← Back to Skills Marketplace
Security Skill Scanner
by
digitaladaption
· GitHub ↗
· v0.1.0
2319
Downloads
4
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-skills-security-checker
Description
Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
Usage Guidance
Do not run or install this skill as-is. Before trusting it, obtain and review the referenced code (the repository or release artifact), confirm a secure install source (git tag or release on the project's homepage), and have someone with security knowledge audit the scripts for actions that alter shell profiles, create cron jobs, or intercept installs. If you must test, do so in an isolated VM or sandbox, and verify how the whitelist is managed (who can edit data/whitelist.json). Prefer an install spec that pins a known release and includes checksums or signatures; avoid adding the molthub wrapper or cron jobs until the code is reviewed and you understand uninstall/remediation steps.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-skills-security-checker
Version: 0.1.0
The skill, described as a security scanner, proposes a deep integration by overriding the `molthub` command in the user's shell profile (`.bashrc` or `.zshrc`) via `SKILL.md`. This allows the `install-hook.py` script to intercept and potentially block the installation of other skills, granting it significant control over skill management. Additionally, it suggests adding cron jobs for persistence of its scanning and monitoring functions. While the stated intent is security, these broad permissions and high level of system control, particularly the `molthub` override, represent a significant attack surface if the underlying scripts were malicious or vulnerable.
Capability Assessment
Purpose & Capability
The description and instructions describe a Python/Bash-based scanner, whitelist manager, Moltbook monitor, and install-hook that can block installs — all reasonable for a 'security scanner' — but the package contains no code files or install spec. The SKILL.md expects scripts at /root/clawd/skills/security-skill-scanner/* and a Python module import, yet no such files are bundled. The metadata also fails to declare required runtimes (python3, bash). This inconsistency (claims vs. actual package contents) is a red flag.
Instruction Scope
Runtime instructions direct the operator to execute specific scripts (skill-scanner.py, whitelist-manager.py, moltbook-monitor.sh, install-hook.py), read/write files under /root/clawd and /tmp, add cron jobs, and modify shell profiles to wrap the molthub command. Those actions can affect system behavior and intercept skill installations. Because the scripts are not included, following the instructions would either fail or require fetching/creating external code — increasing risk.
Install Mechanism
There is no install specification and no code files. The SKILL.md assumes local scripts already exist or must be placed at /root/clawd/skills/security-skill-scanner. The lack of an explicit, auditable install source (git repo clone, release tarball, package manager entry) means a user or agent would need to obtain code from an external/unknown source before the described functionality can run — a high-risk situation.
Credentials
The skill declares no environment variables or credentials, which is proportionate for a scanner. However, the instructions recommend writing to system locations (/root, /var/log, /tmp), modifying ~/.bashrc to intercept installs, and scheduling cron jobs — actions that grant ongoing influence over the environment despite no explicit credential requests. No secrets are requested, but the recommended changes increase the skill's effective reach.
Persistence & Privilege
Although the registry flags do not force persistence, the SKILL.md encourages persistent installations: cron jobs for periodic scans and a shell wrapper for molthub to run the install-hook on every install. Those manual steps would give the scanner long-lived control over the install flow and logs; recommending them without bundled, reviewable code is a significant privilege escalation and should be treated cautiously.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-skills-security-checker - After installation, invoke the skill by name or use
/openclaw-skills-security-checker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial public release of Security Skill Scanner.
- Scans ClawdHub skills for suspicious patterns such as credential theft, command injection, and network exfiltration.
- Manages skill whitelists to reduce false positives and allow trusted skills.
- Monitors Moltbook for emerging security discussions and scam alerts.
- Generates and tracks permission manifests with Isnad chains.
- Provides daily automated scanning and reporting in both markdown and JSON formats.
- Includes pre-install hooks to automatically scan and block suspicious skills during installation, with force override option.
- Offers command-line scripts for scanning, whitelist management, and Moltbook monitoring.
Metadata
Frequently Asked Questions
What is Security Skill Scanner?
Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats. It is an AI Agent Skill for Claude Code / OpenClaw, with 2319 downloads so far.
How do I install Security Skill Scanner?
Run "/install openclaw-skills-security-checker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Skill Scanner free?
Yes, Security Skill Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Security Skill Scanner support?
Security Skill Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Skill Scanner?
It is built and maintained by digitaladaption (@digitaladaption); the current version is v0.1.0.
More Skills