OpenClaw Skill Analyzer: Static Security Scanner for AI Agent Skills
An OpenClaw developer has released a security scanner that analyzes skills for malicious code before installation. The tool was created in response to the discovery of 341 malicious skills on ClawHub earlier this year.
How It Works
The analyzer performs static analysis on skill folders and provides a clear risk rating: SAFE, LOW, MEDIUM, HIGH, or CRITICAL. You point it at a skill folder and it runs the checks automatically.
Detection Capabilities
The scanner includes 40+ detection rules across 12 categories. Specific detection types mentioned in the source include:
- Prompt injection
- Data exfiltration
- Credential theft
- Backdoors
- Obfuscation
The tool is available on GitHub at https://github.com/papichulomami/openclaw-skill-analyzer.
This type of security tool is particularly useful for developers working with AI coding agents, where third-party skills can introduce significant security risks if not properly vetted.
📖 Read the full source: r/openclaw
👀 See Also
Anthropic reveals industrial-scale Claude AI data extraction by Chinese labs
Anthropic confirmed Chinese AI labs used over 24,000 fraudulent accounts to scrape 16 million exchanges from Claude, extracting safety guardrails and logic structures for military and surveillance systems.
Why Internal RAG and Doc-Chat Tools Fail Security Audits
Community discusses real-world security and compliance blockers that prevent RAG tools from reaching production.
Security Checklist for Claude AI-Generated Applications
A developer shares a checklist of common security and operational gaps found in applications built with Claude Code, including rate limiting, authentication flaws, database scaling issues, and input handling vulnerabilities.
Claude Android App Reportedly Reads Clipboard Without Explicit User Action
A user reports that the Claude Android app analyzed code from their clipboard without them pasting it, with Claude identifying the file as pasted_text_b4a56202-3d12-43c8-aa31-a39367a9a354.txt. The behavior couldn't be reproduced in subsequent tests.