Skills

skill-scan

Installation
SKILL.md

Skill-Scan — Security Auditor for Agent Skills

Multi-layered security scanner for OpenClaw skill packages. Detects malicious code, evasion techniques, prompt injection, and misaligned behavior through static analysis and optional LLM-powered deep inspection. Run this BEFORE installing or enabling any untrusted skill.

Features

  • 6 analysis layers — pattern matching, AST/evasion, prompt injection, LLM deep analysis, alignment verification, meta-analysis
  • 60+ detection rules — execution threats, credential theft, data exfiltration, obfuscation, behavioral signatures
  • Context-aware scoring — reduces false positives for legitimate API skills
  • ClawHub integration — scan skills directly from the registry by slug
  • Multiple output modes — text report (default), --json, --compact, --quiet
  • Exit codes — 0 for safe, 1 for risky (easy scripting integration)

When to Use

Installs
2
Repository
openclaw/skills
GitHub Stars
4.5K
First Seen
Feb 9, 2026
skill-scan — openclaw/skills