Clawdbot ToolsDocumentedScanned
skill-flag
Scan Clawdbot/OpenClaw skills for malicious patterns, backdoors.
Share:
Installation
npx clawhub@latest install skill-flagView the full skill documentation and source below.
Documentation
Skill Flag Skill π‘οΈ
Scan Clawdbot/OpenClaw skills for malicious patterns, backdoors, and security risks.
Commands
Scan All Installed Skills
scan skills
scan all skills
security scanScan Specific Skill
scan skill <skill-name>
check skill <skill-name>Scan Before Installing (URL/Path)
scan skill url <clawdhub-url>
pre-scan <skill-name>Quick Risk Report
skill risk report
security reportHow To Use
Run the scanner:
python3 skills/skill-flag/scanner.py [--skill NAME] [--all] [--verbose]Or ask the agent:
- "Scan all my installed skills for security issues"
- "Check if the crypto-tracker skill is safe"
- "Give me a security report"
What It Detects
| Category | Risk Level | Examples |
| π΄ Data Exfiltration | CRITICAL | curl/wget to external domains, fetch(), requests.post() |
| π΄ Backdoors | CRITICAL | Reverse shells, nc -e, bash -i, encoded payloads |
| π΄ Credential Theft | CRITICAL | Access to ~/.ssh, ~/.aws, API keys, .env files |
| π Prompt Injection | HIGH | "ignore previous", "system override", "new instructions" |
| π Code Execution | HIGH | eval(), exec(), subprocess with shell=True |
| π‘ Persistence | MEDIUM | Cron jobs, systemd units, startup scripts |
| π‘ Obfuscation | MEDIUM | Base64 encoded commands, hex strings, rot13 |
| π’ Suspicious | LOW | Uncommon imports, network activity |
Risk Score
Each skill gets a score from 0-100:
- 0-20: β Clean - No issues found
- 21-40: π’ Low Risk - Minor concerns
- 41-60: π‘ Medium Risk - Review recommended
- 61-80: π High Risk - Careful inspection needed
- 81-100: π΄ Critical - Do not use without audit
Output
Reports saved to: skills/skill-flag/reports/
Example output:
π‘οΈ SECURITY SCAN REPORT
βββββββββββββββββββββββ
Scanned: 12 skills
Clean: 9
Warnings: 2
Critical: 1
β οΈ WARNINGS:
- crypto-tracker: External API calls (expected for price data)
- web-scraper: Uses requests library
π΄ CRITICAL:
- shady-skill:
- Line 45: curl to unknown domain
- Line 67: Base64 encoded payload
- Line 89: Reads ~/.ssh/id_rsa
RECOMMENDATION: Remove immediatelyDirectories Scanned
~/.clawdbot/skills/ - Global installed skills./skills/ - Workspace skills~/.npm-global/lib/node_modules/clawdbot/skills/ - Built-in skillsFalse Positives
Some legitimate skills need network access or file operations. The scanner flags them for review but doesn't auto-block. Use judgment:
- Price trackers β API calls expected β
- Email skills β Network access expected β
- File managers β File operations expected β
Pro Version (Coming Soon)
- Continuous monitoring
- ClawdHub pre-install scanning
- Custom whitelist/blacklist
- Scheduled reports
- Webhook alerts