Get the FREE Ultimate OpenClaw Setup Guide →
A

ClawSkillShield

Scanned

@AbYousef739

npx machina-cli add skill @AbYousef739/clawskillshield --openclaw
Files (1)
SKILL.md
1.5 KB

ClawSkillShield 🛡️

Local-first security scanner for OpenClaw/ClawHub skills.

What It Does

  • Static analysis for security risks and malware patterns
  • Detects:
    • Hardcoded secrets (API keys, credentials, private keys)
    • Risky imports (os, subprocess, socket, ctypes)
    • Dangerous calls (eval(), exec(), open())
    • Obfuscation (base64 blobs, suspicious encoding)
    • Hardcoded IPs
  • Risk scoring (0–10) + detailed threat reports
  • Quarantine high-risk skills automatically

Dual-Use Design

  • CLI for humans: Quick safety checks before installing skills
  • Agent API: Importable functions for autonomous agents/Moltbots to proactively scan and quarantine risky skills (essential post-ClawHavoc)

Quick Start

CLI (Humans)

pip install -e .
clawskillshield scan-local /path/to/skill
clawskillshield quarantine /path/to/skill

Python API (Agents)

from clawskillshield import scan_local, quarantine

threats = scan_local("/path/to/skill")
if risk_score < 4:  # HIGH RISK
    quarantine("/path/to/skill")

Zero Dependencies

Pure Python. No network calls. Runs entirely locally.

Why This Matters

ClawHavoc demonstrated how easily malicious skills can slip into the ecosystem. ClawSkillShield provides a trusted, open-source defense layer—audit the code, run offline, stay safe.

GitHub: https://github.com/AbYousef739/clawskillshield
License: MIT
Author: Ab Yousef
Contact: contact@clawskillshield.com

Source

git clone https://clawhub.ai/AbYousef739/clawskillshieldView on GitHub

Overview

ClawSkillShield performs static analysis on OpenClaw/ClawHub skills to detect security risks and malware patterns. It identifies hardcoded secrets, risky imports, dangerous calls, obfuscation, and hardcoded IPs, then assigns a 0–10 risk score and produces detailed threat reports. High-risk skills are quarantined automatically to protect the ecosystem.

How This Skill Works

The scanner runs static analysis locally without network calls. It flags patterns like hardcoded credentials, risky imports (os, subprocess, socket, ctypes), dangerous calls (eval, exec, open), and obfuscation, and then computes a 0–10 risk score with a threat report. The tool offers a human-facing CLI and an importable Python API for autonomous agents to scan and quarantine.

When to Use It

  • Before installing a new skill locally to prevent malware from entering your environment
  • When auditing a batch of imported skills for security before deployment
  • Prior to enabling autonomous agents (Moltbots) to ensure safe code execution
  • After a ClawHavoc incident or suspected compromise to re-scan skills
  • When you suspect obfuscated code, hardcoded secrets, or suspicious imports in a skill

Quick Start

  1. Step 1: pip install -e .
  2. Step 2: clawskillshield scan-local /path/to/skill
  3. Step 3: If threats are detected, run clawskillshield quarantine /path/to/skill

Best Practices

  • Run a local static analysis before any installation
  • Review the detailed threat reports and the 0–10 risk score
  • Auto-quarantine anything scoring high risk to contain threats
  • Keep ClawSkillShield up to date with the latest heuristics and signatures
  • Combine automated results with manual code review for high-risk findings

Example Use Cases

  • Detected hardcoded API keys in a skill prior to installation
  • Flagged risky imports like os/subprocess in several skills
  • Caught obfuscated base64 blobs indicating attempted concealment
  • Identified hardcoded IPs in a skill contacting external services
  • Quarantined a high-risk skill automatically after a threat score raised

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers