it contains no network calls or code-execution paths (it does not). Run it in a safe/test environment if any skills contain sensitive secrets, since the scanner will read files under ~/.openclaw/workspace/skills. If you use it regularly, consider improving false-positive handling and binary detection, and avoid trusting scanner output as a replacement for manual review of flagged files.
Capability Analysis
Type: OpenClaw Skill Name: skill-security-scan-dxx Version: 1.0.0 The skill is a security utility designed to perform static analysis on other installed OpenClaw skills to identify potentially dangerous commands, sensitive path access, and insecure network requests. The Python script `skill_scan.py` implements a straightforward regex-based scanner that checks for patterns like 'rm -rf', fork bombs, and access to directories like ~/.ssh/ or ~/.aws/. The code uses only standard libraries, does not exfiltrate data, and its behavior is entirely consistent with the documentation provided in SKILL.md.
Capability Assessment
Purpose & Capability
Name/description match behavior: the code scans ~/.openclaw/workspace/skills for dangerous commands, sensitive paths, and network-call patterns. The requested resources (none) align with a local scanner.
Instruction Scope
SKILL.md instructs running the included Python script from the skills directory which is consistent with its purpose. The scanner reads all non-ignored files under the skills tree (may read files that contain secrets), and it ignores some document filetypes; these are implementation choices (may cause false negatives/positives) but not scope creep.
Install Mechanism
No install spec; the skill is instruction+script only. Nothing is downloaded or written to disk by an installer step beyond the existing skill files.
Credentials
No environment variables, credentials, or config paths are requested. The scanner only looks for sensitive path strings in other skills' files; it does not attempt to read external secrets or ask for unrelated credentials.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not modify other skills or global agent settings; it simply reads files under the skills directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-security-scan-dxx
  3. After installation, invoke the skill by name or use /skill-security-scan-dxx
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skill-security-scan - Scans all installed OpenClaw skills for potential security risks. - Detects dangerous commands (e.g., rm -rf /, fork bombs). - Checks for access to sensitive paths and risky use of eval/exec. - Reviews network request security (such as missing SSL verification). - Generates a detailed risk report to help identify and manage threats. - Includes usage guidance and security best practices for skill management.
Metadata
Slug skill-security-scan-dxx
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Skill Security Scanner by dxx?

Scan installed OpenClaw skills for potential security risks. Use when you want to check if skills contain dangerous commands, access sensitive paths, or have... It is an AI Agent Skill for Claude Code / OpenClaw, with 130 downloads so far.

How do I install Skill Security Scanner by dxx?

Run "/install skill-security-scan-dxx" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Security Scanner by dxx free?

Yes, Skill Security Scanner by dxx is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Security Scanner by dxx support?

Skill Security Scanner by dxx is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Security Scanner by dxx?

It is built and maintained by ntaffffff (@ntaffffff); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments