๐Ÿ›ก

skill-audit

Security scanner for OpenClaw skills.
Scan before you trust.

โœ“ Zero Dependencies โœ“ 712 Lines Python โœ“ Pre-Install Hook
$ clawhub install openclaw-skill-audit Click to copy
๐Ÿ”

Prompt Injection Detection

Finds hidden instructions, HTML comments, unicode tricks, and identity overrides in SKILL.md

๐Ÿ“ก

Data Exfiltration Analysis

Detects base64+POST patterns, reverse shells, connections to webhook.site, RequestBin, and more

โš ๏ธ

Dangerous Code Patterns

eval(), exec(), subprocess, pickle.loads, dynamic imports: everything that enables code execution

๐Ÿ“‚

File System Abuse

Path traversal, SSH key access, /etc/passwd reads, OpenClaw config with your secrets

๐ŸŒ

Network Mapping

Extracts all URLs, classifies APIs (OpenAI, Slack, GitHub...), finds hardcoded IPs

๐Ÿ”’

Pre-Install Hook

Scans automatically after every clawhub install. You know instantly if a skill is safe.

How it works

1

User asks

"Install the crypto-tools skill"

โ†’
2

Agent installs

clawhub install crypto-tools

โ†’
3

Auto-Scan

skill-audit checks all files immediately

โ†’
4

Report

๐ŸŸข Safe / โ›” Dangerous โ€” user decides

Live Scan Results

Real skills from ClawHub + a malicious test skill

How it looks in the Chat

๐Ÿ›ก
OpenClaw Agent
โ— Online
Install the "helpful-utils" skill
One moment, installing and scanning the skill...
โณ clawhub install helpful-utils โœ“
โณ skill-audit scanning...
๐Ÿšจ WARNING: Skill "helpful-utils" is DANGEROUS!

โ›” Prompt injection in hidden HTML comment
โ›” Reverse shell (bash to external IP)
โ›” SSH key theft
โ›” Data exfiltration to webhook.site

25 findings total. Should I delete this skill immediately?
Yes, delete it now!
โœ… Skill deleted. Your system is safe. ๐Ÿ›ก
Built by Flo & Neo ๐ŸŸข
OpenClaw Hackathon Munich 2026 @ jambit GmbH
Organised by AI Strategy Institute, Kandid Studio, Venta AI โ€” supported by BAIOSPHERE, DInO, KI Bundesverband
GitHub ยท ClawHub ยท OpenClaw Docs