OpenClaw Skill Analyzer: Static Security Scanner for AI Agent Skills

An OpenClaw developer has released a security scanner that analyzes skills for malicious code before installation. The tool was created in response to the discovery of 341 malicious skills on ClawHub earlier this year.
How It Works
The analyzer performs static analysis on skill folders and provides a clear risk rating: SAFE, LOW, MEDIUM, HIGH, or CRITICAL. You point it at a skill folder and it runs the checks automatically.
Detection Capabilities
The scanner includes 40+ detection rules across 12 categories. Specific detection types mentioned in the source include:
- Prompt injection
- Data exfiltration
- Credential theft
- Backdoors
- Obfuscation
The tool is available on GitHub at https://github.com/papichulomami/openclaw-skill-analyzer.
This type of security tool is particularly useful for developers working with AI coding agents, where third-party skills can introduce significant security risks if not properly vetted.
📖 Read the full source: r/openclaw
👀 See Also

Claude Code Identifies Malware Backdoor in GitHub Repo During Technical Audit
A developer used Claude Code to audit a GitHub repository before execution and discovered a remote code execution backdoor in src/server/routes/auth.js that would have compromised their machine. The prompt requested a technical due diligence audit checking project completeness, AI/ML layer, database, authentication, backend services, frontend, code quality, and effort estimate.

Using Claude to audit OpenClaw setup reveals security issues
A developer used Claude to review their OpenClaw installation and discovered the bot was writing API keys in clear text in memory and JSON files, along with other security concerns.

Introducing SkillFence: The New Runtime Monitor That Watches What Skills Actually Do
SkillFence offers a breakthrough in monitoring AI agent actions, addressing the need for transparency and security in AI-driven environments. Discover how this innovative tool can enhance control over autonomous processes.

Configuring OpenClaw for Encrypted LLM Inference Using TEE Enclaves
A developer shares how they configured OpenClaw to use Onera's AMD SEV-SNP trusted execution environments for end-to-end encrypted LLM inference, including configuration examples and technical tradeoffs.