← Back to Skills Marketplace
Security Checker
by
johstracke
· GitHub ↗
· v1.0.1
1361
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install security-checker
Description
Security scanner for Python skills before publishing to ClawHub. Use before publishing any skill to check for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions like eval/exec/subprocess. Essential for maintaining trust and ensuring published skills are safe for others to install and run.
Usage Guidance
What to consider before installing:
- This tool is a local, static scanner (no network exfiltration or credential requests). It reads files you point it at and prints findings.
- False positives are expected (e.g., legitimate uses of os, requests, or filesystem writes). Warnings require manual review and documentation as noted in SKILL.md.
- The scanner itself is simple and readable; you can audit scripts/security_scan.py quickly to confirm behavior.
- Because it flags hardcoded secrets, avoid running it in contexts where printing detected secrets to logs would leak sensitive data to others (the script avoids printing the secret contents but shows file/line info).
- Complement this tool with manual review and other tools (bandit, safety) and run scans in an isolated environment when processing untrusted code.
Capability Analysis
Type: OpenClaw Skill
Name: security-checker
Version: 1.0.1
The OpenClaw skill 'security-checker' is a static analysis tool for Python code. The `SKILL.md` clearly describes its purpose to identify dangerous imports, functions, hardcoded secrets, and unsafe file operations, without containing any prompt injection attempts or instructions for malicious agent behavior. The `scripts/security_scan.py` script implements this functionality by reading Python files and using regular expressions to detect patterns. It strictly performs static analysis, does not execute any dangerous commands, make network calls, modify files, or attempt to exfiltrate data. Its file access is limited to reading the specified target files/directories, which is necessary for its stated purpose.
Capability Assessment
Purpose & Capability
The name/description describe a pre-publish Python security scanner and the included script implements exactly that (pattern-based checks for dangerous imports/functions, hardcoded secrets, and unsafe file operations). Nothing requested (no env vars, no binaries, no config paths) is out of scope for that purpose.
Instruction Scope
SKILL.md instructs the agent/user to run the bundled security_scan.py against files or directories and to review warnings before publishing. The instructions do not tell the agent to read unrelated system state, secrets, or to transmit results externally; they stay within the stated scanning purpose.
Install Mechanism
There is no install spec (instruction-only plus a small local script). Nothing is downloaded or extracted from external URLs and no third-party packages are installed by the skill itself.
Credentials
The skill requests no environment variables or credentials. The scanner looks for hardcoded secrets in scanned files but does not itself require or access secrets — this is appropriate for a static scanner.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It is user-invocable and can be invoked autonomously (platform default), which is reasonable for a utility.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install security-checker - After installation, invoke the skill by name or use
/security-checker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Enhanced detection: Now catches file write operations (.write_text, .write_bytes, open for writing) in addition to existing checks. Improved security scanner to detect potential malicious file write patterns before publishing.
v1.0.0
Initial release - Security scanner for Python skills before publishing to ClawHub. Checks for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions. Essential for maintaining trust and ensuring published skills are safe. All three published skills (research-assistant, task-runner, security-checker) passed scans.
Metadata
Frequently Asked Questions
What is Security Checker?
Security scanner for Python skills before publishing to ClawHub. Use before publishing any skill to check for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions like eval/exec/subprocess. Essential for maintaining trust and ensuring published skills are safe for others to install and run. It is an AI Agent Skill for Claude Code / OpenClaw, with 1361 downloads so far.
How do I install Security Checker?
Run "/install security-checker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Checker free?
Yes, Security Checker is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Security Checker support?
Security Checker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Checker?
It is built and maintained by johstracke (@johstracke); the current version is v1.0.1.
More Skills