Skill Scanner
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Local
Designed to audit Clawdbot/MCP skill files before install.
- Data access: Sensitive
Reads full skill contents that may include scripts and embedded secrets.
- Action surface: Read
Produces audit results without executing installation changes itself.
Best practices
Follow these steps to reduce risk when using this skill.
- Scan skills in an isolated environment before enabling them in your main profile.
- Treat scanner findings as triage and manually inspect flagged code blocks.
- Block installation when high-risk exfiltration or persistence patterns are detected.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.