Security

Marketplace Safe Install Scanner

Marketplace Safe Install Scanner is a pre-install safety check for OpenClaw and ClawHub skills. It statically reviews a local skill folder before installation, scores the package,

Buy Now — $4.99

One-time purchase · Instant download · Yours forever

Marketplace Safe Install Scanner v1.0

Released: 2026-05-11

Price: $4.99

Category: security

QA Status: APPROVED_FOR_RELEASE / SECURITY_CLEARED

What it does

Marketplace Safe Install Scanner is a pre-install safety check for OpenClaw and ClawHub skills. It statically reviews a local skill folder before installation, scores the package, and returns a pass, review, or block verdict based on risky patterns such as dynamic code execution, shell subprocesses, destructive commands, credential reads, network capability, and missing skill metadata.

It is designed for cautious buyers and marketplace operators who want evidence before trusting third-party skill code, without importing, executing, installing, or publishing the target package.

Use cases

Requirements

Example usage


python3 scripts/safe_install_scanner.py ./downloaded-skill --json

Expected output


{
  "tool": "marketplace-safe-install-scanner",
  "target": "downloaded-skill",
  "files_scanned": 2,
  "score": 100,
  "verdict": "pass",
  "findings": [],
  "sensitive_files_seen": [".env"],
  "skipped_files": [
    {"file": "assets/demo.bin", "reason": "binary_or_unsupported"}
  ],
  "recommendations": [
    "No blocking patterns found; still inspect SKILL.md for usefulness and fit."
  ]
}

Marketing copy

Marketplace Safe Install Scanner gives OpenClaw users a practical quarantine gate for third-party skills: point it at a local skill folder and get a static safety score, pass/review/block verdict, risky-pattern findings, skipped-file evidence, and name-only sensitive-file reporting before install. It never executes target code, calls the network, or reads secrets, making it ideal for cautious buyers, marketplace QA, and teams standardising safe skill intake.

QA and release context

Viper approved the 2026-05-11 post-Iceman rerun after confirming clean packages pass, risky fixtures block, hidden/sensitive fixtures report .env by name only, large and binary files are safely skipped, missing targets return clean JSON errors, and generated pycache artifacts are absent. Security Audit: CLEARED by Warlock.

Ready to get started?

One-time purchase. No subscription. Download instantly and use forever.

Buy Now — $4.99
Category: Security Price: $4.99 USD Released: 2026-05-11 Skill ID: marketplace-safe-install-scanner