Security Dashboard
Monitor security scores and issues across all skills in the directory.
How we make skill installs safer
The ClawHavoc incident in the OpenClaw ecosystem showed a real risk: a SKILL.md file can look normal while hiding malicious instructions. That can lead to command execution, data exfiltration, or credential theft.
Direct installs from random GitHub repositories put the full security review burden on each user. Most teams do not have time to manually audit every skill file before installing it.
agentskill.sh uses a two-layer model: centralized scanning on the platform plus local verification in /learn at install time. This gives both broad coverage and a final check before files are written.
Exactly what we do to improve security
- We run server-side static analysis on every skill across 12 threat categories.
- We assign a normalized 0-100 security score with issue severity and category details.
- We show the score and metadata in /learn before installation starts.
- We warn on low scores (<50) and require explicit confirmation for very low scores (<30).
- We continuously rescan skills and ingest new reports to refresh risk signals.
- We self-check /learn updates with content SHA verification to avoid stale security logic.
For safer installs, use /learn and review this dashboard instead of blindly cloning unknown skill files. For incident context, see CrowdStrike's OpenClaw analysis .
Score Distribution
Excellent (90-100)88,383
Good (70-89)10,468
Medium (50-69)4,084
Low (25-49)1,900
Critical (0-24)2,373
Issues by Severity
Critical
1,430High
12,106Medium
99,366Low
222,081Top Issue Categories
External Calls172,590
Sensitive File Access56,812
Command Injection53,738
Data Exfiltration47,961
Credential Harvesting2,054
Obfuscation1,676
Prompt Injection136
Persistence9
Staged Malware4
Social Engineering2
ClickFix Attack1
Low Security Skills
(score below 70)
sickn33/frontend-mobile-development-component-scaffold0
sickn33/cloud-penetration-testing3 high 0
openclaw/kosmi-dj6 high 0
sickn33/bash-pro13 high 0
agenticnotetaking/reseed18 high 0
openclaw/osint-investigator0
github/project-workflow-analysis-blueprint-generator1 high 0
openclaw/wp-to-static3 critical 4 high 0
openclaw/canary7 critical 1 high 0
openclaw/dns-networking0
openclaw/dm-bot0
openclaw/openkrill1 high 0
agenticnotetaking/add-domain14 high 0
openclaw/opengraph-io0
openclaw/stock-evaluator-v30
sickn33/file-path-traversal5 critical 31 high 0
sickn33/iterate-pr6 high 0
danielmiessler/Documents0
openclaw/kryptogo-meme-trader0
openclaw/planning-with-files3 critical 2 high 0
openclaw/kirk-content-pipeline1 critical 0
openclaw/nutrient-document-processing0
openclaw/fomo-research0
sickn33/github-workflow-automation6 critical 15 high 0
agenticnotetaking/setup36 high 0
sickn33/convex2 high 0
openclaw/credential-manager0
openclaw/skill-security-scanner2 critical 3 high 0
sickn33/cal-com-automation0
openclaw/emergency-rescue6 high 0
agenticnotetaking/ask13 high 0
openclaw/skillguard3 critical 1 high 0
sickn33/incident-runbook-templates7 high 0
openclaw/security-scanner7 critical 3 high 0
github/write-coding-standards-from-file38 high 0
openclaw/skillvet7 critical 3 high 0
sickn33/linux-privilege-escalation10 high 0
openclaw/security-sentinel3 critical 3 high 0
openclaw/ssh-tunnel2 critical 23 high 0
openclaw/imap-idle14 high 0
openclaw/clawtime1 critical 2 high 0
openclaw/permission-creep-scanner6 critical 1 high 0
openclaw/better-auth1 high 0
openclaw/security-check6 critical 1 high 0
openclaw/veryfi-documents-ai0
openclaw/protocol-doc-auditor5 critical 2 high 0
openclaw/vigil3 critical 1 high 0
openclaw/vault04 high 0
openclaw/keychain-bridge42 high 0
trailofbits/semgrep-rule-creator1 critical 5 high 0
Recently Flagged for Review
laynewanggg/critical-thinkingApr 9, 2026100
getcompanion-ai/session-searchApr 8, 202694
getcompanion-ai/session-logApr 8, 2026100
getcompanion-ai/previewApr 8, 2026100
getcompanion-ai/jobsApr 8, 2026100
getcompanion-ai/contributingApr 8, 2026100
glebis/agency-docs-updaterApr 8, 20260
glebis/chrome-historyApr 7, 202699
ColonistOne/colony-searchApr 6, 202657
easingthemes/auto-webhooksApr 6, 20260
easingthemes/dx-doctorApr 6, 202674
easingthemes/dx-doc-genApr 6, 202645
easingthemes/auto-initApr 6, 202618
easingthemes/test-parentApr 5, 2026100
easingthemes/test-childApr 5, 2026100
IgorGanapolsky/setupApr 4, 202695
IgorGanapolsky/search-lessonsApr 3, 2026100
agentskill-sh/learnApr 3, 202690
Claws-Temple/claws-temple-bountyApr 2, 202684
Kaggle/kaggle-standardized-agent-examApr 1, 202623