skills$openclaw/security-skill-scanner

2.9k★

security-skill-scanner – OpenClaw Skill

Name: security-skill-scanner
Author: digitaladaption

security-skill-scanner is an OpenClaw Skills integration for security workflows. Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.

2.9k stars528 forksSecurity L1

Updated Feb 7, 2026Created Feb 7, 2026security

Skill Snapshot

name	security-skill-scanner
description	Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats. OpenClaw Skills integration.
owner	digitaladaption
repository	digitaladaption/openclaw-skills-security-checker
language	Markdown
license	MIT
topics
security	L1
install	openclaw add @digitaladaption/openclaw-skills-security-checker
last updated	Feb 7, 2026

Maintainer

digitaladaption

Maintains security-skill-scanner in the OpenClaw Skills directory.

View GitHub profile

File Explorer

2 files

_meta.json

315 B

SKILL.md

5.1 KB

SKILL.md

name: security-skill-scanner version: 1.0.0 description: Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats. homepage: https://github.com/digitaladaption/openclaw-skills-security-checker metadata: {"clawdbot":{"emoji":"🔒","category":"security"},"author":"ClaudiatheLobster"}

Security Skill Scanner

Scans ClawdHub skills for suspicious patterns, manages permission manifests, and monitors Moltbook for security threats.

Features

Pattern Detection: Scans SKILL.md files for credential theft, command injection, network exfil patterns
Whitelist Management: Maintains list of known legitimate skills
Moltbook Monitoring: Continuously monitors Moltbook for security discussions and scam alerts
Permission Manifests: Generates and tracks skill permissions with Isnad chains
Daily Reports: Automatic scanning with markdown/JSON reports

Usage

Scan All Skills

python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py

Scan Specific Skill

python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-pro

Add to Whitelist

python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist"

Check Whitelist

python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py list

Monitor Moltbook (One-shot)

bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh

Files

File	Purpose
`skill-scanner.py`	Main scanner with regex pattern detection
`whitelist-manager.py`	Manage false-positive whitelist
`moltbook-monitor.sh`	Moltbook security feed monitor
`permission-manager.py`	Generate skill permission manifests
`data/whitelist.json`	Whitelisted skills database

Patterns Detected

Category	Patterns
Credential Theft	.env access, webhook.site, POST secrets
Command Injection	os.system, eval, shell=True, subprocess
Network Exfil	HTTP requests with Bearer tokens
Suspicious Downloads	wget, curl -O, remote scripts

Whitelisted Skills

These skills are known legitimate and excluded from warnings:

nano-banana-pro (Google Gemini)
notion (Notion API)
trello (Trello API)
gog (Google Workspace)
local-places (Google Places)
bluebubbles (iMessage)
weather (Weather API)
And 5 more...

Cron Jobs (Optional)

Add to crontab for automated scanning:

# Daily skill scan at 4 AM
0 4 * * * python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py >> /var/log/skill-scan.log 2>&1

# Moltbook monitor every 30 min
*/30 * * * * bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh >> /var/log/moltbook-monitor.log 2>&1

Pre-Install Hook (Block Suspicious Skills)

Install new skills with automatic security scanning that BLOCKS suspicious installations:

Quick Install with Scan

# Interactive mode (asks before installing)
bash /root/clawd/skills/security-skill-scanner/install-skill.sh nano-banana-pro

# With force override (installs even if suspicious)
bash /root/clawd/skills/security-skill-scanner/install-skill.sh suspicious-skill --force

# Scan-only mode
python3 /root/clawd/skills/security-skill-scanner/install-hook.py skill-name --scan-only

Integration with molthub

Add to your shell profile for automatic scanning on every install:

# Add to ~/.bashrc or ~/.zshrc
molthub() {
    if [ "$1" = "install" ] || [ "$1" = "add" ]; then
        python3 /root/clawd/skills/security-skill-scanner/install-hook.py "$2" --interactive
    else
        /home/linuxbrew/.linuxbrew/bin/molthub "$@"
    fi
}

Now every molthub install <skill> will be scanned first!

What Happens

Clean skill → Installs normally ✅
Whitelisted skill → Installs normally ✅
Suspicious skill → BLOCKED with explanation 🚫
Suspicious + --force → Warns but installs ⚠️

Example Output

🔒 Pre-Install Security Scan: nano-banana-pro
----------------------------------------------
Status: whitelisted
Action: allowed
✅ Scan passed - safe to install

🚀 Proceeding with installation...
✅ nano-banana-pro installed successfully

🔒 Pre-Install Security Scan: weather-scam
----------------------------------------------
Status: suspicious
Action: blocked

🚨 THREATS DETECTED:
   🔴 [credential_theft] Access to .env file
      File: SKILL.md
   🔴 [network_exfil] HTTP requests with Bearer tokens
      File: scripts/steal_creds.py

❌ INSTALLATION BLOCKED

To override: python3 install-hook.py weather-scam --force

Reports

/tmp/security-scanner/scan-report.md - Human-readable scan results
/tmp/security-scanner/scan-results.json - Structured JSON output
/tmp/security-scanner/moltbook-scan.log - Moltbook monitoring log

Integration

Import as a module:

from skill_scanner import RegexScanner

scanner = RegexScanner()
results = scanner.scan_all_skills()
print(f"Found {results['threats_found']} threats")

README.md

No README available.

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

Scans ClawdHub skills for suspicious patterns, manages permission manifests, and monitors Moltbook for security threats. ## Features - **Pattern Detection**: Scans SKILL.md files for credential theft, command injection, network exfil patterns - **Whitelist Management**: Maintains list of known legitimate skills - **Moltbook Monitoring**: Continuously monitors Moltbook for security discussions and scam alerts - **Permission Manifests**: Generates and tracks skill permissions with Isnad chains - **Daily Reports**: Automatic scanning with markdown/JSON reports ## Usage ### Scan All Skills ```bash python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py ``` ### Scan Specific Skill ```bash python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-pro ``` ### Add to Whitelist ```bash python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist" ``` ### Check Whitelist ```bash python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py list ``` ### Monitor Moltbook (One-shot) ```bash bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh ``` ## Files | File | Purpose | |------|---------| | `skill-scanner.py` | Main scanner with regex pattern detection | | `whitelist-manager.py` | Manage false-positive whitelist | | `moltbook-monitor.sh` | Moltbook security feed monitor | | `permission-manager.py` | Generate skill permission manifests | | `data/whitelist.json` | Whitelisted skills database | ## Patterns Detected | Category | Patterns | |----------|----------| | Credential Theft | .env access, webhook.site, POST secrets | | Command Injection | os.system, eval, shell=True, subprocess | | Network Exfil | HTTP requests with Bearer tokens | | Suspicious Downloads | wget, curl -O, remote scripts | ## Whitelisted Skills These skills are known legitimate and excluded from warnings: - nano-banana-pro (Google Gemini) - notion (Notion API) - trello (Trello API) - gog (Google Workspace) - local-places (Google Places) - bluebubbles (iMessage) - weather (Weather API) - And 5 more... ## Cron Jobs (Optional) Add to crontab for automated scanning: ```bash

Requirements

OpenClaw CLI installed and configured.
Language: Markdown
License: MIT
Topics:

FAQ

How do I install security-skill-scanner?

Run openclaw add @digitaladaption/openclaw-skills-security-checker in your terminal. This installs security-skill-scanner into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/digitaladaption/openclaw-skills-security-checker. Review commits and README documentation before installing.