TopRank Skills
Home / Claw Skills / Git / GitHub / skill-security-scanner
Official OpenClaw rules 36%

skill-security-scanner

Security scanner for OpenClaw skills. Use when installing, updating, or auditing skills to detect malicious backdoors, suspicious code patterns, data exfiltration risks, and security vulnerabilities. Automatically analyzes Python/JavaScript/Shell code for dangerous functions (eval, exec, system calls), network requests, file operations, environment variable access, obfuscation patterns, and known attack signatures. Provides security score and installation recommendations.

View Source SKILL.md

Stars

0

Installs

0

Status

ACTIVE

Visibility

PUBLIC

安装方式

直接复制以下提示词,发送给你的 AI 助手即可完成安装。

请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 skill-security-scanner 技能。 若已安装,则直接安装 skill-security-scanner 技能。

Overview

Skill Key
cookiemikeliu/skill-security-scanner-clean
Author
cookiemikeliu
Source Repo
openclaw/skills
Version
-
Source Path
skills/cookiemikeliu/skill-security-scanner-clean
Latest Commit SHA
e69f7891d3c42623dd972247930ba371cd25dcd0

Extracted Content

SKILL.md excerpt

# Skill Security Scanner

Protect your OpenClaw installation from malicious skills. This scanner performs static analysis on skill code to detect:

- **Code Execution Threats**: `eval`, `exec`, `os.system`, `subprocess` calls
- **Data Exfiltration**: Hidden network requests, suspicious URLs, IP connections  
- **System Compromise**: File deletion, permission changes, privilege escalation
- **Credential Theft**: Environment variable access, secret harvesting
- **Cryptojacking**: Mining malware, suspicious compute patterns
- **Obfuscation**: Hidden code, base64 encoding, minification
- **Spyware**: Keyloggers, screen capture, surveillance features

## Quick Start

```bash
# Basic scan
python scripts/security_scanner.py /path/to/skill

# Strict mode (catches more suspicious patterns)
python scripts/security_scanner.py /path/to/skill --strict

# Save JSON report
python scripts/security_scanner.py /path/to/skill --format json -o report.json

# Generate markdown report
python scripts/security_scanner.py /path/to/skill --format markdown -o report.md
```

## Understanding Results

### Verdict Levels

| Verdict | Emoji | Meaning | Action |
|---------|-------|---------|--------|
| **PASS** | 🟢 | No critical issues found | Safe to install |
| **REVIEW** | 🟡 | Some concerns, review recommended | Check findings before installing |
| **WARNING** | 🟠 | High-risk patterns detected | Strongly reconsider installation |
| **REJECT** | 🔴 | Critical threats identified | **DO NOT INSTALL** |

### Security Score

- **90-100**: Excellent - minimal risk
- **70-89**: Good - minor issues
- **50-69**: Fair - requires review
- **0-49**: Poor - significant risks

## Detection Rules

### Critical (🔴)

| Rule | Description | Example |
|------|-------------|---------|
| EXEC001 | Code execution functions | `eval()`, `exec()`, `compile()` |
| SUSPICIOUS001 | Keylogger functionality | `pynput`, `keyboard` modules |
| SUSPICIOUS003 | Cryptocurrency mining | `mining`, `bitcoin`, `stratum+tcp` |

#...

Related Claw Skills

heyixuan2

bambu-studio-ai

★ 41

Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).

edholofy

dojo.md

★ 4

University for AI agents. 92 courses, 4400+ scenarios, any model via OpenRouter. Auto-training loops generate per-model SKILL.md documents. Works with Claude Code, OpenClaw, Cursor, Windsurf. No fine-tuning required.

lethehades

wps-macos-helper

★ 1

macOS WPS Office workflow helper skill for safer document preparation, conversion, export, and compatibility guidance

capt-marbles

geo-optimization

★ 1

Generative Engine Optimization (GEO) for AI search visibility. Optimize content to appear in ChatGPT, Perplexity, Claude, and Google AI Overviews. Use when optimizing websites, pages, or content for LLM discoverability and citation.

carev01

md-docs-search

★ 0

Full-text search across structured Markdown documentation archives using SQLite FTS5. Use when you need to search large collections of Markdown articles that are separated by "---" delimiters and contain source URLs (marked with "*Source:" pattern). Provides fast BM25-ranked search with automatic source URL extraction for citations. Ideal for research, documentation lookups, and knowledge base exploration. Requires indexing documentation first with `docs.py index`.

caqlayan

Tweet Processor

★ 0

Tweet Processor Skill