Skills skill-scanner
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/bvinci1-design/skill-scanner" ~/.claude/skills/clawdbot-skills-skill-scanner-040682 && rm -rf "$T"
manifest:
skills/bvinci1-design/skill-scanner/SKILL.mdsource content
Skill Scanner
Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.
Capabilities
- Scan skill folders for security threats
- Detect data exfiltration patterns
- Identify system modification attempts
- Catch crypto-mining indicators
- Flag arbitrary code execution risks
- Find backdoors and obfuscation techniques
- Output reports in Markdown or JSON format
- Provide Web UI via Streamlit
Usage
Command Line
python skill_scanner.py /path/to/skill-folder
Within Clawdbot
"Scan the [skill-name] skill for security issues using skill-scanner" "Use skill-scanner to check the youtube-watcher skill" "Run a security audit on the remotion skill"
Web UI
pip install streamlit streamlit run streamlit_ui.py
Requirements
- Python 3.7+
- No additional dependencies (uses Python standard library)
- Streamlit (optional, for Web UI)
Entry Point
- CLI:
skill_scanner.py - Web UI:
streamlit_ui.py
Tags
#security #malware #spyware #crypto-mining #scanner #audit #code-analysis #mcp #clawdbot #agent-skills #safety #threat-detection #vulnerability