skills$openclaw/securityclaw-skill

7.3k★

securityclaw-skill – OpenClaw Skill

Name: securityclaw-skill
Author: mallen-lbx

securityclaw-skill is an OpenClaw Skills integration for security workflows. Security-first skill auditing and quarantine for OpenClaw skills. Use when installing new skills, reviewing skills from unknown sources, scanning skills for prompt injection/exfiltration/supply-chain risks, or when a bot suspects a skill is malicious. Guides static + optional sandbox checks, quarantines suspicious skills, and produces an owner-action checklist (Delete / Report / Allow / Scan all).

7.3k stars8.8k forksSecurity L1

Updated Feb 7, 2026Created Feb 7, 2026security

Skill Snapshot

name	securityclaw-skill
description	Security-first skill auditing and quarantine for OpenClaw skills. Use when installing new skills, reviewing skills from unknown sources, scanning skills for prompt injection/exfiltration/supply-chain risks, or when a bot suspects a skill is malicious. Guides static + optional sandbox checks, quarantines suspicious skills, and produces an owner-action checklist (Delete / Report / Allow / Scan all). OpenClaw Skills integration.
owner	mallen-lbx
repository	mallen-lbx/securityclaw
language	Markdown
license	MIT
topics
security	L1
install	openclaw add @mallen-lbx/securityclaw
last updated	Feb 7, 2026

Maintainer

mallen-lbx

Maintains securityclaw-skill in the OpenClaw Skills directory.

View GitHub profile

File Explorer

7 files

references

rules.md

735 B

sandboxing.md

916 B

scripts

securityclaw_scan.py

6.8 KB

_meta.json

280 B

SKILL.md

1.8 KB

SKILL.md

name: securityclaw-skill description: Security-first skill auditing and quarantine for OpenClaw skills. Use when installing new skills, reviewing skills from unknown sources, scanning skills for prompt injection/exfiltration/supply-chain risks, or when a bot suspects a skill is malicious. Guides static + optional sandbox checks, quarantines suspicious skills, and produces an owner-action checklist (Delete / Report / Allow / Scan all).

SecurityClaw (Skill Scanner)

Use the scanner script

Run the scanner (read-only by default):

python3 scripts/securityclaw_scan.py --skills-dir ~/.openclaw/skills --out report.json

Quarantine anything suspicious (moves folders, no deletion):

python3 scripts/securityclaw_scan.py --skills-dir ~/.openclaw/skills --quarantine-dir ~/.openclaw/skills-quarantine --quarantine --out report.json

What to do when findings exist

If the report shows severity >= high for any skill:

Do not execute the skill.
Quarantine the skill folder.
Notify the owner with:
- skill name
- top reasons + file/line locations
- recommended action
Await owner instruction:
- Delete: remove quarantined skill
- Report: prepare public report / IOCs (no secrets)
- Allow: add allowlist entry and restore
- Scan all: deep scan everything

Optional: sandbox/dynamic checks (advanced)

Dynamic checks are optional and should run only after owner approval.

Prefer running unknown code with:
- no network egress
- read-only filesystem except a temp workspace
- no access to OpenClaw config/secrets

See references/sandboxing.md.

Files

scripts/securityclaw_scan.py — main scanner + quarantine
references/rules.md — rule catalog (what we flag and why)
references/sandboxing.md — safe sandbox strategy + what to avoid

README.md

No README available.

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

## Use the scanner script Run the scanner (read-only by default): ```bash python3 scripts/securityclaw_scan.py --skills-dir ~/.openclaw/skills --out report.json ``` Quarantine anything suspicious (moves folders, no deletion): ```bash python3 scripts/securityclaw_scan.py --skills-dir ~/.openclaw/skills --quarantine-dir ~/.openclaw/skills-quarantine --quarantine --out report.json ``` ## What to do when findings exist If the report shows `severity >= high` for any skill: 1) **Do not execute** the skill. 2) **Quarantine** the skill folder. 3) **Notify the owner** with: - skill name - top reasons + file/line locations - recommended action 4) Await owner instruction: - **Delete**: remove quarantined skill - **Report**: prepare public report / IOCs (no secrets) - **Allow**: add allowlist entry and restore - **Scan all**: deep scan everything ## Optional: sandbox/dynamic checks (advanced) Dynamic checks are optional and should run only after owner approval. - Prefer running unknown code with: - no network egress - read-only filesystem except a temp workspace - no access to OpenClaw config/secrets See `references/sandboxing.md`. ## Files - `scripts/securityclaw_scan.py` — main scanner + quarantine - `references/rules.md` — rule catalog (what we flag and why) - `references/sandboxing.md` — safe sandbox strategy + what to avoid

Requirements

OpenClaw CLI installed and configured.
Language: Markdown
License: MIT
Topics:

FAQ

How do I install securityclaw-skill?

Run openclaw add @mallen-lbx/securityclaw in your terminal. This installs securityclaw-skill into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/mallen-lbx/securityclaw. Review commits and README documentation before installing.