Skip to content

jason-allen-oneal/openclaw-skill-scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OpenClaw Skill Scanner

A security gate for OpenClaw AgentSkills powered by the cisco-ai-defense/skill-scanner engine.

Overview

This skill provides a robust mechanism to scan, validate, and manage the security of OpenClaw skills. It enforces a strict policy: blocking installations with High or Critical severity findings while allowing others with explicit warnings.

Features

  • Pre-install Scanning: Scan local folders or ClawHub skills before they are added to your environment.
  • Automated Monitoring: Systemd user units to automatically scan ~/.openclaw/skills on every change.
  • Auto-Quarantine: Automatically moves high-risk skills to ~/.openclaw/skills-quarantine to prevent execution.
  • Detailed Reporting: Generates Markdown risk reports for every scan.

Quick Start

1. Install the Scanner Engine

cd "$HOME/.openclaw/workspace"
git clone https://github.com/cisco-ai-defense/skill-scanner
cd skill-scanner
CC=gcc uv sync --all-extras

2. Manual Scan & Install

# Scan a folder and install if safe
./scripts/scan_and_add_skill.sh /path/to/skill-dir

# Install from ClawHub with a scan gate
./scripts/clawhub_scan_install.sh <slug>

3. Enable Auto-Scan

mkdir -p ~/.config/systemd/user
cp -a references/openclaw-skill-scan.* ~/.config/systemd/user/
systemctl --user daemon-reload
systemctl --user enable --now openclaw-skill-scan.path

Security Policy

  • Critical/High: Installation blocked; skill quarantined (if auto-scan is enabled).
  • Medium/Low/Info: Installation allowed with a warning summary.

Links

About

Security gate for OpenClaw AgentSkills. Scans folder/ClawHub skills with cisco-ai-defense/skill-scanner before installation.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages