security-scanner

# Security Scanner

## Description

A security-focused skill that analyzes OpenClaw SKILL.md files and skill packages for potential security risks, malicious patterns, and suspicious behaviors. This tool helps protect your system by detecting:

- Hidden external downloads or executables
- Suspicious API calls and endpoints
- Dangerous file system operations
- Obfuscated or encoded commands
- Unusual prerequisite requirements
- Known malicious patterns

**Why this matters:** This scanner helps you review skills before installation by flagging potentially suspicious instruction patterns.

## Features

- ✅ **Pattern Detection**: Identifies suspicious code patterns and behaviors
- ✅ **Prerequisite Analysis**: Validates required dependencies and downloads
- ✅ **API Endpoint Validation**: Checks for suspicious external connections
- ✅ **File System Auditing**: Detects dangerous file operations
- ✅ **Encoding Detection**: Flags base64, hex, and other obfuscation attempts
- ✅ **Risk Scoring**: Assigns risk levels (LOW, MEDIUM, HIGH, CRITICAL)
- ✅ **Detailed Reports**: Provides clear explanations of findings
- ✅ **Whitelist Support**: Configure trusted domains and patterns

## How It Works

This is an OpenClaw skill (not a standalone program). When you ask the agent to scan a skill file:
1. The agent reads this security-scanner skill to learn what patterns to look for
2. The agent reads the skill file you want to scan
3. The agent analyzes the instructions and reports findings
4. You manually review the flagged items

**Note:** The included `scanner.js` file can also be run directly with Node.js 18+ if you prefer command-line usage.

## Installation

Install via ClawHub or add to your OpenClaw skills directory.

For command-line usage (optional):
```bash
# Clone the repository
git clone https://github.com/anikrahman0/security-skill-scanner.git
cd security-skill-scanner

# Run the scanner
node scanner.js path/to/SKILL.md
```

## Configuration

Create a `.security-scan...

# 🔒 Security Skill Scanner for OpenClaw

A comprehensive security scanner that analyzes OpenClaw skills for malicious patterns, vulnerabilities, and suspicious behaviors **before** you install them.

## 🚨 Why This Matters

OpenClaw skills are powerful instruction files that guide AI agents. However, malicious skills could potentially instruct agents to:
- Download external executables
- Harvest credentials and API keys
- Send data to unknown third-party servers
- Access sensitive system files
- Execute arbitrary code

**This scanner helps protect you** by detecting these patterns before they can cause harm.

## ✨ Features

- ✅ **Comprehensive Pattern Detection** - Identifies 40+ suspicious patterns
- ✅ **Risk-Based Scoring** - Clear CRITICAL/HIGH/MEDIUM/LOW risk levels
- ✅ **Zero Dependencies** - Pure Node.js, no external packages
- ✅ **Offline Operation** - Works completely offline
- ✅ **Detailed Reports** - Line numbers, examples, and recommendations
- ✅ **Whitelist Support** - Configure trusted domains and patterns
- ✅ **Batch Scanning** - Scan entire directories at once
- ✅ **CLI & Programmatic API** - Use from command line or in code

## 🚀 Quick Start

### Installation
```bash
# Clone the repository
git clone https://github.com/anikrahman0/security-skill-scanner.git
cd security-skill-scanner

# Make it executable (Linux/Mac)
chmod +x scanner.js

# Run a scan
node scanner.js path/to/SKILL.md
```

### Basic Usage
```bash
# Scan a single skill file
node scanner.js ~/Downloads/suspicious-skill/SKILL.md

# Scan an entire directory
node scanner.js ~/.openclaw/skills/

# Scan before installing
node scanner.js ./new-skill/
```

## 📖 Usage Examples

### Example 1: Scanning a Clean Skill
```bash
$ node scanner.js examples/weather-skill/SKILL.md

═══════════════════════════════════════════════════
           SECURITY SCAN REPORT
═══════════════════════════════════════════════════

Skill: examples/weather-skill/SKILL.md
Scanned: 2026-02-16T14:30:22.000Z
Overal...