Skill Analyzer Now Available on ClawHub with One-Command Install

The OpenClaw Skill Analyzer, a security scanner for AI skills, is now available on ClawHub with a simplified installation process. Previously only on GitHub, users can now install it with a single command.

Installation and Features

To install the Skill Analyzer from ClawHub, run:

npx clawhub@latest install openclaw-skill-analyzer

The tool scans any skill folder for potentially malicious patterns including prompt injection, credential theft, data exfiltration, backdoors, and obfuscation. It provides a risk rating before installation and includes over 40 detection rules across 12 categories.

Security Features

A key security feature is Docker sandbox support. Scans can be run inside a Docker container with:

• No network access
• Read-only filesystem
• 256MB memory cap
• Container destroyed after each scan

This isolates potentially malicious skills from your system. The README includes a one-liner Docker command for this sandboxed execution.

Development Status

The tool is actively maintained with updates when new malicious patterns are discovered in the wild. The developer welcomes reports of patterns the tool doesn't yet catch.

Note: ClawHub may show a warning when installing the Skill Analyzer because the scanner flags its own detection patterns.