skill-scanner – OpenClaw Skill

---

name: skill-scanner description: Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.

Skill Scanner

Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.

Capabilities

• Scan skill folders for security threats
• Detect data exfiltration patterns
• Identify system modification attempts
• Catch crypto-mining indicators
• Flag arbitrary code execution risks
• Find backdoors and obfuscation techniques
• Output reports in Markdown or JSON format
• Provide Web UI via Streamlit

Usage

Command Line

python skill_scanner.py /path/to/skill-folder

Within Clawdbot

"Scan the [skill-name] skill for security issues using skill-scanner"
"Use skill-scanner to check the youtube-watcher skill"
"Run a security audit on the remotion skill"

Web UI

pip install streamlit
streamlit run streamlit_ui.py

Requirements

• Python 3.7+
• No additional dependencies (uses Python standard library)
• Streamlit (optional, for Web UI)

Entry Point

• CLI: skill_scanner.py
• Web UI: streamlit_ui.py

Tags

#security #malware #spyware #crypto-mining #scanner #audit #code-analysis #mcp #clawdbot #agent-skills #safety #threat-detection #vulnerability

Skill Scanner

Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.

Features

• Detects data exfiltration patterns (env scraping, credential access, HTTP POST to unknown domains)
• Identifies system modification attempts (dangerous rm, crontab changes, systemd persistence)
• Catches crypto-mining indicators (xmrig, mining pools, wallet addresses)
• Flags arbitrary code execution risks (eval, exec, download-and-execute)
• Detects backdoors (reverse shells, socket servers)
• Finds obfuscation techniques (base64 decode + exec)
• Outputs Markdown or JSON reports
• Returns exit codes for CI/CD integration

Installation

# Clone the repo
git clone https://github.com/bvinci1-design/skill-scanner.git
cd skill-scanner

# No dependencies required - uses Python standard library only
# Requires Python 3.7+

---

How to Run in Clawdbot

Clawdbot users can run this scanner directly as a skill to audit other downloaded skills.

Quick Start (Clawdbot)

1. Download the scanner from this repo to your Clawdbot skills folder:

   cd ~/.clawdbot/skills
   git clone https://github.com/bvinci1-design/skill-scanner.git
   

2. Scan any skill by telling Clawdbot:

   "Scan the [skill-name] skill for security issues using skill-scanner"
   

   Or run directly:

   python ~/.clawdbot/skills/skill-scanner/skill_scanner.py ~/.clawdbot/skills/[skill-name]
   

3. Review the output - Clawdbot will display:

   • Verdict: APPROVED, CAUTION, or REJECT
   • Any security findings with severity levels
   • Specific file and line numbers for concerns

Example Clawdbot Commands

"Use skill-scanner to check the youtube-watcher skill"
"Scan all my downloaded skills for malware"
"Run a security audit on the remotion skill"

Interpreting Results in Clawdbot

Verdict	Meaning	Action
APPROVED	No security issues found	Safe to use
CAUTION	Minor concerns detected	Review findings before use
REJECT	Critical security issues	Do not use without careful review

---

How to Run on Any Device

The scanner works on any system with Python 3.7+ installed.

Prerequisites

• Python 3.7 or higher
• Git (for cloning) or download ZIP from GitHub
• No additional packages required (uses Python standard library)

Installation Options

Option 1: Clone with Git

git clone https://github.com/bvinci1-design/skill-scanner.git
cd skill-scanner

Option 2: Download ZIP

1. Click "Code" button on GitHub
2. Select "Download ZIP"
3. Extract to desired location

Command Line Usage

Basic scan:

python skill_scanner.py /path/to/skill-folder

Output to file:

python skill_scanner.py /path/to/skill-folder --output report.md

JSON output:

python skill_scanner.py /path/to/skill-folder --json

Scan current directory:

python skill_scanner.py .

Web UI (Streamlit)

For a user-friendly graphical interface:

1. Install Streamlit:

   pip install streamlit
   

2. Run the UI:

   streamlit run streamlit_ui.py
   

3. Open in browser at http://localhost:8501

4. Features:

   • Drag-and-drop file upload
   • Support for ZIP archives
   • Paste code directly for scanning
   • Visual severity indicators
   • Export reports in Markdown or JSON

---

Exit Codes

Code	Meaning
0	Approved - no issues
1	Caution - high-severity issues
2	Reject - critical issues

Threat Patterns Detected

Critical (auto-reject)

• Credential path access (~/.ssh, ~/.aws, /etc/passwd)
• Dangerous recursive delete (rm -rf /)
• Systemd/launchd persistence
• Crypto miners (xmrig, ethminer, stratum+tcp)
• Download and execute (curl | sh)
• Reverse shells (/dev/tcp, nc -e)
• Base64 decode + exec obfuscation

High (caution)

• Bulk environment variable access
• Crontab modification
• eval/exec dynamic code execution
• Socket servers

Medium (informational)

• Environment variable reads
• HTTP POST to external endpoints

CI/CD Integration

# GitHub Actions example
- name: Scan skill for security issues
  run: |
    python skill_scanner.py ./my-skill --output scan-report.md
    if [ $? -eq 2 ]; then
      echo "CRITICAL issues found - blocking merge"
      exit 1
    fi

Contributing

Pull requests welcome! To add new threat patterns, edit the THREAT_PATTERNS list in skill_scanner.py.

License

MIT License - see LICENSE file for details.