OpenClaw Merges Built-In Skill Security Scanner
Originally published on opena2a.org
TL;DR: OpenClaw now has built-in skill security scanning. PR #9806 merged 1,721 lines across 16 files, adding static analysis that detects malicious patterns in skills at install and update time.
npx hackmyagent secure-openclawWhat Happened
We submitted a pull request to the OpenClaw project (169K stars) adding a code safety scanner to its skill/plugin system. The PR was reviewed, approved, and merged into the main branch.
The contribution spans 16 files with 1,721 additions and 94 deletions. The scanner integrates directly into OpenClaw's skill lifecycle, running automatically when skills are installed or updated.
This means every OpenClaw user now gets baseline skill security scanning without installing any additional tooling.
What It Detects
The built-in scanner runs 6 checks against skill code, each targeting a specific class of malicious behavior:
SKILL Checks (6) -- Built-in detection
Skills without a verified signature from a known publisher
Code that downloads and executes payloads from external URLs
Skills that install persistent scheduled tasks or cron-like behaviors
Write operations targeting paths outside the skill's designated directory
Patterns that read SSH keys, API tokens, cloud credentials, or wallet files
Outbound data transmission to unauthorized endpoints via webhooks or POST requests
Why This Matters
These checks exist because the threats are real and documented:
ClawHavoc Campaign
A supply chain attack that planted 341 malicious skills on ClawHub over a 6-month period. Skills contained credential harvesters, reverse shells, and typosquatted names impersonating legitimate publishers.
GHSA-g8p2: 1-Click RCE
A WebSocket hijacking vulnerability in OpenClaw's gateway allowed any website to execute arbitrary commands on a user's machine. No authentication required beyond visiting a malicious page.
Internet Scan Results
Built-in scanning catches the most common patterns at install time, before malicious code has a chance to execute.
Full Scanning Beyond Built-In Checks
The 6 built-in checks cover skill-level threats. For a complete security assessment of your OpenClaw installation -- including gateway configuration, supply chain verification, and active attack simulation -- use HackMyAgent:
# Full OpenClaw security scan (34 checks)
npx hackmyagent secure-openclaw
# Active attack simulation against a running endpoint
npx hackmyagent attack <endpoint>
# Benchmark against OASB-1 security standard
npx hackmyagent secure --benchmark oasb-1HackMyAgent extends the built-in checks with 28 additional detections across 4 more categories:
- HEARTBEAT checks -- Scheduled task abuse and persistence mechanisms
- GATEWAY checks -- GHSA-g8p2 misconfigurations with auto-remediation
- CONFIG checks -- Insecure settings (disabled sandbox, plaintext tokens)
- SUPPLY checks -- Known malicious hashes, modified core files, suspicious sources
What's Next
The built-in scanner is a starting point. Planned work includes:
- OASB-2 and OASB-3 specifications -- Expanding the benchmark to cover agent-to-agent communication and runtime behavior monitoring
- Custom payloads -- User-defined detection rules for organization-specific threat patterns
- CI/CD gates -- Pre-merge security checks that block skills failing scanner thresholds
The PR merge means these capabilities ship to every OpenClaw user by default. No opt-in required.
Scan Your OpenClaw Installation
34 security checks. Auto-remediation. Free and open source.
© 2026 OpenA2A. Open source under Apache-2.0 License.