AI Skill Scanner

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Skill Security Scanner

Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.

Quick Start

# Scan a local skill folder
python3 scripts/scan.py /path/to/skill

# Verbose output (show matched lines)
python3 scripts/scan.py /path/to/skill --verbose

# JSON output (for automation)
python3 scripts/scan.py /path/to/skill --json

Workflow: Scan Before Install

Download or locate the skill folder
Run python3 scripts/scan.py <skill-path> --verbose
Review findings by severity (CRITICAL/HIGH = do not install)
Report results to user with recommendation

Score Interpretation

| Score | Meaning | Recommendation | |-------|---------|----------------| | CLEAN | No issues found | Safe to install | | INFO | Minor notes only | Safe to install | | REVIEW | Medium-severity findings | Review manually before installing | | SUSPICIOUS | High-severity findings | Do NOT install without thorough manual review | | DANGEROUS | Critical findings detected | Do NOT install — likely malicious |

Exit Codes

0 = CLEAN/INFO
1 = REVIEW
2 = SUSPICIOUS
3 = DANGEROUS

Rules Reference

See references/rules.md for full list of detection rules, severity levels, and whitelisted domains.

Limitations

Pattern-based detection — cannot catch all obfuscation techniques
No runtime analysis — only static scanning
False positives possible for legitimate tools that access network/files
Always combine with manual review for HIGH/MEDIUM findings