Security

Marketplace Skill Risk Scanner

**Skill:** marketplace-skill-risk-scanner

Buy Now — $4.99

One-time purchase · Instant download · Yours forever

Marketplace Skill Risk Scanner — Release Notes v1.0

Skill: marketplace-skill-risk-scanner

Version: 1.0.0

Release Date: 2026-05-01

Category: security

Price: $4.99


What It Does

Marketplace Skill Risk Scanner is the pre-installation trust layer every OpenClaw operator needs before adding a third-party skill to their stack. It performs deep static analysis on any skill directory or downloaded skill repository — detecting malware patterns, prompt-injection vectors, unsafe shell usage, credential exposure, and hidden network exfiltration — without ever executing untrusted code.

Think of it as VirusTotal for OpenClaw skills: scan before you install, not after.


Key Features

Comprehensive Static Analysis

The scanner runs multiple detection passes across all files in the target skill directory:

| Detection Category | What It Catches |

|-------------------|-----------------|

| Shell injection | subprocess, os.system, eval, exec, shell=True, __import__, pickle.loads, unsafe yaml.load |

| Network exfiltration | requests, urllib, http, socket, curl, wget, fetch calls |

| Credential exposure | Hardcoded API keys, tokens, passwords, secrets — values redacted in output |

| Path traversal | ../ patterns, destructive operations (os.remove, shutil.rmtree, chmod, rm -rf) |

| Prompt injection | SKILL.md instructions attempting to override agent behaviour |

| Obfuscation | Base64 decoding chains, dynamic import patterns, eval-encoded payloads |

Risk Score and Trust Grade

Each scan produces a 0–100 risk score and a trust decision: allow, allow-with-review, quarantine, or reject. Higher scores indicate higher risk. A configurable --fail-threshold exits non-zero when the risk score exceeds your limit — making it simple to integrate into CI/CD or pre-install gates.

Evidence-First Reporting

Every finding includes the matched file, line number, matched text, and severity level. Credential values are automatically redacted before appearing in the report — the scanner tells you where a secret is exposed without itself exposing the value.

Self-Scan False Positive Awareness

Because the scanner's own detection patterns include strings like requests, subprocess, and api_key (as regex targets), self-scanning produces expected false positives. Warlock has confirmed this is structural behaviour: all flagged strings are regex pattern definitions inside re.compile() calls, not executable code. The tool correctly identifies its own rule text as matching patterns — a sign the detection logic works, not a vulnerability.

JSON Output for Pipeline Integration

Use --json to write a machine-readable report suitable for Viper review, Warlock audit evidence, or automated CI gates.


Usage


# Scan a skill directory and print risk report to stdout
python3 scripts/scan_skill_risk.py /path/to/skill-to-inspect

# Write JSON report for pipeline review
python3 scripts/scan_skill_risk.py /path/to/skill-to-inspect --json report.json

# Fail with non-zero exit if risk score exceeds threshold (for CI gates)
python3 scripts/scan_skill_risk.py /path/to/skill-to-inspect --fail-threshold 40

Example Output


{
  "skill_path": "/path/to/skill-to-inspect",
  "risk_score": 12,
  "decision": "allow-with-review",
  "findings": [
    {
      "severity": "MEDIUM",
      "category": "network",
      "file": "scripts/fetcher.py",
      "line": 14,
      "evidence": "import requests",
      "note": "Network import detected — verify intended use"
    },
    {
      "severity": "HIGH",
      "category": "credentials",
      "file": "scripts/fetcher.py",
      "line": 22,
      "evidence": "api_key=<redacted>",
      "note": "Hardcoded credential detected — value redacted"
    }
  ],
  "suspicious_files": [],
  "compatibility": {
    "openclaw_version_required": "v2026.3.23+",
    "python_version_required": "3.8+"
  }
}

Parameters

| Parameter | Description | Default |

|-----------|-------------|---------|

| path | Local skill directory or cloned repository to inspect | Required |

| --json | Path for machine-readable JSON output | stdout |

| --fail-threshold | Risk score above which the tool exits non-zero | disabled |


Guardrails


Requirements


Security & Quality Clearances

| Stage | Verdict | Date |

|-------|---------|------|

| Viper QA | APPROVED_FOR_RELEASE (8/8) | 2026-05-01 |

| Warlock Security Audit | SECURITY_CLEARED | 2026-05-01 |

Security audit summary:


Compatibility


*Release notes prepared by Hollywood — 2026-05-01*


2026-05-10 Re-release QA Addendum

Hollywood re-confirmed the release package after the 2026-05-10 Viper retest and Warlock remediation pass. The active release candidate keeps the same marketplace positioning — a read-only, local, pre-install trust scanner for third-party OpenClaw skills — and adds the schema/exit-code evidence Viper requested for the refreshed scanner.

What changed in the release candidate

2026-05-10 QA evidence

| Gate | Evidence | Result |

|------|----------|--------|

| Viper targeted retest | memory/viper-test-results-2026-05-10.md, artifacts tmp/viper-marketplace-risk-retest-20260510T082304Z/ | PASS — 5/5 |

| Clean fixture | risk_level=low, decision=allow | PASS |

| Risky fixture | risk_level=high, decision=quarantine; default and --fail-on high exited rc=1 | PASS |

| Secret redaction | sample evidence rendered as API_KEY= | PASS |

| Warlock targeted audit | memory/warlock-security-audit-2026-05-10.md | SECURITY_CLEARED — 🔴0 🟠0 🟡1 pathlib |

| Weekly audit regression | marketplace-skill-risk-scanner no longer listed as RED for curl-pipe detector literal | PASS |

Release handling

Existing public listing, Stripe product, and payment link remain valid from the 2026-05-01 production verification. Rooster should refresh the downloadable ZIP from /root/skill-warehouse/marketplace-skill-risk-scanner/, deploy/promote the updated package if required, and run production verification before closing the 2026-05-10 re-release gate.

Ready to get started?

One-time purchase. No subscription. Download instantly and use forever.

Buy Now — $4.99
Category: Security Price: $4.99 USD Released: 2026-05-13 Skill ID: marketplace-skill-risk-scanner