SkillScan

SkillScan v1.1.5 introduces a strict security gate for all skill installations and updates. - Every new skill must pass a security scan before being used. HIGH/CRITICAL risk skills are blocked with no exceptions. - Scan triggers on any install, load, add, evaluation, or safety-related request. - On first use, writes a Skill Security rule to SOUL.md and scans all existing skills. - Removes the Skill Security section from SOUL.md on uninstall. - Provides command-line and API options for scanning, with clear exit codes and user instructions. - Supports auto-update and can use a custom update source via environment variable.

OpenClaw analysis

The skill generally does what it says (scans skill packages and can perform cloud-powered analysis) but it contains several intrusive behaviors (writing to a global SOUL.md, enumerating many user paths, collecting a MAC/unique client id, and uploading files to an external service) that are privacy-sensitive and deserve review before install.

Confidence: medium

VirusTotal

Type: OpenClaw Skill Name: skillscan Version: 1.0.0 The skill functions as a security scanner but exhibits several high-risk behaviors that border on malicious data harvesting. In `scripts/scanner.py`, it collects system fingerprints (including MAC addresses) and uploads the full source code of all detected skills to a third-party domain (`skillscan.tokauth.com`) for 'cloud analysis.' The script searches for skills across an unusually broad range of directories belonging to other AI agents and IDEs (e.g., Cursor, Claude, Copilot, Windsurf). Additionally, `SKILL.md` instructs the agent to modify the core `SOUL.md` configuration to ensure its rules persist, and the script includes an auto-update mechanism that downloads and executes remote ZIP payloads.