Open source security scanner and browser extension for OpenClaw AI agent skills
OpenClaw skills have full access to your system, files, APIs, and credentials. Installing an untrusted skill could result in:
- π¨ Data exfiltration
- π Stolen API keys
- πΎ Unauthorized file access
- β‘ Arbitrary code execution
Trust, but verify.
SClawHub provides automated security scanning for OpenClaw skills:
β
Pattern Matching - Semgrep rules for known vulnerabilities
β
AI Analysis - Claude AI for context-aware security review
β
Trust Scores - 0-100 rating based on findings
β
Browser Extension - Instant trust badges on ClawHub
Visit sclawhub.com to see scanned skills and detailed reports.
This open source repository contains:
Core security scanning engine that analyzes skill code for vulnerabilities.
Chrome extension that shows trust badges directly on ClawHub pages.
Semgrep patterns for detecting common security issues.
Example skills for testing the scanner.
Note: The web application (sclawhub.com) is not included in this repository.
- Node.js 18+
- Semgrep:
pip3 install semgrep - Anthropic API key (for Claude AI analysis)
cd scanner
npm install
# Set your API key
export ANTHROPIC_API_KEY="your-key-here"
# Scan a skill
node scan.js "https://raw.githubusercontent.com/user/repo/main/skill.js" "Skill Name"Results are saved to scanner/reports/{skill-name}.json
cd extension
# Load in Chrome:
1. Open chrome://extensions/
2. Enable "Developer mode"
3. Click "Load unpacked"
4. Select the extension/ directory
# Package for distribution:
zip -r sclawhub-extension.zip extension/The scanner looks for:
| Category | Description |
|---|---|
| π Network Calls | Unknown endpoints, data exfiltration attempts |
| π Credentials | Hardcoded API keys, tokens, passwords |
| π File Operations | Unsafe read/write/delete operations |
| β‘ Code Execution | eval(), exec(), spawn() patterns |
| π Obfuscation | Base64 encoding, minification attempts |
| π Injection | SQL injection, command injection patterns |
cd scanner
node scan.js "https://github.com/example/skill/blob/main/index.js" "Example Skill"node scan.js ./path/to/skill.js "My Skill"{
"id": "example-skill",
"trustScore": 85,
"riskLevel": "low",
"summary": "Minimal risk detected. Follows security best practices.",
"findings": [
{
"severity": "info",
"category": "network",
"description": "Makes HTTP call to api.example.com",
"recommendation": "Verify endpoint ownership"
}
]
}The extension injects trust badges on ClawHub:
- π‘οΈ 90-100 - Excellent security
- β 70-89 - Good, minor concerns
β οΈ 50-69 - Moderate risk, review needed- π¨ 0-49 - High risk, do not install
Click any badge to see the full security report on sclawhub.com.
Trust scores are calculated based on:
- Semgrep Findings - Pattern matching results
- Claude AI Analysis - Context-aware security review
- Severity Weighting - Critical > High > Medium > Low
- Code Complexity - Simpler code = higher trust
- Best Practices - Following OpenClaw conventions
Score ranges:
- 90-100: Excellent - Minimal risk
- 70-89: Good - Minor concerns
- 50-69: Moderate - Needs review
- 30-49: High risk - Multiple issues
- 0-29: Critical - Do not install
Create a .env file in the scanner/ directory:
# Required for AI-powered analysis
ANTHROPIC_API_KEY=your-claude-api-key-hereGet your API key from console.anthropic.com
Contributions are welcome! Here's how you can help:
Found a bug or false positive? Open an issue
Add new Semgrep patterns to scanner/rules/semgrep-rules.yaml
Submit skills for scanning and review results
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Edit scanner/rules/semgrep-rules.yaml:
rules:
- id: custom-security-check
pattern: dangerous_function($ARG)
message: "Potentially unsafe function call detected"
severity: WARNING
languages: [javascript, typescript]
metadata:
category: security
cwe: "CWE-78"Run the scanner to test your new rule!
sclawhub-opensource/
βββ scanner/ # Core security scanner
β βββ scan.js # Main scanner script
β βββ lib/ # Claude AI integration
β β βββ claude.js
β βββ rules/ # Semgrep security rules
β β βββ semgrep-rules.yaml
β βββ reports/ # Scan results (JSON)
β βββ package.json
β
βββ extension/ # Browser extension
β βββ manifest.json # Extension config
β βββ content.js # Badge injection
β βββ popup.html # Popup UI
β βββ popup.js
β βββ background.js
β
βββ demo-skills/ # Example skills for testing
β βββ safe-skill.js
β βββ risky-skill.js
β
βββ scripts/ # Utility scripts
βββ .gitignore
βββ LICENSE # MIT License
βββ README.md
Test the scanner with demo skills:
cd scanner
node scan.js ../demo-skills/safe-skill.js "Safe Test"
node scan.js ../demo-skills/risky-skill.js "Risky Test"Compare the trust scores and findings!
- Website: sclawhub.com
- OpenClaw: openclaw.ai
- ClawHub: clawhub.com
- Semgrep: semgrep.dev
- Claude AI: anthropic.com
Found a security issue? Please email: kondormit@gmail.com
Do not open public issues for security vulnerabilities.
If the scanner reports a false positive:
- Review the finding details
- Check the Semgrep rule that triggered it
- Open an issue with the skill code and scan results
- We'll update the rules to improve accuracy
This project is licensed under the MIT License - see the LICENSE file for details.
Mladjan Antic (@kondormit)
- Website: sclawhub.com
- Email: kondormit@gmail.com
- Twitter: @kondormit
- OpenClaw community for building amazing AI agents
- Semgrep for powerful pattern matching
- Anthropic for Claude AI
- All contributors who help improve security
If this project helped you, please consider:
- β Starring the repository
- π¦ Sharing on Twitter
- π€ Contributing improvements
- π Writing about it
Built with π¦ for the OpenClaw community.
- β Scanner: Production ready
- β Extension: Chrome Web Store (pending approval)
- β Security Rules: 20+ patterns
- β AI Analysis: Claude Sonnet 4.5
- π Continuous improvement
Version: 1.0.0
Last Updated: February 2026