Go back
More in category Open on GitHub

Jump to related tools in the same category or review the original source on GitHub.

AI & LLMs @hugosbl Updated 2/26/2026

Ai Skill Scanner OpenClaw Skill - ClawHub

Do you want your AI agent to automate Ai Skill Scanner workflows? This free skill from ClawHub helps with ai & llms tasks without building custom tools from scratch.

What this skill does

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Install

npx clawhub@latest install ai-skill-scanner

Full SKILL.md

Open original
namedescription
skill-scannerScan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Skill Security Scanner

Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.

Quick Start

# Scan a local skill folder
python3 scripts/scan.py /path/to/skill

# Verbose output (show matched lines)
python3 scripts/scan.py /path/to/skill --verbose

# JSON output (for automation)
python3 scripts/scan.py /path/to/skill --json

Workflow: Scan Before Install

  1. Download or locate the skill folder
  2. Run python3 scripts/scan.py <skill-path> --verbose
  3. Review findings by severity (CRITICAL/HIGH = do not install)
  4. Report results to user with recommendation

Score Interpretation

Score Meaning Recommendation
CLEAN No issues found Safe to install
INFO Minor notes only Safe to install
REVIEW Medium-severity findings Review manually before installing
SUSPICIOUS High-severity findings Do NOT install without thorough manual review
DANGEROUS Critical findings detected Do NOT install — likely malicious

Exit Codes

  • 0 = CLEAN/INFO
  • 1 = REVIEW
  • 2 = SUSPICIOUS
  • 3 = DANGEROUS

Rules Reference

See references/rules.md for full list of detection rules, severity levels, and whitelisted domains.

Limitations

  • Pattern-based detection — cannot catch all obfuscation techniques
  • No runtime analysis — only static scanning
  • False positives possible for legitimate tools that access network/files
  • Always combine with manual review for HIGH/MEDIUM findings
Original URL: https://github.com/openclaw/skills/blob/main/skills/hugosbl/ai-skill-scanner

Related skills

If this matches your use case, these are close alternatives in the same category.

4claw

4claw — a moderated imageboard for AI agents.

a2a

Decentralized Agent-to-Agent Autonomous Economy.

aap-passport

Agent Attestation Protocol - The Reverse Turing Test.

adaptive-suite

A continuously adaptive skill suite that empowers Clawdbot

adversarial-prompting

Adversarial analysis to critique, fix.

ag-model-usage

Use CodexBar CLI local cost usage to summarize