To audit your OpenClaw skills for security vulnerabilities, install the skill-scanner skill with `clawhub install skill-scanner` and run a scan from the OpenClaw chat. Skill Scanner checks your installed ClawHub skills for known security vulnerabilities, outdated dependencies, and malicious code patterns — critical context given that 71 malicious skills were discovered in the ClawHub registry in 2025. No external API key is required.
Why Use Skill Scanner in OpenClaw?
In 2025, security researchers discovered 71 malicious skills in the ClawHub registry — packages that appeared to be legitimate tools but contained code designed to exfiltrate API keys, capture conversation content, or establish persistence on the host machine. This is not a theoretical threat: the ClawHub ecosystem's rapid growth (400+ published skills) creates the same supply chain attack surface that has affected npm, PyPI, and other open package registries. Any tool you install from ClawHub has access to your OpenClaw conversation context, your configured credentials, and potentially your local file system.
Skill Scanner addresses this by auditing your installed skills before and after each installation. It checks against a continuously updated vulnerability database maintained by the ClawHub security team, runs static analysis to detect common malicious code patterns (credential harvesting, unexpected network calls, obfuscated code), and flags skills with outdated dependencies that have known CVEs. The scan runs entirely locally — your skill inventory is not sent to any external server.
Beyond one-time audits, Skill Scanner supports scheduled automatic scans that alert you when a previously-clean skill receives an update that introduces new risks. This is important because malicious actors sometimes publish legitimate skills first, build a user base, then push a malicious update. Continuous scanning catches these post-install supply chain attacks before they cause damage. For teams running OpenClaw in production environments, Skill Scanner is an essential part of the security baseline — treat it the same way you would treat npm audit or pip check in any other software project.
Integration method
Skill Scanner is itself a ClawHub skill — it installs through the same clawhub CLI as any other skill, then provides scanning capabilities for all other installed skills. It runs locally on your machine, analyzing skill packages against a vulnerability database maintained by the ClawHub security team. No external API calls are required for basic scanning, meaning your skill inventory never leaves your machine during an audit.
Prerequisites
- OpenClaw installed and running (version 1.0 or later)
- The clawhub CLI available in your terminal
- At least one other skill installed to scan — Skill Scanner is most useful when you already have a populated skill inventory
- Internet access for the initial vulnerability database download (subsequent scans can run offline)
Step-by-step guide
Install the skill-scanner Skill via ClawHub
Install the skill-scanner Skill via ClawHub
Install Skill Scanner from the ClawHub registry using the standard install command. The skill package includes the vulnerability database client, the static analysis engine, and the reporting module. On first install, it downloads the current vulnerability database — this is about 2-5 MB and updates automatically in the background. After installation, verify it is active. Unlike skills that need external API authentication, Skill Scanner is immediately ready to use — no API key or OAuth flow required. The skill activates as soon as the installation and database download complete. If you have concerns about installing Skill Scanner before scanning your existing skills, note that Skill Scanner itself is one of the most audited packages in the ClawHub registry — its codebase is open source and reviewed by the ClawHub security team. You can inspect its source at github.com/clawhub/skill-scanner before installing.
1# Install Skill Scanner2clawhub install skill-scanner34# Verify installation and check it is active5clawhub list --installed | grep skill-scanner6clawhub status skill-scanner78# Check vulnerability database was downloaded9clawhub skill-scanner --db-versionPro tip: Run `clawhub update` before installing skill-scanner to ensure you get the latest version with the most current vulnerability definitions built in.
Expected result: skill-scanner installs, the vulnerability database downloads, and `clawhub status skill-scanner` shows 'active'.
Run Your First Security Scan
Run Your First Security Scan
Open the OpenClaw chat and run a scan of all installed skills. The scan checks each skill against the vulnerability database, analyzes the code for suspicious patterns, and checks dependency versions against known CVE records. The scan typically takes 30-120 seconds depending on how many skills you have installed and the complexity of their dependency trees. For most users with 5-15 skills, expect results in under a minute. The scan output groups findings by severity: Critical (immediate action required), High (fix within 24 hours), Medium (fix at next maintenance window), Low (informational), and Clean (no issues found). Pay immediate attention to any Critical or High findings — these represent skills with confirmed vulnerabilities or malicious code detections. For each finding, Skill Scanner provides the skill name, the specific issue, the CVE identifier if applicable, and a recommended action (update, remove, or monitor).
Scan all my installed OpenClaw skills for security vulnerabilities and give me a summary report
Paste this in OpenClaw chat
1# Alternative: run scan directly from terminal2clawhub skill-scanner scan --all34# Scan a specific skill only5clawhub skill-scanner scan spotify-player67# Scan and output results as JSON (useful for CI/CD integration)8clawhub skill-scanner scan --all --format json > scan-results.json910# Scan with verbose output (shows each check as it runs)11clawhub skill-scanner scan --all --verbosePro tip: Save your first scan results with `clawhub skill-scanner scan --all --format json > baseline-scan.json`. This creates a security baseline you can diff against future scans to quickly identify what changed.
Expected result: The scan completes and shows a report listing each installed skill with its security status — green checkmarks for clean skills, warning icons for issues requiring attention.
Interpret and Act on Scan Results
Interpret and Act on Scan Results
Understanding the scan output is as important as running the scan. Skill Scanner uses four finding types: **Vulnerability (CVE)**: A known security flaw in a dependency library used by the skill. The CVE number links to the public vulnerability database entry. Fix action: update the skill with `clawhub update [skill-name]` to get a patched version, or remove it if no patch exists. **Malicious Code Pattern**: Static analysis detected code that matches known malicious patterns — credential harvesting, unexpected outbound connections to non-standard endpoints, or obfuscated execution. Fix action: remove the skill immediately and report it to ClawHub via `clawhub report [skill-name] --reason malicious`. **Outdated Dependency**: A dependency library has a newer version available. Not immediately dangerous, but older versions accumulate unpatched CVEs over time. Fix action: update the skill. **Permission Warning**: The skill requests filesystem or network permissions broader than necessary for its stated function. This is informational — review whether the scope makes sense for what the skill does. For Critical findings, remove the skill immediately with `clawhub remove [skill-name]`. Your conversation history and OpenClaw config should be reviewed to check for any credential leakage if a malicious skill was previously active.
Show me the detailed scan results for any skills with high or critical security findings
Paste this in OpenClaw chat
1# Remove a flagged skill immediately2clawhub remove suspicious-skill-name34# Update a skill to get patched dependencies5clawhub update skill-name67# Report a malicious skill to ClawHub8clawhub report skill-name --reason malicious910# Re-run scan after updates to confirm issues are resolved11clawhub skill-scanner scan --all1213# Check scan result for a specific CVE14clawhub skill-scanner scan --all | grep CVE-2025Pro tip: After removing a skill flagged as malicious, rotate any API keys or credentials that were configured in OpenClaw while that skill was installed. There is no guarantee a malicious skill did not access your stored credentials.
Expected result: Flagged skills are removed or updated, and a re-scan shows all remaining skills at Medium or lower severity.
Configure Automatic Scheduled Scans
Configure Automatic Scheduled Scans
Manual scanning is good for initial audits, but the most important protection comes from automatic scans that run after every skill update. A skill that was clean when you installed it can become dangerous after an update — this is exactly the supply chain attack pattern that affected 71 skills in 2025. Configure Skill Scanner to run automatically by adding scan settings to your OpenClaw config file. The `on_update` trigger is the most important setting: it runs a scan automatically every time ClawHub installs or updates any skill on your system. The `schedule` option runs periodic full scans on a cron-like schedule. Alert notifications go to the OpenClaw notification system by default. If you want email or messaging notifications for critical findings, configure the `alert_channels` setting with your preferred notification methods. RapidDev recommends enabling `on_update: true` at minimum for any production OpenClaw deployment — this zero-friction automated scan catches post-install supply chain attacks without requiring manual action.
1# ~/.openclaw/config.yaml2skills:3 skill-scanner:4 on_update: true # Auto-scan after every clawhub install/update5 schedule: "0 9 * * 1" # Run full scan every Monday at 9am (cron format)6 severity_threshold: high # Alert on: critical | high | medium | low (default: high)7 auto_remove: false # Set true to auto-remove Critical findings (use with caution)8 report_malicious: true # Auto-report detected malicious skills to ClawHub9 update_db_interval: 24 # Hours between vulnerability database updates (default: 24)Pro tip: Do not set `auto_remove: true` unless you are certain you want skills removed without confirmation — false positives, while rare, do occur. Manual review of Critical findings before removal is always safer.
Expected result: Skill Scanner runs automatically after every skill install or update and sends alerts when issues above your configured threshold are found.
Use Pre-Install Scanning to Vet New Skills
Use Pre-Install Scanning to Vet New Skills
In addition to scanning installed skills, Skill Scanner can analyze a ClawHub skill before you install it. This is the most powerful way to prevent malicious skills from ever running on your system — check first, install only if clean. The pre-install scan downloads the skill package from ClawHub, runs the full static analysis against the vulnerability database, and reports findings without actually installing or executing any code. This takes the same 30-90 seconds as a post-install scan. This is especially valuable when evaluating lesser-known skills or skills from authors you have not used before. The ClawHub security team maintains reputation scores for authors based on their track record, and Skill Scanner surfaces these scores in the pre-install report. Skills from well-known authors with clean histories get a 'Trusted Author' badge; new or previously-flagged authors get a warning. Make pre-install scanning a habit before adding any new skill to your setup. This one practice would have protected users from all 71 malicious skills discovered in 2025, as all of them were detected by static analysis before installation.
Check the skill 'new-skill-name' on ClawHub for security issues before I install it
Paste this in OpenClaw chat
1# Scan a skill before installing it2clawhub skill-scanner preview tavily-ai-search3clawhub skill-scanner preview new-skill-name45# Preview scan output includes:6# - Vulnerability check against current CVE database7# - Static code analysis results8# - Required permissions (network, filesystem, etc.)9# - Author reputation score10# - Installation count and community ratings1112# If the preview is clean, install normally:13clawhub install new-skill-name1415# Shortcut: scan-then-install in one command16clawhub install new-skill-name --scan-firstPro tip: Use `clawhub install [name] --scan-first` as a habit for every new skill — it runs the pre-install scan and only proceeds with installation if no Critical or High findings are detected. You can override with `--scan-threshold medium` to only block on Critical findings.
Expected result: The pre-install scan completes without Critical or High findings, and you can proceed with `clawhub install` knowing the skill passed security review.
Common use cases
Post-Installation Security Audit
Scan your current skill inventory immediately after installing any new ClawHub skill. This catches malicious code, unexpected network permissions, and known vulnerabilities before the skill has a chance to run with your data.
Scan all installed OpenClaw skills for security vulnerabilities and show me a summary of any high or critical findings
Copy this prompt to try it in OpenClaw
Scheduled Weekly Security Monitoring
Configure Skill Scanner to run automatically on a schedule and alert you when any installed skill receives an update that introduces new security risks. This protects against supply chain attacks where a legitimate skill is later compromised through a malicious update.
Run a full security scan of my installed skills and show me which ones have had updates since my last scan
Copy this prompt to try it in OpenClaw
Pre-Install Skill Vetting
Check a ClawHub skill before installing it — Skill Scanner can analyze a skill's package metadata, declared permissions, and known reputation without actually installing it. Use this when evaluating new skills before adding them to a production OpenClaw setup.
Scan the ClawHub skill 'new-skill-name' without installing it and tell me if it has any security concerns
Copy this prompt to try it in OpenClaw
Troubleshooting
clawhub install skill-scanner fails with 'dependency conflict' or version mismatch error
Cause: Your OpenClaw installation may be older than the minimum version required by the latest skill-scanner release, or another installed skill has a conflicting dependency.
Solution: Run `clawhub update` to refresh the registry and update OpenClaw's core components, then retry. If the conflict persists, run `clawhub diagnose` to identify the conflicting dependency and update the specific skill causing the conflict.
1clawhub update2clawhub install skill-scanner34# If conflict persists:5clawhub diagnose --conflicts6clawhub update [conflicting-skill-name]Scan completes but shows 'vulnerability database unavailable' or outdated date
Cause: The vulnerability database download failed during installation, or the automatic update process is being blocked by a firewall or network restriction.
Solution: Manually trigger a database update with `clawhub skill-scanner update-db`. If your network blocks the update server, you can download the database file manually from the ClawHub GitHub releases page and import it with `clawhub skill-scanner import-db [path]`.
1# Force database update2clawhub skill-scanner update-db34# Check current database version and age5clawhub skill-scanner --db-version67# Import manually downloaded database8clawhub skill-scanner import-db ~/Downloads/vuln-db-latest.jsonA scan flagged a skill I trust as malicious — I believe this is a false positive
Cause: Static analysis occasionally flags legitimate code that uses patterns similar to malicious code — obfuscated code for performance reasons, unusual network calls for legitimate features, or newly-published skills whose author reputation score is low simply due to lack of history.
Solution: Review the specific finding in detail with `clawhub skill-scanner details [skill-name]`. If you are confident it is a false positive, add an exception with `clawhub skill-scanner whitelist [skill-name] --reason 'false positive — legitimate use of [pattern]'`. Report the false positive to ClawHub so they can update their detection rules.
1# View detailed scan findings for a specific skill2clawhub skill-scanner details skill-name34# Add to whitelist if confirmed false positive5clawhub skill-scanner whitelist skill-name67# Report false positive to improve detection8clawhub report skill-name --reason false-positiveSkill Scanner scans but the OpenClaw chat does not respond to scan prompts
Cause: The skill is installed but may not have activated correctly, or its command routing may not be registered in OpenClaw's intent system.
Solution: Run `clawhub reload` to force OpenClaw to re-register all skill commands. Then run `clawhub status skill-scanner` to verify the skill shows 'active'. If still inactive, try reinstalling: `clawhub remove skill-scanner && clawhub install skill-scanner`.
1clawhub reload2clawhub status skill-scanner34# If still inactive, reinstall5clawhub remove skill-scanner6clawhub install skill-scannerBest practices
- Enable `on_update: true` in Skill Scanner's config to automatically scan every skill after any install or update — this is the single most important setting for ongoing security.
- Run `clawhub install [skill] --scan-first` as standard practice for every new skill, rather than installing first and scanning second — catching malicious code before execution is always better than after.
- After removing any skill flagged as Critical or Malicious, rotate all API keys and credentials configured in OpenClaw — you cannot know whether a malicious skill accessed your stored credentials while it was active.
- Keep Skill Scanner's vulnerability database current by setting `update_db_interval: 12` in the config — new CVEs are published daily, and a 24-hour-old database can miss very recent vulnerabilities.
- Review the permissions listed in pre-install scan reports carefully — a search skill that requests filesystem write access or a music skill that wants to read your credentials config are red flags worth investigating before installing.
- Report malicious skills you discover to ClawHub with `clawhub report [name] --reason malicious` — this protects other OpenClaw users by triggering a registry-level review and potential removal.
- For teams running OpenClaw in production, integrate `clawhub skill-scanner scan --all --format json` into your CI/CD pipeline to catch vulnerabilities before deploying updated OpenClaw configurations to servers.
- Save a baseline scan report after your initial clean audit — use `clawhub skill-scanner scan --all --format json > baseline.json` — so future scans can diff against it and highlight exactly what changed.
Alternatives
GitHub API lets you interact with repositories and check code manually — useful for deep-diving into a specific skill's source code, but not a replacement for automated vulnerability scanning.
n8n can automate security workflows and schedule checks, but requires manual configuration for skill-specific vulnerability rules — Skill Scanner covers this use case natively for OpenClaw.
n8n Workflow Automation can build custom security monitoring pipelines that include skill scanning as one step in a broader security posture workflow for advanced teams.
Frequently asked questions
How do I install Skill Scanner in OpenClaw?
Run `clawhub install skill-scanner` in your terminal. The skill installs without requiring any API key or authentication. After installation, verify it is active with `clawhub status skill-scanner`, then run your first scan from OpenClaw chat by asking to 'scan all installed skills for security issues'.
Why do I need Skill Scanner — are ClawHub skills not vetted?
ClawHub does review skills before listing them, but the registry has grown faster than manual review can keep pace. In 2025, 71 malicious skills were discovered that had passed initial review — some were legitimate skills that were later updated with malicious code. Skill Scanner provides a local, continuous audit layer that catches threats the initial registry review missed.
Does Skill Scanner send my skill inventory to an external server?
No — Skill Scanner runs entirely locally. It downloads a vulnerability database (a JSON file of known CVEs and malicious patterns) and runs analysis on your local skill files. Your installed skills list, your OpenClaw conversations, and your configuration are never sent to any external server during a scan.
What should I do if Skill Scanner finds a Critical vulnerability?
Remove the skill immediately with `clawhub remove [skill-name]`. Then rotate any API keys or credentials that were configured in OpenClaw while the skill was installed — you cannot verify whether the skill accessed them. Finally, report the skill to ClawHub with `clawhub report [skill-name] --reason malicious` to protect other users.
How do I configure OpenClaw Skill Scanner to run automatically?
Add `on_update: true` to the skill-scanner section of `~/.openclaw/config.yaml` to run scans automatically after every skill install or update. For scheduled scans, add a `schedule` field using cron syntax (e.g., `schedule: '0 9 * * 1'` for every Monday at 9am). Both settings can be active simultaneously.
Can Skill Scanner scan a skill before I install it?
Yes — use `clawhub skill-scanner preview [skill-name]` to analyze a skill package without installing it. This downloads only the package metadata and code for analysis, runs the full vulnerability and static analysis checks, and reports findings. Alternatively, use `clawhub install [name] --scan-first` to scan and install in one command, with automatic blocking if Critical findings are detected.
I'm building a production OpenClaw setup for my team — is Skill Scanner enough for security?
Skill Scanner covers supply chain security for ClawHub skills specifically. For a complete production security posture, also review OpenClaw's network access controls, ensure API keys are stored with minimal permissions, use Skill Scanner's `report_malicious: true` setting to contribute to community threat intelligence, and consider having RapidDev's team audit your full OpenClaw configuration as part of a broader security review for high-stakes deployments.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation