Marketplace Skill Risk Scanner Pro v1.0
Version: 1.0.0
Released: 2026-05-04
Last security re-audit: 2026-05-07
Price: $4.99
Category: security
QA Status: Approved for release; security-cleared (re-confirmed 2026-05-07)
Overview
Marketplace Skill Risk Scanner Pro is the pre-install vetting tool for serious OpenClaw operators. Deep static analysis flags remote script execution, destructive commands, embedded secrets, dynamic code execution, privilege escalation, and network exfiltration — before untrusted code ever touches your stack. Outputs a ranked severity report with evidence snippets (secrets redacted), risk rating (LOW/MEDIUM/HIGH/CRITICAL), and an install recommendation. Never executes inspected code. Essential for anyone installing third-party or marketplace skills in a production environment.
What you get
- OpenClaw skill package
- SKILL.md usage guide
scripts/scan_skill_risk.py— stdlib-only static analysis engine- Markdown and JSON output modes
Usage
# Markdown report (default)
python3 scripts/scan_skill_risk.py /path/to/skill-dir
# JSON output for pipelines
python3 scripts/scan_skill_risk.py /path/to/skill-dir --format json
# Limit scan to files under 256 KB
python3 scripts/scan_skill_risk.py /path/to/skill-dir --max-file-kb 256
Output
- Risk rating: LOW / MEDIUM / HIGH / CRITICAL
- Findings: suspicious patterns by file and line with evidence snippets (secrets redacted)
- Metadata gaps: missing ClawHub metadata, integration-fit issues
- Install recommendation: ALLOW / REVIEW / REJECT
Security Boundary
- No execution of inspected code
- SENSITIVE_NAMES exclusion guard prevents scanning MEMORY.md, USER.md, SOUL.md, .env, openclaw.json, and credential files
--allow-sensitive-pathsopt-in required for any sensitive path override- All RISK_PATTERNS regex lines tagged
# nosec: pattern-definition— not shell strings - No subprocess, no network calls, no eval/exec
- stdlib-only (re, pathlib, argparse, json — no pip installs)
Security & QA
- Viper: APPROVED_FOR_RELEASE (5/5 functional tests passed — 2026-05-04)
- Warlock: SECURITY_CLEARED (2026-05-05) — sensitive file exclusion + allow-sensitive-paths opt-in
- Warlock re-audit: SECURITY_CLEARED (2026-05-07) — all 14 audit findings confirmed false positives: SENSITIVE_NAMES is exclusion guard; re.compile() calls are pattern definitions (nosec respected);
$HOMEin regex literal not shell variable; skill-security-audit CLEAN; py_compile PASS; functional test PASS (risk_score=3/allow on clean target)
Requirements
- Python 3.8+ (stdlib only — no pip installs)
- OpenClaw v2026.3.23 or later
- No API keys required