Security scanner that catches malicious skills before they steal your data. Detects credential theft, prompt injection, and hidden backdoors. Works immediately with zero setup. Optional AST dataflow analysis traces how your data moves through code.
Security Analysis
medium confidenceThe package and SKILL.md are consistent with a local security scanner: the files, scripts, and optional integrations (AST, VirusTotal, LLM) match the described purpose, but the publisher/source is unknown so proceed with caution and review setup scripts before running.
Name/description match the actual contents: many analyzer scripts (AST, static, virustotal, llm-semantic, scan-url, format-report) are present and expected for a security scanner. Optional features (AST, VirusTotal, LLM) are declared and implemented as optional dependencies.
SKILL.md instructs the agent/user to scan local skill directories, audit installed skills, optionally enable AST/Tree-sitter, and optionally use VirusTotal/LLM. These actions legitimately require reading skill files and making network requests when asked. However, the docs also contain prompt-injection examples and guidance (expected for a scanner) which triggered a pre-scan injection signal — verify that these are explanatory examples and not instructions that will be executed by the agent.
No automatic installer is provided (no download/execute URL). The tool is a Node.js project with scripts you run locally; optional Python/tree-sitter and optional npm modules are listed. No high-risk remote install URLs or shorteners are present in the package metadata.
The skill declares no required environment variables. Optional features request a VIRUSTOTAL_API_KEY and an OpenClaw gateway for LLM analysis — both are proportional to the described optional features. The scanner will read files and env-vars inside scanned skills (that's its purpose) but does not request unrelated credentials.
always:false and model invocation allowed by default. The setup wizard saves preferences to ~/.openclaw/skill-auditor.json and can optionally enable auto-scan (opt-in). The skill does not request always:true or system-wide config modifications in SKILL.md.
Guidance
This package appears internally consistent with its stated role as a local security scanner. Before running it: 1) Inspect scripts/setup.js and scripts/scan-skill.js (they are present) to confirm the setup wizard does not run unexpected network commands or install remote code automatically. 2) Run the tool in an isolated environment (VM/temporary container) first, especially before enabling auto-scan. 3) If you plan to use VirusTotal or the LLM features, provide those API keys only if you trust the repository; agree to their privacy implications. 4) Verify the repository/origin (the package.json repo points to a GitHub URL) and check commit history or upstream project to increase confidence. 5) If you want higher assurance, ask the publisher for a signed release or checksum; absence of a homepage / known publisher keeps overall confidence at medium.
Latest Release
v2.1.3
Removed test malicious files that triggered ClawHub security scan
More by @RubenAQuispe
Published by @RubenAQuispe on ClawHub
