Security Dashboard
Monitor security scores and issues across all skills in the directory.
How we make skill installs safer
The ClawHavoc incident in the OpenClaw ecosystem showed a real risk: a SKILL.md file can look normal while hiding malicious instructions. That can lead to command execution, data exfiltration, or credential theft.
Direct installs from random GitHub repositories put the full security review burden on each user. Most teams do not have time to manually audit every skill file before installing it.
agentskill.sh uses a two-layer model: centralized scanning on the platform plus local verification in /learn at install time. This gives both broad coverage and a final check before files are written.
Exactly what we do to improve security
- We run server-side static analysis on every skill across 12 threat categories.
- We assign a normalized 0-100 security score with issue severity and category details.
- We show the score and metadata in /learn before installation starts.
- We warn on low scores (<50) and require explicit confirmation for very low scores (<30).
- We continuously rescan skills and ingest new reports to refresh risk signals.
- We self-check /learn updates with content SHA verification to avoid stale security logic.
For safer installs, use /learn and review this dashboard instead of blindly cloning unknown skill files. For incident context, see CrowdStrike's OpenClaw analysis .
Score Distribution
Excellent (90-100)88,387
Good (70-89)10,469
Medium (50-69)4,084
Low (25-49)1,900
Critical (0-24)2,373
Issues by Severity
Critical
1,430High
12,106Medium
99,368Low
222,104Top Issue Categories
External Calls172,607
Sensitive File Access56,817
Command Injection53,741
Data Exfiltration47,961
Credential Harvesting2,054
Obfuscation1,676
Prompt Injection136
Persistence9
Staged Malware4
Social Engineering2
ClickFix Attack1
Low Security Skills
(score below 70)
sickn33/frontend-mobile-development-component-scaffold0
openclaw/clawtime1 critical 2 high 0
openclaw/security-scanner7 critical 3 high 0
sickn33/bash-pro13 high 0
agenticnotetaking/reseed18 high 0
openclaw/skill-security-scanner2 critical 3 high 0
github/project-workflow-analysis-blueprint-generator1 high 0
openclaw/better-auth1 high 0
openclaw/canary7 critical 1 high 0
openclaw/emergency-rescue6 high 0
openclaw/skillguard3 critical 1 high 0
trailofbits/semgrep-rule-creator1 critical 5 high 0
agenticnotetaking/add-domain14 high 0
openclaw/openkrill1 high 0
agenticnotetaking/setup36 high 0
sickn33/file-path-traversal5 critical 31 high 0
sickn33/iterate-pr6 high 0
danielmiessler/Documents0
openclaw/vigil3 critical 1 high 0
openclaw/ssh-tunnel2 critical 23 high 0
openclaw/wp-to-static3 critical 4 high 0
openclaw/kosmi-dj6 high 0
openclaw/vault04 high 0
sickn33/github-workflow-automation6 critical 15 high 0
openclaw/nutrient-document-processing0
sickn33/convex2 high 0
openclaw/credential-manager0
openclaw/osint-investigator0
sickn33/cal-com-automation0
openclaw/security-sentinel3 critical 3 high 0
agenticnotetaking/ask13 high 0
openclaw/stock-evaluator-v30
sickn33/incident-runbook-templates7 high 0
openclaw/kryptogo-meme-trader0
github/write-coding-standards-from-file38 high 0
openclaw/dns-networking0
sickn33/linux-privilege-escalation10 high 0
openclaw/fomo-research0
sickn33/cloud-penetration-testing3 high 0
openclaw/imap-idle14 high 0
openclaw/skillvet7 critical 3 high 0
openclaw/permission-creep-scanner6 critical 1 high 0
openclaw/dm-bot0
openclaw/planning-with-files3 critical 2 high 0
openclaw/veryfi-documents-ai0
openclaw/protocol-doc-auditor5 critical 2 high 0
openclaw/kirk-content-pipeline1 critical 0
openclaw/security-check6 critical 1 high 0
openclaw/keychain-bridge42 high 0
openclaw/opengraph-io0
Recently Flagged for Review
laynewanggg/critical-thinkingApr 9, 2026100
getcompanion-ai/session-searchApr 8, 202694
getcompanion-ai/session-logApr 8, 2026100
getcompanion-ai/previewApr 8, 2026100
getcompanion-ai/jobsApr 8, 2026100
getcompanion-ai/contributingApr 8, 2026100
glebis/agency-docs-updaterApr 8, 20260
glebis/chrome-historyApr 7, 202699
ColonistOne/colony-searchApr 6, 202657
easingthemes/auto-webhooksApr 6, 20260
easingthemes/dx-doctorApr 6, 202674
easingthemes/dx-doc-genApr 6, 202645
easingthemes/auto-initApr 6, 202618
easingthemes/test-parentApr 5, 2026100
easingthemes/test-childApr 5, 2026100
IgorGanapolsky/setupApr 4, 202695
IgorGanapolsky/search-lessonsApr 3, 2026100
agentskill-sh/learnApr 3, 202690
Claws-Temple/claws-temple-bountyApr 2, 202684
Kaggle/kaggle-standardized-agent-examApr 1, 202623