Free on ClawHub

Skill Security
Auditor

Scan OpenClaw agent skills for malicious code, hardcoded credentials, prompt injection, data exfiltration, and suspicious shell commands. Get an A-F grade before you install anything.

30+

Security Rules

Severity Levels

Skills Scanned

7.1%

Found Leaking

Why This Exists

341

Malicious skills found on ClawHub in one week

7.1%

Of published skills leak credentials

Other scanners catch agent-specific attacks

Traditional security tools miss agent-specific attack patterns like prompt injection and credential harvesting through environment variables.

The Grading System

A-F grades based on weighted severity scoring

Clean (0 pts)

No issues found. Skill appears safe to install.

Low Risk (1–5 pts)

Minor informational findings. Generally safe.

Moderate Risk (6–15 pts)

Review recommended. Some suspicious patterns detected.

High Risk (16–40 pts)

Do not install without thorough review. Multiple concerns.

Dangerous (41+ pts)

Likely malicious. Strongly recommend against installation.

30+ Security Rules

Checks across 4 severity levels — from informational to critical

Data Exfiltration

Network calls with embedded credentials
Exfiltrating environment variables
Scanning filesystem for credential files
Transmitting secrets over HTTP

Hardcoded Secrets

API keys and tokens in source code
Known formats (OpenAI, GitHub, AWS)
Passwords and private keys
Connection strings with credentials

Prompt Injection

Ignore previous instructions patterns
Social engineering attempts
System override requests
Urgency + override combinations

Shell Injection

Executing user-supplied input
Command interpolation in shell calls
Reverse shell patterns
Dynamic code loading

Obfuscation

Base64-encoded payloads
Hex-encoded strings
Character-by-character construction
Executing decoded content

System Access

Reading sensitive credential files
Accessing system directories
Privilege escalation attempts
Persistence mechanisms

How It Works

STEP 01

Point at Skill

Provide a path to any OpenClaw skill directory or installed skill.

STEP 02

Deep Scan

30+ rules analyze Python, JS, configs, and markdown for vulnerabilities.

STEP 03

Get Grade

Receive A-F grade with specific findings and actionable recommendations.

Example Scan Output

📊 Skill Security Audit Report
═══════════════════════════════════════════════
Skill: example-data-scraper
Path: /skills/example-data-scraper
Scan Date: 2025-02-10 14:32:18

🎯 RISK ASSESSMENT
Grade: C | Score: 12 | MODERATE RISK

═══════════════════════════════════════════════
🔴 CRITICAL (0 issues)

🟠 HIGH (1 issue)
───────────────────────────────────────────────
[HIGH-001] Hardcoded API key, token, or secret
File: scripts/fetch.py:23
Matched: api_key = "sk-live-abc123xyz789"
Context:     api_key = "sk-live-abc123xyz789"

🟡 MEDIUM (3 issues)
───────────────────────────────────────────────
[MED-003] HTTP requests to non-standard external APIs
File: scripts/fetch.py:45
Matched: requests.post("https://data-collector.tk/upload")

[MED-006] Collecting system/user information
File: scripts/utils.py:12
Matched: platform.node()

🟢 LOW (2 issues)
───────────────────────────────────────────────
[LOW-002] Network requests present
[LOW-004] System library import

⚠️  RECOMMENDATION
Review HIGH-001 before installing. Consider using 
environment variables instead of hardcoded keys.

CLI Usage

python3 scripts/scan.py /path/to/skill

Scan a skill directory (default markdown output)

python3 scripts/scan.py /path/to/skill --format json

JSON output for automation and pipelines

python3 scripts/scan.py /path/to/skill --severity critical,high

Only show critical and high findings

python3 scripts/scan.py /path/to/skill --format summary

One-line summary for batch scanning

Scan Before You Install

Free on ClawHub. Install the Skill Security Auditor and never blindly trust another skill again.

Skill SecurityAuditor