Security Dashboard
Monitor security scores and issues across all skills in the directory.
How we make skill installs safer
The ClawHavoc incident in the OpenClaw ecosystem showed a real risk: a SKILL.md file can look normal while hiding malicious instructions. That can lead to command execution, data exfiltration, or credential theft.
Direct installs from random GitHub repositories put the full security review burden on each user. Most teams do not have time to manually audit every skill file before installing it.
agentskill.sh uses a two-layer model: centralized scanning on the platform plus local verification in /learn at install time. This gives both broad coverage and a final check before files are written.
Exactly what we do to improve security
- We run server-side static analysis on every skill across 12 threat categories.
- We assign a normalized 0-100 security score with issue severity and category details.
- We show the score and metadata in /learn before installation starts.
- We warn on low scores (<50) and require explicit confirmation for very low scores (<30).
- We continuously rescan skills and ingest new reports to refresh risk signals.
- We self-check /learn updates with content SHA verification to avoid stale security logic.
For safer installs, use /learn and review this dashboard instead of blindly cloning unknown skill files. For incident context, see CrowdStrike's OpenClaw analysis .
Score Distribution
Excellent (90-100)38,504
Good (70-89)5,070
Medium (50-69)2,227
Low (25-49)999
Critical (0-24)1,204
Issues by Severity
Critical
667High
8,084Medium
45,894Low
85,707Top Issue Categories
External Calls64,811
Sensitive File Access27,821
Command Injection24,846
Data Exfiltration21,402
Obfuscation710
Credential Harvesting696
Prompt Injection66
Low Security Skills
(score below 70)
openclaw/keyword-research9 high 0
agentskill-sh/learn5 critical 2 high 0
openclaw/binance0
openclaw/internal-linking-optimizer10 high 0
openclaw/bybit0
openclaw/unione0
openclaw/linear-webhook1 high 0
openclaw/clawtunes0
openclaw/plurum0
openclaw/pinchedin0
openclaw/glance1 high 0
openclaw/weex-trading0
openclaw/rank-tracker8 high 0
openclaw/AIsaFinancialData0
openclaw/clawk0
openclaw/AIsaFinancialData0
openclaw/alert-manager8 high 0
openclaw/MarketPulse0
openclaw/agentmemory0
openclaw/MarketPulse0
openclaw/clawpen0
openclaw/MarketPulse0
openclaw/ACP Rank0
openclaw/solana-trader0
openclaw/on-page-seo-auditor11 high 0
openclaw/molt-beach1 high 0
openclaw/meta-tags-optimizer9 high 0
openclaw/performance-reporter11 high 0
openclaw/okx0
openclaw/molttribe0
openclaw/geo-content-optimizer7 high 0
openclaw/fortclaw0
openclaw/competitor-analysis9 high 0
openclaw/calendly0
openclaw/solana-trader0
openclaw/serp-analysis10 high 0
openclaw/backlink-analyzer9 high 0
openclaw/curl-http0
openclaw/moltbook0
openclaw/technical-seo-checker8 high 0
openclaw/seo-content-writer13 high 0
openclaw/klaviyo0
openclaw/clawshot0
openclaw/content-quality-auditor11 high 0
openclaw/vibetunnel0
openclaw/onedrive2 high 0
openclaw/memory-management14 high 0
openclaw/steam-community-inventory0
openclaw/moltguild0
openclaw/onlyagents0
Recently Flagged for Review
openclaw/settlement-witnessFeb 15, 202693
openclaw/lygo-mint-verifierFeb 15, 202685
openclaw/monzoFeb 15, 20260
openclaw/loveFeb 15, 20260
openclaw/terabox-link-extractorFeb 15, 202698
openclaw/gif-whatsappFeb 15, 202693
openclaw/google-weatherFeb 15, 202697
openclaw/faster-whisperFeb 15, 202681
openclaw/spotify-linuxFeb 15, 202665
openclaw/jarvis-voiceFeb 15, 202686
openclaw/quadralFeb 15, 202696
openclaw/google-mapsFeb 15, 202699
openclaw/elevenlabsFeb 15, 202694
openclaw/chitinFeb 15, 202680
openclaw/clawlinkFeb 15, 202683
openclaw/nocodbFeb 15, 202699
avifenesh//ship - Complete PR WorkflowFeb 14, 202639
avifenesh/Phase 4: CI & Review Monitor Loop - ReferenceFeb 14, 202640
avifenesh//perf - Performance Investigation WorkflowFeb 14, 20260
avifenesh//next-task - Master Workflow OrchestratorFeb 14, 202620