← Back to Skills Marketplace
AgentShield Scanner
by
Elliot Liu
· GitHub ↗
· v0.5.1
· MIT-0
304
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install agentshield-scanner
Description
Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...
README (SKILL.md)
AgentShield — Security Scanner
Scan any directory for security issues in AI agent skills, MCP servers, and plugins.
Usage
# Basic scan
npx @elliotllliu/agent-shield scan ./path/to/skill/
# Pre-install check (GitHub URL, npm package, or local path)
npx @elliotllliu/agent-shield install-check https://github.com/user/repo
# JSON output for programmatic use
npx @elliotllliu/agent-shield scan ./path/to/skill/ --json
# Fail if score is below threshold
npx @elliotllliu/agent-shield scan ./path/to/skill/ --fail-under 70
# Scan .difypkg plugin archives
npx @elliotllliu/agent-shield scan ./plugin.difypkg
What It Detects (30 rules)
High Risk:
data-exfil— reads sensitive files + sends HTTP requestsbackdoor— eval(), exec(), dynamic code executionreverse-shell— outbound socket to shellcrypto-mining— mining pool connectionscredential-hardcode— hardcoded API keys/tokensobfuscation— base64+eval, hex stringsprompt-injection— 55+ patterns, 12 categories, 8 languagestool-shadowing— tool name/description manipulationattack-chain— multi-step kill chain (5 stages)cross-file— cross-file data flow and code injectionast-*— Python AST taint tracking (eval, pickle, SQL injection, SSTI)multilang-injection— 8-language prompt injectiondescription-integrity— semantic mismatch between description and codemcp-runtime— MCP server runtime security issues
Medium Risk:
env-leak— process.env exfiltrationnetwork-ssrf— user-controlled URLs, SSRFprivilege— SKILL.md permission vs code mismatchsupply-chain— known CVEs in dependenciessensitive-read— SSH keys, AWS creds accessphone-home— periodic beacon/heartbeat patternpython-security— 35 Python-specific patterns
Low Risk:
excessive-perms— too many permissions declaredhidden-files— .env with secrets committedtyposquatting— suspicious npm package names
Interpreting Results
- Score 90-100: Low risk ✅
- Score 70-89: Moderate risk — review warnings
- Score 40-69: High risk — investigate before using
- Score 0-39: Critical risk — do not install
When to Use
- Before installing a third-party skill:
npx @elliotllliu/agent-shield install-check \x3Curl> - Auditing your own skills before publishing
- CI/CD pipeline gate:
--fail-under 70 - Reviewing skills from untrusted sources
Usage Guidance
This SKILL.md simply tells the agent to run an external npm package via `npx` to perform scans. Before running: (1) verify the npm package origin and author (@elliotllliu) and inspect its source (GitHub repo, package contents) — do not run it blindly; (2) ensure you have npx/node and understand npx will fetch code from the registry at runtime; (3) run the scanner in an isolated environment (container or VM) and against copies of sensitive data when possible; (4) prefer pinned versions or checksums and verify package integrity/signatures; (5) if you cannot inspect the package, treat it as untrusted code and avoid scanning live systems or secrets until you confirm its safety.
Capability Analysis
Type: OpenClaw Skill
Name: agentshield-scanner
Version: 0.5.1
The skill bundle describes a security tool called 'AgentShield' designed to scan AI agent skills and plugins for vulnerabilities like data exfiltration and backdoors. It operates by instructing the agent to run a specific npm package (`@elliotllliu/agent-shield`) via `npx`. The documentation in SKILL.md is transparent, aligns with the stated security purpose, and contains no evidence of malicious intent, obfuscation, or prompt injection attacks.
Capability Assessment
Purpose & Capability
The SKILL.md describes an AI-skill/plugin scanner which matches the name and description. However the runtime examples all use `npx @elliotllliu/agent-shield ...` yet the skill metadata declares no required binaries or install steps — this is an inconsistency (the agent needs npx/node/npm to run the scanner).
Instruction Scope
Instructions are narrowly scoped to invoking the scanner on local paths, archives, or repository URLs. Scanning necessarily reads files (including secrets) to detect leaks, which is expected behavior for this purpose; the instructions do not direct data to external endpoints themselves, but they do invoke an external package that will run with whatever network/file permissions the runtime grants.
Install Mechanism
No install spec or bundled code is included; the SKILL.md instructs using `npx` to fetch and run `@elliotllliu/agent-shield` at runtime. Fetching and executing an external npm package is a moderate-to-high supply-chain risk. The skill does not include provenance, a homepage, or packaged code to inspect locally, increasing the risk.
Credentials
The skill requests no environment variables or credentials in metadata, which is appropriate. Be aware that a scanner will need access to local files and may read secrets to detect leaks — this is proportional to its stated task but is sensitive, so running it requires trust in the scanner implementation.
Persistence & Privilege
The skill does not request persistent/always-on privileges and does not modify other skills. It is user-invocable and does not claim autonomous always-inclusion, which is appropriate.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agentshield-scanner - After installation, invoke the skill by name or use
/agentshield-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.5.1
30 security rules, Python AST taint tracking, cross-file analysis, 8-language prompt injection detection, platform integration guide
v1.0.0
Initial release — 30-rule security scanner for AI agent skills, MCP servers, and plugins
Metadata
Frequently Asked Questions
What is AgentShield Scanner?
Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for... It is an AI Agent Skill for Claude Code / OpenClaw, with 304 downloads so far.
How do I install AgentShield Scanner?
Run "/install agentshield-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AgentShield Scanner free?
Yes, AgentShield Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does AgentShield Scanner support?
AgentShield Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AgentShield Scanner?
It is built and maintained by Elliot Liu (@elliotllliu); the current version is v0.5.1.
More Skills