← Back to Skills Marketplace
118
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install suspicious-file-scanner
Description
Analyzes uploaded files to detect suspicious characteristics and potential security threats.
Usage Guidance
This skill appears to do what it says (scan files) but it transmits uploaded files to an external service (api.mkkpro.com/toolweb.in) with no authentication or privacy details in the SKILL.md. Before installing: (1) Do not upload sensitive or proprietary files unless you verify the vendor and their privacy/retention policy. (2) Confirm whether the API requires an API key or account and how data is stored/retained/encrypted. (3) Test with harmless sample files first. (4) Prefer scanning services you control or that provide on-premise agents if data confidentiality matters. (5) If possible, disable autonomous invocation or require user confirmation before the agent sends files externally. (6) Verify TLS endpoints and domain ownership (toolweb.in / api.mkkpro.com) and review the provider's terms and privacy policy.
Capability Analysis
Type: OpenClaw Skill
Name: suspicious-file-scanner
Version: 1.0.0
The skill defines an API for scanning files by uploading them to a remote endpoint (api.mkkpro.com). While this aligns with the stated purpose of a 'Suspicious File Scanner,' it inherently facilitates the exfiltration of potentially sensitive local files to a third-party service. There is no explicit evidence of malicious intent or prompt injection in SKILL.md, but the requirement to transmit binary data to an external server poses a significant privacy and security risk for an automated agent.
Capability Assessment
Purpose & Capability
Name, description, and the included OpenAPI schema align: the skill is an instruction-only wrapper describing a file-scanning API (POST /scan-file). There are no unrelated binaries, env vars, or installs requested, so the declared capability is consistent with requirements.
Instruction Scope
Runtime instructions explicitly tell the agent (and users) to upload files via multipart/form-data to an external endpoint (api.mkkpro.com). For a scanner this is expected, but the SKILL.md gives no details about authentication, retention, privacy, encryption, or allowed data types; it therefore instructs transmission of potentially sensitive files to an external service without safeguards.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes local code execution risk. There is nothing being downloaded or written to disk by an installer.
Credentials
The skill requires no environment variables or credentials. However, the pricing and documentation references imply a third-party service that may require account/auth in practice; the SKILL.md does not explain authentication or access controls. The absence of declared credentials reduces immediate risk but also omits how the service enforces usage and protects uploaded data.
Persistence & Privilege
always:false (normal). Autonomous invocation is allowed by default — combined with the instruction to upload files to an external endpoint, autonomous use increases the blast radius because an agent could send files without explicit user confirmation. This is a contextual risk rather than a direct misconfiguration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install suspicious-file-scanner - After installation, invoke the skill by name or use
/suspicious-file-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Suspicious File Scanner.
- Provides API to scan uploaded files for suspicious characteristics and potential threats.
- Returns detailed analysis, including threat indicators, confidence scores, and recommendations.
- Simple integration via multipart/form-data endpoint.
- Free and paid usage plans available.
Metadata
Frequently Asked Questions
What is Suspicious File Scanner?
Analyzes uploaded files to detect suspicious characteristics and potential security threats. It is an AI Agent Skill for Claude Code / OpenClaw, with 118 downloads so far.
How do I install Suspicious File Scanner?
Run "/install suspicious-file-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Suspicious File Scanner free?
Yes, Suspicious File Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Suspicious File Scanner support?
Suspicious File Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Suspicious File Scanner?
It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.
More Skills