arc-skill-scanner
Scan OpenClaw skills for security vulnerabilities before installing them.
Setup & Installation
Install command
clawhub install trypto1019/arc-skill-scannerIf the CLI is not installed:
Install command
npx clawhub@latest install trypto1019/arc-skill-scannerOr install with OpenClaw CLI:
Install command
openclaw skills install trypto1019/arc-skill-scanneror paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/trypto1019/arc-skill-scannerWhat This Skill Does
Scans OpenClaw skill packages for security vulnerabilities before installation. Detects credential stealers, obfuscated code, data exfiltration, prompt injection in SKILL.md files, and binary tampering. Roughly 22-26% of ClawHub skills have been flagged as containing vulnerabilities.
Manual code review of every third-party skill is impractical; this automates detection of known attack patterns across SKILL.md content, scripts, metadata, and binaries in one pass.
When to Use It
- Scanning a ClawHub skill before installing it
- Auditing all currently installed skills at once
- Verifying binary checksums after a skill updates
- Detecting typosquatted skill names mimicking popular ones
- Generating checksum manifests for trusted skill versions
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Scanning a ClawHub skill before installing it
- 1Scanning a ClawHub skill before installing it
- 2Auditing all currently installed skills at once
- 3Verifying binary checksums after a skill updates
- 4Detecting typosquatted skill names mimicking popular ones
- 5Generating checksum manifests for trusted skill versions
Scan OpenClaw skills for security vulnerabilities before installing them.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.