Skill Scanner — Malicious Skill Detection for OpenClaw

Scan all installed OpenClaw skills to detect hidden malicious behavior such as:

• ClickFix — Social engineering that tricks users into downloading and running malicious code (e.g., fake update prompts, disguised install commands)
• RAT (Remote Access Trojan) — Reverse shells, backdoors, or covert command-and-control connections
• Info Stealer — Exfiltration of credentials, SSH keys, tokens, environment variables, browser data, or keychain items

How It Works

This skill uses the OG-Text security model to analyze each installed skill's source code. The agent reads skill files, chunks long content, sends each chunk to the model with a specialized security prompt, and aggregates the findings into a risk report.

Discover skills → Read source files → Chunk content → OG-Text analysis → Aggregate → Report

Workflow

Follow these steps in order when the user asks to scan skills.