← Back to Skills Marketplace
2828
Downloads
3
Stars
17
Active Installs
1
Versions
Install in OpenClaw
/install ai-skill-scanner
Description
Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.
README (SKILL.md)
Skill Security Scanner
Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.
Quick Start
# Scan a local skill folder
python3 scripts/scan.py /path/to/skill
# Verbose output (show matched lines)
python3 scripts/scan.py /path/to/skill --verbose
# JSON output (for automation)
python3 scripts/scan.py /path/to/skill --json
Workflow: Scan Before Install
- Download or locate the skill folder
- Run
python3 scripts/scan.py \x3Cskill-path> --verbose - Review findings by severity (CRITICAL/HIGH = do not install)
- Report results to user with recommendation
Score Interpretation
| Score | Meaning | Recommendation |
|---|---|---|
| CLEAN | No issues found | Safe to install |
| INFO | Minor notes only | Safe to install |
| REVIEW | Medium-severity findings | Review manually before installing |
| SUSPICIOUS | High-severity findings | Do NOT install without thorough manual review |
| DANGEROUS | Critical findings detected | Do NOT install — likely malicious |
Exit Codes
0= CLEAN/INFO1= REVIEW2= SUSPICIOUS3= DANGEROUS
Rules Reference
See references/rules.md for full list of detection rules, severity levels, and whitelisted domains.
Limitations
- Pattern-based detection — cannot catch all obfuscation techniques
- No runtime analysis — only static scanning
- False positives possible for legitimate tools that access network/files
- Always combine with manual review for HIGH/MEDIUM findings
Usage Guidance
This package appears to be a legitimate static scanner, but you must treat the scanner code as untrusted third‑party code because running it will execute Python on your system. Before running it: (1) review scripts/advanced_checks.py and scripts/scan.py for use of exec/eval, subprocess calls, or network-sending code; (2) run the scanner only in an isolated environment (docker container, VM) with no network access and limited filesystem permissions; (3) search the files for dynamic execution patterns (eval/exec, subprocess/os.system), long encoded strings, or hardcoded endpoints; (4) note the many '# noscan' markers used in the code — these can hide lines from other scanners and merit a manual review of the surrounding code; (5) prefer scanner copies from a known/trusted source (official homepage or repo) rather than an unknown origin; and (6) if you only need static scanning, consider running a minimal, well-audited scanner instead of executing unfamiliar full-featured scripts. If you want, I can highlight specific lines to inspect or extract suspicious patterns from the source files for a focused review.
Capability Analysis
Type: OpenClaw Skill
Name: ai-skill-scanner
Version: 2.1.0
This skill bundle is a security scanner designed to detect vulnerabilities, malicious code, and suspicious patterns in other OpenClaw/Clawdbot skills. The code (`scripts/scan.py` and `scripts/advanced_checks.py`) performs static analysis, including regex matching, AST parsing, and data flow analysis, to identify indicators of compromise such as credential exfiltration, remote code execution, persistence mechanisms, and prompt injection attempts. The skill itself does not exhibit any malicious behavior; it reads local files for analysis and outputs findings, without making unauthorized network calls, writing to sensitive system locations, or executing arbitrary code from the scanned content. The `SKILL.md` instructions are benign and guide the AI agent on how to use the scanner, without attempting prompt injection against the agent.
Capability Assessment
Purpose & Capability
Name/description align with the shipped assets: scripts/scan.py and scripts/advanced_checks.py implement static rules, entropy checks, payload decoding, dependency checks, and scanning of package.json/requirements — all reasonable for a skill scanner. No unrelated env vars, binaries, or install hooks are requested.
Instruction Scope
SKILL.md instructs the agent/user to run the supplied Python scanner against a local skill folder (python3 scripts/scan.py <skill-path>). That instruction is within scope, but it means the agent/operator will execute code included with the skill (the scanner itself). The scanner will read many files inside the target skill (package.json, requirements, source files) and perform decoding and AST/static checks — expected, but requires executing the scanner code on your environment.
Install Mechanism
No install spec provided (instruction-only meta plus Python scripts). No external downloads or install actions are declared. This minimizes supply-chain install risk, but executing the included Python files still runs third-party code.
Credentials
The skill requests no environment variables or credentials (proportionate). However, the scanner's rules explicitly look for credential access patterns in target code (e.g., os.environ, process.env) — which is appropriate for a scanner. Important: the scanner will be executed locally, so it will have whatever filesystem and runtime privileges the executor provides; no additional credentials are required by the skill itself.
Persistence & Privilege
Flags show always:false and user-invocable:true; the skill does not request persistent/automatic inclusion or system-wide config changes. There are no install scripts or persistent agents declared.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ai-skill-scanner - After installation, invoke the skill by name or use
/ai-skill-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
12-layer security scanner for AI agent skills. Detects credential theft, prompt injection, malicious dependencies.
Metadata
Frequently Asked Questions
What is AI Skill Scanner?
Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification. It is an AI Agent Skill for Claude Code / OpenClaw, with 2828 downloads so far.
How do I install AI Skill Scanner?
Run "/install ai-skill-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AI Skill Scanner free?
Yes, AI Skill Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does AI Skill Scanner support?
AI Skill Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AI Skill Scanner?
It is built and maintained by HugoSbl (@hugosbl); the current version is v2.1.0.
More Skills