Scan-Skill Mode

Skill Security Scan (scan-skill)

scan-skill adds a security gate for skills used by agentic coding tools. It can scan a remote skill before installation and scan a local skill folder already installed on your machine.

Motivation Skills execute with user-level permissions. That means a malicious skill can attempt credential theft, persistence, remote payload execution, or agent manipulation. This feature is designed to reduce that supply-chain risk by providing a structured, repeatable security scan before trust is granted.

How it works

1. Input handling:

• Remote input: scans supported remote sources (currently GitHub and ClawHub/ClawdHub hosts).

• Local input: accepts a local directory path, recursively packages it in-memory, and requires a SKILL.md file.

1. Safe ingestion:

• Enforces size and structure limits.

• Skips symlinks and non-text/binary content for analysis stages.

• Preserves SKILL.md as the primary manifest.

1. Multi-layer detection:

• Static layer: known malicious patterns and indicators.

• Behavioral layer: suspicious code behavior/data-flow patterns.

• Semantic layer (LLM): context-aware reasoning, false-positive review at finding level, and final narrative summary.

1. Result output:

• Returns verdict (BENIGN, WARNING, SUSPICIOUS, MALICIOUS), findings, evidence, severity, and optional analysis summary.

• Uses hash-based caching to reuse prior scan results for identical skill content.

CLI usage

Note: local scanning expects a directory, not a direct SKILL.md file path.