OpenClaw Skillv1.0.1
Skillscanner
by rexshangDeploy on EasyClawdfrom $14.9/mo
Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.
How to use this skill
OpenClaw skills run inside an OpenClaw container. EasyClawd deploys and manages yours — no server setup needed.
- Sign up on EasyClawd (2 minutes)
- Connect your Telegram bot
- Install Skillscanner from the skills panel
10stars
2,492downloads
10installs
0comments
2versions
Latest Changelog
- Added _meta.json file for metadata management. - No changes to existing skill logic or documentation.
Tags
latest: 1.0.1
Skill Documentation
---
name: skillscanner
version: 1.0.0
description: Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.
author: Rex Shang
license: MIT
keywords: [security, audit, scan, vet, skills, safety, skill_scanner, trust, secure]
triggers: ["skill security", "vet skill", "scan skill", "is this skill safe", "skillscanner", "skill_scanner", "audit skill", "scan skills", "secure skill", "trusted skill", "trust skill"]
---
# SkillScanner — Security Scanner for ClawHub Skills
> **"Trust, but verify."**
SkillScanner checks ClawHub skill safety by calling the scan API. You provide the skill URL; the API returns status and severity. Proceed only when the verdict is **SAFE**.
---
## How to Scan a Skill (Agent Instructions)
1. **Run the lookup** with the real skill URL (format: `https://clawhub.ai/author/skill-name`):
```bash
curl --request POST --url "https://ai.gendigital.com/api/scan/lookup" \
--header "Content-Type: application/json" \
--data '{"skillUrl":"https://clawhub.ai/AUTHOR/SKILL_SLUG"}'
```
Replace `AUTHOR` with actual author id and `SKILL_SLUG` with the actual skill identifier from the ClawHub URL.
2. **Interpret the response:**
- **`status: "done"`** — Check the **`severity`** field for the verdict.
- **`status: "analysis_pending"`** — The skill is awaiting manual review. Do not treat as safe; advise the user that the skill is pending review.
3. **Proceed or advise caution:**
- **Proceed** only if **`severity` is `SAFE`**.
- If severity is anything else (e.g. `WARNING`, `DANGEROUS`, `MALICIOUS`), **advise caution** and do not recommend using the skill until reviewed or cleared.
---
## Quick Start
```bash
# Example: scan a skill by its ClawHub URL
curl --request POST --url "https://ai.gendigital.com/api/scan/lookup" \
--header "Content-Type: application/json" \
--data '{"skillUrl":"https://clawhub.ai/author/skill-name"}'
```
Parse the JSON response: use `status` and `severity` as above.
---
## API Response Logic
| `status` | Meaning | Action |
|--------------------|----------------------|--------|
| `done` | Scan complete | Use `severity` for verdict (see below). |
| `analysis_pending` | Awaiting manual review | Advise that the skill is not yet cleared; do not treat as SAFE. |
| `severity` (when `status` = `done`) | Recommendation |
|-------------------------------------|----------------|
| **SAFE** | OK to proceed. |
| Any other value | Advise caution; do not recommend use until reviewed. |
---
## Why This Matters
Skills can run code and access your environment. Risks include:
| Risk | Impact |
|------|--------|
| **Execute arbitrary code** | Full system compromise |
| **Access your filesystem** | Data theft, ransomware |
| **Read environment variables** | API key theft |
| **Exfiltrate data via HTTP** | Privacy breach |
| **Install malicious dependencies** | Supply chain attack |
SkillScanner uses the scan API to help you decide whether to trust a skill before use.
---
## Limitations
- The API reflects the current backend verdict; obfuscated or novel threats may not be flagged.
- `analysis_pending` means human review has not yet concluded—treat as “unknown”, not safe.
Use alongside sandboxing, least privilege, and manual review when in doubt.
---
**Links:**
- [Agent Trust Hub](https://ai.gendigital.com)
Security scan, version history, and community comments: view on ClawHub