Free on ClawHub

Skill Security
Auditor

Scan OpenClaw agent skills for malicious code, hardcoded credentials, prompt injection, data exfiltration, and suspicious shell commands. Get an A-F grade before you install anything.

30+
Security Rules
4
Severity Levels
52
Skills Scanned
7.1%
Found Leaking

Why This Exists

341

Malicious skills found on ClawHub in one week

7.1%

Of published skills leak credentials

0

Other scanners catch agent-specific attacks

Traditional security tools miss agent-specific attack patterns like prompt injection and credential harvesting through environment variables.

The Grading System

A-F grades based on weighted severity scoring

A
Clean (0 pts)

No issues found. Skill appears safe to install.

B
Low Risk (1–5 pts)

Minor informational findings. Generally safe.

C
Moderate Risk (6–15 pts)

Review recommended. Some suspicious patterns detected.

D
High Risk (16–40 pts)

Do not install without thorough review. Multiple concerns.

F
Dangerous (41+ pts)

Likely malicious. Strongly recommend against installation.

30+ Security Rules

Checks across 4 severity levels — from informational to critical

Data Exfiltration

  • Network calls with embedded credentials
  • Exfiltrating environment variables
  • Scanning filesystem for credential files
  • Transmitting secrets over HTTP

Hardcoded Secrets

  • API keys and tokens in source code
  • Known formats (OpenAI, GitHub, AWS)
  • Passwords and private keys
  • Connection strings with credentials

Prompt Injection

  • Ignore previous instructions patterns
  • Social engineering attempts
  • System override requests
  • Urgency + override combinations

Shell Injection

  • Executing user-supplied input
  • Command interpolation in shell calls
  • Reverse shell patterns
  • Dynamic code loading

Obfuscation

  • Base64-encoded payloads
  • Hex-encoded strings
  • Character-by-character construction
  • Executing decoded content

System Access

  • Reading sensitive credential files
  • Accessing system directories
  • Privilege escalation attempts
  • Persistence mechanisms

How It Works

STEP 01

Point at Skill

Provide a path to any OpenClaw skill directory or installed skill.

STEP 02

Deep Scan

30+ rules analyze Python, JS, configs, and markdown for vulnerabilities.

STEP 03

Get Grade

Receive A-F grade with specific findings and actionable recommendations.

Example Scan Output
📊 Skill Security Audit Report
═══════════════════════════════════════════════
Skill: example-data-scraper
Path: /skills/example-data-scraper
Scan Date: 2025-02-10 14:32:18

🎯 RISK ASSESSMENT
Grade: C | Score: 12 | MODERATE RISK

═══════════════════════════════════════════════
🔴 CRITICAL (0 issues)

🟠 HIGH (1 issue)
───────────────────────────────────────────────
[HIGH-001] Hardcoded API key, token, or secret
File: scripts/fetch.py:23
Matched: api_key = "sk-live-abc123xyz789"
Context:     api_key = "sk-live-abc123xyz789"

🟡 MEDIUM (3 issues)
───────────────────────────────────────────────
[MED-003] HTTP requests to non-standard external APIs
File: scripts/fetch.py:45
Matched: requests.post("https://data-collector.tk/upload")

[MED-006] Collecting system/user information
File: scripts/utils.py:12
Matched: platform.node()

🟢 LOW (2 issues)
───────────────────────────────────────────────
[LOW-002] Network requests present
[LOW-004] System library import

⚠️  RECOMMENDATION
Review HIGH-001 before installing. Consider using 
environment variables instead of hardcoded keys.

CLI Usage

python3 scripts/scan.py /path/to/skill

Scan a skill directory (default markdown output)

python3 scripts/scan.py /path/to/skill --format json

JSON output for automation and pipelines

python3 scripts/scan.py /path/to/skill --severity critical,high

Only show critical and high findings

python3 scripts/scan.py /path/to/skill --format summary

One-line summary for batch scanning

Scan Before You Install

Free on ClawHub. Install the Skill Security Auditor and never blindly trust another skill again.