skill-scanner-pro

# Skill-Scanner-Pro

Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns. Pro enhanced edition.

## Enhanced Edition (0.1.3)
- Fixed Web UI scan result rendering and export compatibility
- Reduced false positives in docs by limiting Markdown/RST scan scope to fenced code blocks
- Reduced scanner self-trigger noise (pattern definitions/comments)
- Skips noisy directories and oversized/binary files for cleaner output


## Capabilities
- Scan skill folders for security threats
- Detect data exfiltration patterns
- Identify system modification attempts
- Catch crypto-mining indicators
- Flag arbitrary code execution risks
- Find backdoors and obfuscation techniques
- Output reports in Markdown or JSON format
- Provide Web UI via Streamlit

## Usage

### Command Line
```bash
python skill_scanner.py /path/to/skill-folder
```

### Within Clawdbot
```
"Scan the [skill-name] skill for security issues using skill-scanner-pro"
"Use skill-scanner-pro to check the youtube-watcher skill"
"Run a security audit on the remotion skill"
```

### Web UI
```bash
pip install streamlit
streamlit run streamlit_ui.py
```

## Requirements
- Python 3.7+
- No additional dependencies (uses Python standard library)
- Streamlit (optional, for Web UI)

## Entry Point
- **CLI:** `skill_scanner.py`
- **Web UI:** `streamlit_ui.py`

## Tags
#security #malware #spyware #crypto-mining #scanner #audit #code-analysis #mcp #clawdbot #agent-skills #safety #threat-detection #vulnerability

# Skill-Scanner-Pro

Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.

## Enhanced Edition (0.1.3)

- Fixed Streamlit UI result rendering/export flow (`ScanReport` compatibility + markdown export path)
- Reduced false positives by scanning Markdown/RST **only inside fenced code blocks**
- Suppressed scanner self-noise (pattern-definition/comment lines) to avoid self-flagging
- Skips noisy paths and oversized/binary files for more stable scans
- Keeps malicious pattern detection intact for high-risk behaviors


## Features

- Detects **data exfiltration** patterns (env scraping, credential access, HTTP POST to unknown domains)
- Identifies **system modification** attempts (dangerous rm, crontab changes, systemd persistence)
- Catches **crypto-mining** indicators (xmrig, mining pools, wallet addresses)
- Flags **arbitrary code execution** risks (eval, exec, download-and-execute)
- Detects **backdoors** (reverse shells, socket servers)
- Finds **obfuscation** techniques (base64 decode + exec)
- Outputs **Markdown** or **JSON** reports
- Returns exit codes for CI/CD integration

## Installation

```bash
# Clone the repo
git clone https://github.com/bvinci1-design/skill-scanner-pro.git
cd skill-scanner-pro

# No dependencies required - uses Python standard library only
# Requires Python 3.7+
```

---

## How to Run in Clawdbot

Clawdbot users can run this scanner directly as a skill to audit other downloaded skills.

### Quick Start (Clawdbot)

1. **Download the scanner** from this repo to your Clawdbot skills folder:
   ```bash
   cd ~/.clawdbot/skills
   git clone https://github.com/bvinci1-design/skill-scanner-pro.git
   ```

2. **Scan any skill** by telling Clawdbot:
   ```
   "Scan the [skill-name] skill for security issues using skill-scanner-pro"
   ```
   
   Or run directly:
   ```bash
   python ~/.clawdbot/skills/skill-scanner-pro/skill_scanner.py ~/.clawdbot/skills/[skill-name]
   ```

3. **Review...