Xpersona Agent
Deep security analysis of an individual skill before installation Skill: Scan Skill Owner: ItsNishi Summary: Deep security analysis of an individual skill before installation Tags: latest:1.0.0, security:1.0.0 Version history: v1.0.0 | 2026-02-07T23:21:15.290Z | user Initial release of scan-skill: an individual skill security analyzer. - Performs deep security analysis of a skill directory prior to installation. - Checks for injection techniques, hidden commands, and dangerous fiel
clawhub skill install kn7c4x4srjpbhtjhec7q71202n80phmw:scan-skillOverall rank
#62
Adoption
860 downloads
Trust
Unknown
Freshness
Mar 1, 2026
Freshness
Last checked Mar 1, 2026
Best For
Scan Skill is best for general automation workflows where OpenClaw compatibility matters.
Not Ideal For
Contract metadata is missing or unavailable for deterministic execution.
Evidence Sources Checked
editorial-content, CLAWHUB, runtime-metrics, public facts pack
Key links, install path, reliability highlights, and the shortest practical read before diving into the crawl record.
Overview
Deep security analysis of an individual skill before installation Skill: Scan Skill Owner: ItsNishi Summary: Deep security analysis of an individual skill before installation Tags: latest:1.0.0, security:1.0.0 Version history: v1.0.0 | 2026-02-07T23:21:15.290Z | user Initial release of scan-skill: an individual skill security analyzer. - Performs deep security analysis of a skill directory prior to installation. - Checks for injection techniques, hidden commands, and dangerous fiel Capability contract not published. No trust telemetry is available yet. 860 downloads reported by the source. Last updated 4/15/2026.
Trust score
Unknown
Compatibility
OpenClaw
Freshness
Mar 1, 2026
Vendor
Clawhub
Artifacts
0
Benchmarks
0
Last release
1.0.0
Install & run
clawhub skill install kn7c4x4srjpbhtjhec7q71202n80phmw:scan-skillSetup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.
Public facts grouped by evidence type, plus release and crawl events with provenance and freshness.
Public facts
Vendor
Clawhub
Protocol compatibility
OpenClaw
Latest release
1.0.0
Adoption signal
860 downloads
Handshake status
UNKNOWN
Parameters, dependencies, examples, extracted files, editorial overview, and the complete README when available.
Captured outputs
Extracted files
2
Examples
1
Snippets
0
Languages
Unknown
bash
python3 "$SKILL_DIR/scripts/scan_skill.py" "$ARGUMENTS"
SKILL.md
--- name: scan-skill description: Deep security analysis of an individual skill before installation disable-model-invocation: true allowed-tools: Read, Glob, Grep, Bash context: fork --- # scan-skill -- Individual Skill Analyzer Perform deep security analysis of a single skill directory before installation. Checks for all known injection techniques from AI agent security research. ## What to do Run the scanner against the target skill directory: ```bash python3 "$SKILL_DIR/scripts/scan_skill.py" "$ARGUMENTS" ``` Where `$ARGUMENTS` is the path to the skill directory to analyze. If no argument is provided, prompt the user for the path to the skill they want to scan. ## What it checks - SKILL.md frontmatter analysis (dangerous field combinations, hidden skills, pre-approved tools) - Hidden HTML comments with imperative instructions - Shell command patterns (remote-code-pipe-to-shell, encoded payloads) - Description persistence triggers (forced repeated execution keywords) - Supporting files analysis (scripts/ directory contents, executable permissions) - Dynamic context injection (preprocessor command execution) - Encoding and obfuscation (base64, hex, zero-width characters) - Instruction override attempts (context manipulation, role impersonation) ## Output Structured report with severity-ranked findings and specific recommendations per finding. Includes frontmatter analysis summary and supporting file inventory. ## When to use - Before installing a skill from a public repository or marketplace - When reviewing a skill contributed by an external party - As part of security review before adding skills to your agent configuration
_meta.json
{
"ownerId": "kn7c4x4srjpbhtjhec7q71202n80phmw",
"slug": "scan-skill",
"version": "1.0.0",
"publishedAt": 1770506475290
}Editorial read
Docs source
CLAWHUB
Editorial quality
ready
Deep security analysis of an individual skill before installation Skill: Scan Skill Owner: ItsNishi Summary: Deep security analysis of an individual skill before installation Tags: latest:1.0.0, security:1.0.0 Version history: v1.0.0 | 2026-02-07T23:21:15.290Z | user Initial release of scan-skill: an individual skill security analyzer. - Performs deep security analysis of a skill directory prior to installation. - Checks for injection techniques, hidden commands, and dangerous fiel
Skill: Scan Skill
Owner: ItsNishi
Summary: Deep security analysis of an individual skill before installation
Tags: latest:1.0.0, security:1.0.0
Version history:
v1.0.0 | 2026-02-07T23:21:15.290Z | user
Initial release of scan-skill: an individual skill security analyzer.
Archive index:
Archive v1.0.0: 4 files, 12251 bytes
Files: scripts/patterns.py (26840b), scripts/scan_skill.py (10174b), SKILL.md (1667b), _meta.json (129b)
File v1.0.0:SKILL.md
Perform deep security analysis of a single skill directory before installation. Checks for all known injection techniques from AI agent security research.
Run the scanner against the target skill directory:
python3 "$SKILL_DIR/scripts/scan_skill.py" "$ARGUMENTS"
Where $ARGUMENTS is the path to the skill directory to analyze.
If no argument is provided, prompt the user for the path to the skill they want to scan.
Structured report with severity-ranked findings and specific recommendations per finding. Includes frontmatter analysis summary and supporting file inventory.
File v1.0.0:_meta.json
{ "ownerId": "kn7c4x4srjpbhtjhec7q71202n80phmw", "slug": "scan-skill", "version": "1.0.0", "publishedAt": 1770506475290 }
Machine endpoints, contract coverage, trust signals, runtime metrics, benchmarks, and guardrails for agent-to-agent use.
Machine interfaces
Contract coverage
Status
missing
Auth
None
Streaming
No
Data region
Unspecified
Protocol support
Requires: none
Forbidden: none
Guardrails
Operational confidence: low
curl -s "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/snapshot"
curl -s "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/contract"
curl -s "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/trust"
Operational fit
Trust signals
Handshake
UNKNOWN
Confidence
unknown
Attempts 30d
unknown
Fallback rate
unknown
Runtime metrics
Observed P50
unknown
Observed P95
unknown
Rate limit
unknown
Estimated cost
unknown
Do not use if
Raw contract, invocation, trust, capability, facts, and change-event payloads for machine-side inspection.
Contract JSON
{
"contractStatus": "missing",
"authModes": [],
"requires": [],
"forbidden": [],
"supportsMcp": false,
"supportsA2a": false,
"supportsStreaming": false,
"inputSchemaRef": null,
"outputSchemaRef": null,
"dataRegion": null,
"contractUpdatedAt": null,
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Invocation Guide
{
"preferredApi": {
"snapshotUrl": "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/snapshot",
"contractUrl": "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/contract",
"trustUrl": "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/trust"
},
"curlExamples": [
"curl -s \"https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/snapshot\"",
"curl -s \"https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/contract\"",
"curl -s \"https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/trust\""
],
"jsonRequestTemplate": {
"query": "summarize this repo",
"constraints": {
"maxLatencyMs": 2000,
"protocolPreference": [
"OPENCLEW"
]
}
},
"jsonResponseTemplate": {
"ok": true,
"result": {
"summary": "...",
"confidence": 0.9
},
"meta": {
"source": "CLAWHUB",
"generatedAt": "2026-04-17T04:48:50.846Z"
}
},
"retryPolicy": {
"maxAttempts": 3,
"backoffMs": [
500,
1500,
3500
],
"retryableConditions": [
"HTTP_429",
"HTTP_503",
"NETWORK_TIMEOUT"
]
}
}Trust JSON
{
"status": "unavailable",
"handshakeStatus": "UNKNOWN",
"verificationFreshnessHours": null,
"reputationScore": null,
"p95LatencyMs": null,
"successRate30d": null,
"fallbackRate": null,
"attempts30d": null,
"trustUpdatedAt": null,
"trustConfidence": "unknown",
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Capability Matrix
{
"rows": [
{
"key": "OPENCLEW",
"type": "protocol",
"support": "unknown",
"confidenceSource": "profile",
"notes": "Listed on profile"
}
],
"flattenedTokens": "protocol:OPENCLEW|unknown|profile"
}Facts JSON
[
{
"factKey": "vendor",
"category": "vendor",
"label": "Vendor",
"value": "Clawhub",
"href": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceUrl": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-04-15T00:45:39.800Z",
"isPublic": true
},
{
"factKey": "protocols",
"category": "compatibility",
"label": "Protocol compatibility",
"value": "OpenClaw",
"href": "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/contract",
"sourceType": "contract",
"confidence": "medium",
"observedAt": "2026-04-15T00:45:39.800Z",
"isPublic": true
},
{
"factKey": "traction",
"category": "adoption",
"label": "Adoption signal",
"value": "860 downloads",
"href": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceUrl": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-04-15T00:45:39.800Z",
"isPublic": true
},
{
"factKey": "latest_release",
"category": "release",
"label": "Latest release",
"value": "1.0.0",
"href": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceUrl": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceType": "release",
"confidence": "medium",
"observedAt": "2026-02-07T23:21:15.290Z",
"isPublic": true
},
{
"factKey": "handshake_status",
"category": "security",
"label": "Handshake status",
"value": "UNKNOWN",
"href": "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/trust",
"sourceUrl": "https://xpersona.co/api/v1/agents/clawhub-itsnishi-scan-skill/trust",
"sourceType": "trust",
"confidence": "medium",
"observedAt": null,
"isPublic": true
}
]Change Events JSON
[
{
"eventType": "release",
"title": "Release 1.0.0",
"description": "Initial release of scan-skill: an individual skill security analyzer. - Performs deep security analysis of a skill directory prior to installation. - Checks for injection techniques, hidden commands, and dangerous field combinations in SKILL.md. - Analyzes scripts, permissions, encoding/obfuscation patterns, and dynamic context usage. - Produces a structured, severity-ranked report with recommendations and a file inventory. - Intended for pre-installation review of public, external, or contributed skills.",
"href": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceUrl": "https://clawhub.ai/ItsNishi/scan-skill",
"sourceType": "release",
"confidence": "medium",
"observedAt": "2026-02-07T23:21:15.290Z",
"isPublic": true
}
]Sponsored
Ads related to Scan Skill and adjacent AI workflows.