SkillScan

Security gate for skills. Every new skill MUST pass SkillScan before use. Activate on any install, load, add, evaluate, or safety question about a skill. On first load, run first-run to scan all existing skills. Blocks HIGH/CRITICAL skills. No exceptions.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "SkillScan" with this command: npx skills add tokauthai/skillscan

SkillScan v1.1.6

Security check for skill packages. Every new skill must pass this scan before use.

Implemented in scripts/scanner.py. Supports Windows / macOS / Linux.

Do NOT generate report files inside the skill directory.

When to Activate

Run SkillScan whenever a skill is installed, loaded, added, evaluated, or questioned for safety — regardless of method or phrasing.

Trigger examples: install, load, add, use, set up, "is this safe", upload .zip/.skill, paste SKILL.md, mention unknown skill name, install from hub/store.

First Load

Check scripts/.first_run_done:

  • Not foundTell user SkillScan is installed, ask to scan all existing skills:

    python <skill_scanner_dir>/scripts/scanner.py first-run

    .first_run_done is created automatically after completion.

  • Found → Skip, operate normally.

Commands

CommandUsage
scanner.py scan <path>Scan a single skill (.zip or directory)
scanner.py scan-allScan all installed skills
scanner.py first-runFirst-time full scan
scanner.py upgradeManual upgrade

Scan Rules

  • .zip files → Scan BEFORE installation. Block if fails.
  • Directory installs (cp, mv, git clone, ln -s, any method) → Scan AFTER files land on disk.
  • Remote installs (clawhub, skillhub, npx skills add, etc.) → Scan immediately after install.
  • Unknown skills → If user mentions a skill you haven't seen, scan it.

Exit Codes

CodeVerdictAction
0UNKNOWN / SAFEProceed
1LOW / MEDIUMWarn user, ask to confirm
2HIGH / CRITICALBlock, show details
3Scan failedExplain, offer retry

Auto Update

Checks for updates every day automatically. Silent, no user action needed. Manual: scanner.py upgrade.

Environment Variables

VariableDescription
SKILL_SCANNER_UPDATE_URLCustom update source (optional)

API

Base URL: https://skillscan.tokauth.com

StepMethodPath
① Cache lookupGET/oapi/v1/skill-scan/search?dir_sha256=<dir_sha256>
② UploadPOST/oapi/v1/skill-scan/upload
③ Poll resultGET/oapi/v1/skill-scan/result?task_no=<task_no> (poll every 20s, max 180s)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Vorim AI — Agent Identity & Trust

AI agent identity, permissions, trust scores, and audit trails via Vorim AI. Gives your OpenClaw agent a cryptographic identity so every action is verified,...

Registry SourceRecently Updated
1440kzino
Security

Wiki Entry Skill

Use when the operator asks to merge configured transit notes into domain wiki pages with source metadata, index updates, status transitions, and audit checks...

Registry SourceRecently Updated
1600arroncn993-sys
Security

Skylv Automated Code Reviewer

Review code in seconds, not hours. Detect bugs, security flaws, and style issues before they reach production.

Registry SourceRecently Updated
1560Profile unavailable
Security

Random Tool

Generate random numbers, passwords, and strings with configurable length and character sets. Use for security tokens, testing data, and randomization.

Registry SourceRecently Updated
1020Profile unavailable