← Back to Skills Marketplace
skll-scan
by
niuqun2003
· GitHub ↗
· v1.0.0
· MIT-0
344
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skll-scan
Description
Security scanning tool for OpenClaw Skills. Detects malicious code patterns, extracts domains, and checks threat intelligence APIs. Use when: installing new...
Usage Guidance
This skill appears to do what it says: local static scanning and domain checks. Before installing or using it: (1) review the script source yourself (it ships with code) to ensure it meets your policies; (2) avoid hardcoding API keys in the script—use a protected config (~/.skill-scan/config.json) with tight file permissions; (3) be careful enabling external threat-intel lookups for internal/private domains (you may leak sensitive hostnames to external services); (4) the cron example edits /etc/cron.d and /var/log, which requires elevated privileges—only set up system cron jobs if you understand the implications; (5) consider running initial scans in an isolated environment and verifying outputs before integrating into CI. Overall the package is coherent and low-risk if used with the normal precautions above.
Capability Analysis
Type: OpenClaw Skill
Name: skll-scan
Version: 1.0.0
The 'skill-scan' bundle is a legitimate security utility designed to perform static analysis and threat intelligence lookups on other OpenClaw skills. The core logic in 'scripts/skill-scan.py' uses regex patterns to identify potentially dangerous code (e.g., exec, filesystem access) and extracts domains to check against blacklists or APIs like Abuse.ch. No evidence of data exfiltration, malicious execution, or prompt injection was found; the tool's behavior aligns perfectly with its documented purpose of auditing skill safety.
Capability Assessment
Purpose & Capability
The name/description, SKILL.md, and scripts/skill-scan.py are aligned: the tool performs static pattern scanning, domain extraction, and (optional) threat-intel checks. There are no unexpected required binaries, environment variables, or unrelated capabilities requested.
Instruction Scope
SKILL.md instructs running the included Python scanner against skill directories and provides CI and cron examples. This stays within the scanner's scope. Note: the cron example writes to /etc/cron.d and /var/log (system-level locations) which typically require elevated privileges; also the docs encourage adding API keys to the script/config to enable external threat-intel lookups, which would cause domain data to be sent to third-party APIs if enabled.
Install Mechanism
No install spec is provided (instruction-only) and the shipped script is run by the user; this is the lower-risk option. No remote downloads or archive extraction are used by the skill itself.
Credentials
The skill declares no required env vars or secrets. The documentation describes storing API keys in a config or inserting them into the script — acceptable for threat-intel integrations but carries the usual caution: do not hardcode secrets, prefer a secured config, and be mindful of sending internal/private domains to external services.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent 'always' inclusion or modify other skills. The example for periodic auditing (cron) is user-controlled and not automatic.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skll-scan - After installation, invoke the skill by name or use
/skll-scan - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of skill-scan, a security scanning tool for OpenClaw Skills.
- Performs static code analysis to detect dangerous patterns including exec/system calls, network requests, filesystem operations, and sensitive data accesses.
- Extracts domains from Skill code and checks against built-in and optional threat intelligence APIs.
- Generates detailed risk reports with low/medium/high risk levels, supporting JSON export for automation.
- Includes integration guides for pre-installation security checks, periodic audits, and CI/CD pipelines.
- Provides troubleshooting steps, best security practices, and contribution guidelines.
Metadata
Frequently Asked Questions
What is skll-scan?
Security scanning tool for OpenClaw Skills. Detects malicious code patterns, extracts domains, and checks threat intelligence APIs. Use when: installing new... It is an AI Agent Skill for Claude Code / OpenClaw, with 344 downloads so far.
How do I install skll-scan?
Run "/install skll-scan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is skll-scan free?
Yes, skll-scan is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does skll-scan support?
skll-scan is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created skll-scan?
It is built and maintained by niuqun2003 (@niuqun2003); the current version is v1.0.0.
More Skills