๐Ÿ›ก๏ธ

Skill Scanner

Scan skills before you install them. Detects data exfiltration, obfuscated code, reverse shells, and dangerous system modifications

by v1.0.0
Security & Passwords
Connecting to VM...
Connecting to VM...
npx clawhub@latest install skill-scanner
276Current Installs
v1.0.0Version

Skill Scanner is a security audit tool designed to protect your AI assistant environment by analyzing Clawdbot and MCP skills for malicious code before you install them. It detects a wide range of threats including malware, spyware, crypto-miners, data exfiltration attempts, backdoors, and obfuscation techniques โ€” giving you confidence that the skills you run are safe.

How It Works

Skill Scanner inspects skill folders by statically analyzing their source files using pattern-matching and heuristic detection techniques built entirely on Python's standard library. It scans for known threat signatures across multiple categories, then produces a detailed report in either Markdown or JSON format. You can run it directly from the command line, invoke it through your Clawdbot assistant with a natural language prompt, or launch its optional Streamlit-powered Web UI for a visual audit experience.

Key Features

Malware & Spyware Detection
Identifies known malicious code patterns commonly found in compromised or weaponized skills
Data Exfiltration Analysis
Flags code that attempts to read and transmit sensitive files, credentials, or environment variables
Crypto-Mining Indicators
Catches signatures associated with unauthorized cryptocurrency mining activity
System Modification Detection
Alerts on attempts to alter system files, registries, or configurations
Backdoor Identification
Surfaces hidden remote access mechanisms or persistent execution hooks
Obfuscation Detection
Recognizes encoded, packed, or deliberately obscured code designed to evade review
Arbitrary Code Execution Flags
Highlights dangerous eval/exec patterns and dynamic code loading risks
Flexible Output Formats
Reports available in Markdown for readability or JSON for programmatic processing
Web UI Support
Optional Streamlit interface for a browser-based audit dashboard

Requirements

Python 3.7+
Required to run the scanner
No mandatory dependencies
Core functionality uses only the Python standard library
Streamlit
Optional; install with pip install streamlit only if you want the Web UI

Use Cases

Pre-installation audits
Scan any third-party skill before adding it to your Clawdbot or MCP environment
CI/CD security gates
Integrate into automated pipelines to block malicious skills from being deployed
Skill marketplace review
Audit community-contributed skills before publishing or approving them
Incident investigation
Analyze a suspect skill after unexpected system behavior is observed
Developer self-checks
Verify your own skill code doesn't accidentally include dangerous patterns

How to Install

1
Run in your terminal
npx clawhub@latest install skill-scanner
or
2
Click the Install button at the top of this page for one-click setup

Reviews

0 reviews

Log in to write a review

No reviews yet. Be the first to share your experience!