← Back to Skills Marketplace
Snyk Skill Scanner
by
SwiftKing100
· GitHub ↗
· v1.0.0
308
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install snyk-skill-scanner
Description
Scan installed agent components (MCP servers, skills, agent tools) for security vulnerabilities using snyk-agent-scan. Use only when running uvx snyk-agent-s...
Usage Guidance
This skill is coherent for its stated purpose, but it relies on fetching and running third-party tooling at scan time. Before you use it: 1) verify the authenticity of uvx/uv and snyk-agent-scan (check official project pages, release signatures, and the GitHub repository referenced), 2) avoid piping unknown curl scripts into sh — prefer package managers or audited install steps, 3) run scans from a least-privilege or isolated environment if possible, and 4) review scan results carefully before taking automated remediation steps. If you need higher assurance, ask the skill author for a pinned release URL or signed binary rather than using @latest.
Capability Analysis
Type: OpenClaw Skill
Name: snyk-skill-scanner
Version: 1.0.0
The skill bundle is designed for security auditing, explicitly stating its purpose to 'Scan installed agent components... for security vulnerabilities using snyk-agent-scan'. It provides clear instructions for executing the `uvx snyk-agent-scan` tool and installing its prerequisite `uv`. There is no evidence of prompt injection attempts against the agent, data exfiltration, backdoor installation, or any other malicious intent. The use of `curl | sh` for `uv` installation, while a general supply chain risk, is a common practice for legitimate tool installation and is openly documented as a prerequisite, not a hidden malicious payload.
Capability Assessment
Purpose & Capability
The name/description (Snyk Skill Scanner) matches the instructions: it tells the agent operator how to run snyk-agent-scan via uvx to scan skills and MCP servers. All declared metadata (no env, no binaries, no install spec) is consistent with an instruction-only scanning helper.
Instruction Scope
SKILL.md stays on-topic: it instructs running uvx snyk-agent-scan against skill and MCP paths and shows expected outputs. It references common skill paths and offers flags like --skills and --json. It explicitly notes that it executes external code (snyk-agent-scan via uvx), which is appropriate for a scanner but expands runtime trust requirements — the user/agent will fetch and run third-party code.
Install Mechanism
There is no formal install spec in the skill, but the docs instruct using uvx to fetch snyk-agent-scan@latest and provide bootstrap instructions for uv that include a curl | sh installer (astral.sh). Both uvx and uv will download/execute external code at runtime; recommending curl | sh is a moderate risk vector. This is expected for a tool that runs external scanners, but users should verify sources and prefer vetted package managers or signed releases.
Credentials
The skill requests no environment variables, no credentials, and no special config paths. That is proportionate for a read-only scanning helper that runs an external scanner and reports findings.
Persistence & Privilege
always:false and no install or file writes are requested by the skill. It does not demand persistent presence or modify other skills' configurations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install snyk-skill-scanner - After installation, invoke the skill by name or use
/snyk-skill-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
snyk-skill-scanner 1.0.0
- Initial release of skill-scanner.
- Provides documentation for scanning agent components (skills, MCP servers, tools) for security vulnerabilities using snyk-agent-scan.
- Details quick scan commands, detected risk types (prompt injection, malware, credential leaks, etc.), and result interpretation.
- Lists troubleshooting steps, skill locations, custom path scanning, and example output.
- Includes link to official issue code reference.
Metadata
Frequently Asked Questions
What is Snyk Skill Scanner?
Scan installed agent components (MCP servers, skills, agent tools) for security vulnerabilities using snyk-agent-scan. Use only when running uvx snyk-agent-s... It is an AI Agent Skill for Claude Code / OpenClaw, with 308 downloads so far.
How do I install Snyk Skill Scanner?
Run "/install snyk-skill-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Snyk Skill Scanner free?
Yes, Snyk Skill Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Snyk Skill Scanner support?
Snyk Skill Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Snyk Skill Scanner?
It is built and maintained by SwiftKing100 (@swiftking100); the current version is v1.0.0.
More Skills