← Back to Skills Marketplace
diogopaesdev

CrawSecure

by Diogo Paes Dev · GitHub ↗ · v2.0.1
cross-platform ✓ Security Clean
1866
Downloads
1
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install crawsecure
Description
Offline security scanner that detects unsafe code patterns in ClawHub skills before installation to help users assess potential risks locally.
README (SKILL.md)

CrawSecure

CrawSecure is a documentation-first security skill for the ClawHub / OpenClaw ecosystem.

This skill does not include executable code or binaries. Its purpose is to clearly document, explain, and guide the safe usage of the CrawSecure CLI, which is distributed and installed separately by the user.

The goal of this skill is to promote security awareness, transparency, and best practices when working with third‑party skills.

🔍 What this skill provides

  • Clear documentation of what CrawSecure analyzes
  • Explanation of risk signals and classifications
  • Guidance on how to use the CrawSecure CLI safely
  • Security philosophy and trust boundaries

ℹ️ This skill itself performs no scans and executes no code.

🧰 About the CrawSecure CLI

The CrawSecure CLI is an external, optional tool that users may install independently.

It performs local, offline static analysis of ClawHub / OpenClaw skills before installation or trust.

CLI distribution (external)

The CLI is not bundled with this skill.

🚨 Risk signals analyzed by the CLI

When used, the CrawSecure CLI may detect:

  • Dangerous command patterns
    (e.g. destructive or execution‑related behavior)
  • References to sensitive files or credentials
    (e.g. .env, .ssh, private keys)
  • Indicators of unsafe or misleading practices

Risk levels are classified as:

  • SAFE
  • MEDIUM
  • HIGH

🔒 Security & trust boundaries

This skill:

  • Does not execute code
  • Does not install software
  • Does not access the network
  • Does not modify files
  • Requests read‑only permissions only

Any actual scanning happens only if the user installs and runs the CrawSecure CLI from a trusted source.

✅ When to use this skill

  • To understand what CrawSecure checks and why
  • Before deciding to install or run the CrawSecure CLI
  • As a reference for safer skill development practices
  • To promote transparency inside the ClawHub ecosystem

📦 Version

v2.0.1 – Documentation‑only clarification release

This version clarifies scope and removes any ambiguity about bundled execution.

Usage Guidance
This skill is documentation-only and appears coherent, but the actual CrawSecure scanner it documents is an external binary you would download separately. Before installing or running that external CLI: 1) verify the GitHub repo and release artifacts (owner identity, tags) are legitimate; 2) check release checksums or signatures where available; 3) review the CLI source code if you can, or run it in a sandbox/non-privileged environment; 4) avoid running downloaded binaries as root; and 5) prefer official distribution channels (GitHub releases, official site) over third-party mirrors. Also be aware that the SKILL.md's statements about not accessing network or not executing code are descriptive — they cannot enforce behavior of any external CLI you choose to install.
Capability Analysis
Type: OpenClaw Skill Name: crawsecure Version: 2.0.1 The OpenClaw skill 'CrawSecure' is explicitly stated to be documentation-only, containing no executable code or binaries. It disclaims any ability to execute code, install software, access the network, or modify files, requesting only read-only permissions. The SKILL.md content serves purely as informational text, describing an external, separately installed CLI tool for static analysis, and does not contain any prompt injection attempts or instructions for the AI agent to perform malicious actions, hide behavior, or access sensitive data. All files consistently support this benign, informational purpose.
Capability Assessment
Purpose & Capability
The name/description claim an offline security scanner, and the SKILL.md explicitly says this skill is documentation-only for an external CrawSecure CLI. No unrelated environment variables, binaries, or install steps are requested, which is proportionate for a documentation skill.
Instruction Scope
SKILL.md contains only documentation and guidance, explicitly states it performs no scanning or network access, and does not instruct the agent to read files, env vars, or execute commands. It does link to an external GitHub repo/website for the CLI — expected for a documentation skill.
Install Mechanism
There is no install spec and no bundled code. As an instruction-only skill this has the lowest install risk; any installation risk is deferred to the external CLI distribution referenced in the docs.
Credentials
The skill requests no environment variables, credentials, or config paths, which matches its documentation-only nature.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify agent/system settings. user-invocable and model invocation defaults are normal and acceptable for a docs skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install crawsecure
  3. After installation, invoke the skill by name or use /crawsecure
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
v2.0.1 is a documentation‑only clarification release: - Clarifies that this skill provides documentation only, with no executable code or scanning capability. - Clearly distinguishes the CrawSecure CLI as an external, optional tool the user must install separately. - Reinforces security philosophy, permissions, and boundaries. - Expands guidance for safe usage and understanding of risk signals. - Removes any ambiguity about what is included or performed by the skill itself.
v2.0.0
## 2.0.0 - Clarified execution model and security guarantees - Improved transparency around analysis flow - Prepared foundation for optional web-based visualization
v1.1.0
v1.1.0 - Switched to JavaScript ESM with zero build step - Introduced CLI-based execution model - Added explicit read-only security guarantees - Improved documentation clarity - Structured analyzer, rules, and reporter modules - Stable public release for ClawHub
v1.0.3
v1.0.3 - Improved documentation clarity - Explicit execution model explanation - No behavioral changes
v1.0.2
Fixed skill summary extraction by adjusting SKILL.md structure.
v1.0.1
Added skill summary and improved public description for better clarity and discoverability.
v1.0.0
Initial public release. Introduces CrawSecure as a security-focused skill to help identify potential risks and unsafe patterns in ClawHub skills.
Metadata
Slug crawsecure
Version 2.0.1
License
All-time Installs 1
Active Installs 1
Total Versions 7
Frequently Asked Questions

What is CrawSecure?

Offline security scanner that detects unsafe code patterns in ClawHub skills before installation to help users assess potential risks locally. It is an AI Agent Skill for Claude Code / OpenClaw, with 1866 downloads so far.

How do I install CrawSecure?

Run "/install crawsecure" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is CrawSecure free?

Yes, CrawSecure is completely free (open-source). You can download, install and use it at no cost.

Which platforms does CrawSecure support?

CrawSecure is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created CrawSecure?

It is built and maintained by Diogo Paes Dev (@diogopaesdev); the current version is v2.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments