← Back to Skills Marketplace
thenox21

ClawShield Lite – AI Skill Security Scanner

by TheNox21 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
126
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawshield-lite
Description
Scans AI skills for potential security risks and unsafe commands
README (SKILL.md)

ClawShield Lite

A lightweight security analysis skill that scans AI skill code for risky patterns and outputs a structured risk report.

How It Works

  1. Accepts code input via stdin (string or file content)
  2. Loads pattern definitions from rules.json
  3. Scans the input for dangerous and suspicious patterns
  4. Assigns a risk level: SAFE, MEDIUM RISK, or HIGH RISK
  5. Outputs a JSON report with all findings

Usage

echo "import os; os.system('rm -rf /')" | python main.py
Usage Guidance
This skill appears coherent and low-risk: it statically scans text from stdin against local patterns. Before installing, consider that pattern-based scanners have limitations — they can produce false positives and false negatives (they may miss obfuscated or novel malicious code). Review and, if needed, expand rules.json to cover patterns important to you. Because the skill's source and homepage are unknown, prefer running it in a sandbox or CI job first, manually inspect rules.json and main.py yourself, and do not rely solely on this tool for security decisions; combine it with AST-based analysis and manual review for higher assurance.
Capability Analysis
Type: OpenClaw Skill Name: clawshield-lite Version: 1.0.0 ClawShield Lite is a straightforward static analysis tool designed to scan code for risky patterns using simple string matching. The implementation in main.py is transparent, relies solely on the Python standard library, and does not execute the code it analyzes or perform any unauthorized network or file system operations. The skill's behavior aligns perfectly with its stated purpose in SKILL.md and README.md.
Capability Assessment
Purpose & Capability
The name/description (static security scanner) matches the included files (main.py, rules.json, README, SKILL.md). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and main.py instruct the agent to read code from stdin and scan it against rules.json. The runtime only reads rules.json from the same package and does not reference other system paths, environment variables, or external endpoints.
Install Mechanism
There is no install spec and the tool uses only the Python standard library. No downloads, extract steps, or third‑party packages are required.
Credentials
The skill requests no environment variables, credentials, or config paths. All required inputs are provided via stdin and the local rules.json file.
Persistence & Privilege
Flags show the skill is not forced-always and does not modify agent/system configuration. It runs on-demand and does not persist credentials or change other skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawshield-lite
  3. After installation, invoke the skill by name or use /clawshield-lite
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of ClawShield Lite. - Added static code scanning - Detects dangerous and suspicious patterns - Provides risk scoring (SAFE, MEDIUM, HIGH) - Outputs structured JSON security reports
Metadata
Slug clawshield-lite
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ClawShield Lite – AI Skill Security Scanner?

Scans AI skills for potential security risks and unsafe commands. It is an AI Agent Skill for Claude Code / OpenClaw, with 126 downloads so far.

How do I install ClawShield Lite – AI Skill Security Scanner?

Run "/install clawshield-lite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawShield Lite – AI Skill Security Scanner free?

Yes, ClawShield Lite – AI Skill Security Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawShield Lite – AI Skill Security Scanner support?

ClawShield Lite – AI Skill Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawShield Lite – AI Skill Security Scanner?

It is built and maintained by TheNox21 (@thenox21); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments