OpenClaw Skillv2.0.0

Security Skill Scanner

anikrahman0by anikrahman0
Deploy on EasyClawdfrom $14.9/mo

Scans OpenClaw skills for security vulnerabilities and suspicious patterns before installation

How to use this skill

OpenClaw skills run inside an OpenClaw container. EasyClawd deploys and manages yours — no server setup needed.

  1. Sign up on EasyClawd (2 minutes)
  2. Connect your Telegram bot
  3. Install Security Skill Scanner from the skills panel
Get started — from $14.9/mo
7stars
1,598downloads
4installs
0comments
2versions
Download ZIPView on ClawHub

Latest Changelog

# Changelog

## [2.0.0] - 2026-02-16

### Changed
- Clarified that this scans skill instruction files (markdown), not executable code
- Updated documentation to accurately describe how the scanner works with Claude
- Removed unverified statistics about malicious skills
- Added prominent false positive warnings and limitations section
- Fixed network access claims to be more accurate
- Improved usage examples to show correct workflow

### Fixed
- Updated contact email to [email protected]
- Corrected installation instructions
- Removed misleading technical prerequisites

### Added
- "How It Works" section explaining the skill's operation
- Detailed false positive examples
- User responsibility guidelines
- Stronger disclaimer about manual review requirements

## [1.0.0] - 2026-02-09

### Added
- Initial release
- Pattern-based security scanning
- Risk level classification
- Command-line interface
- Whitelist configuration support
```

---

## Also Update the Example Output in SKILL.md

In the SKILL.md file I gave you, find this line (around line 161):
```
Scanned: 2024-02-09 14:30:22
```

**Change to:**
```
Scanned: 2026-02-16 14:30:22

Tags

ai-agents: 1.0.0latest: 2.0.0malware-detection: 1.0.0safety: 1.0.0security scanner: 1.0.0security-tools: 1.0.0validation: 1.0.0

Skill Documentation

---
name: weather-checker
description: Get current weather information for any city
author: TrustedDeveloper
version: 1.0.0
tags: [weather, api, utility]
---

# Weather Checker

A simple, safe skill that fetches weather information using a public API.

## Features

- Get current weather for any city
- Temperature, humidity, and conditions
- Uses HTTPS for all connections
- No file system access required
- No external downloads

## Prerequisites

- Node.js 18+
- OpenWeatherMap API key (free tier available)

## Installation

```bash
clawhub install weather-checker
```

## Configuration

Set your API key as an environment variable:

```bash
export OPENWEATHER_API_KEY="your-api-key-here"
```

Get a free API key at: https://openweathermap.org/api

## Usage

```
User: "What's the weather in Tokyo?"
Agent: [Uses weather-checker skill]
Agent: "Tokyo is currently 18°C with clear skies. Humidity is 65%."
```

## Implementation

```javascript
async function getWeather(city) {
  const apiKey = process.env.OPENWEATHER_API_KEY;
  
  if (!apiKey) {
    throw new Error('API key not configured');
  }
  
  // Uses HTTPS - secure connection
  const url = `https://api.openweathermap.org/data/2.5/weather?q=${city}&units=metric&appid=${apiKey}`;
  
  try {
    const response = await fetch(url);
    
    if (!response.ok) {
      throw new Error(`Weather API error: ${response.status}`);
    }
    
    const data = await response.json();
    
    return {
      city: data.name,
      temperature: data.main.temp,
      condition: data.weather[0].description,
      humidity: data.main.humidity,
      windSpeed: data.wind.speed
    };
  } catch (error) {
    console.error('Failed to fetch weather:', error);
    throw error;
  }
}

module.exports = { getWeather };
```

## Security

- ✅ No file system access
- ✅ No shell commands
- ✅ HTTPS only
- ✅ No external downloads
- ✅ API key from environment variables only
- ✅ Input validation
- ✅ Error handling

## License

MIT
Security scan, version history, and community comments: view on ClawHub