The Problem
Approximately 20% of skills on ClawHub have been confirmed as malicious. Automated scanning tools like VirusTotal help detect known malware signatures, but they were not designed to catch the more subtle threats targeting AI agent ecosystems.
The skills in OpenClaw Skills Packs go through a different kind of review โ one conducted by a cybersecurity professional, not an algorithm.
Our Review Process
Source Verification
Verify origin, authorship, and dependency chain. Check for compromised packages, typosquatted names, and unexpected external references.
Behavioral Analysis
Review instructions, prompts, and metadata for prompt injection vectors, hidden instructions, social engineering triggers, and encoded content that could alter agent behavior.
Permission & Access Review
Evaluate every permission request against stated functionality. A marketing skill requesting shell access gets flagged. We look for escalation patterns and unnecessary access.
Data Flow Inspection
Trace all outbound data paths: unauthorized API calls, external endpoints, sensitive data logging, and any mechanism that could leak user data.
Functional Testing
Run in an isolated environment. Observe actual behavior versus documented purpose. Check for unexpected actions, undocumented network calls, and functionality divergence.
What We Catch vs. Automated Scanners
โ Not caught by scanners
- Prompt injection patterns
- Data exfiltration via legit APIs
- Permission escalation via chaining
- Social engineering in descriptions
- Typosquatted package names
- Encoded payloads in metadata
- Excessive permission requests
โ Covered in our review
- Known malware signatures
- Prompt injection vectors
- Data exfiltration channels
- Permission analysis
- Supply chain integrity
- Behavioral testing
- OWASP Agentic AI alignment
Reference Frameworks
- OWASP Agentic AI Top 10 โ Emerging standard for agentic AI security
- MITRE ATLAS โ Adversarial threat landscape for AI systems
- CoSAI Agentic AI Security โ 12 core threat categories for agent deployments
- ISO 42001 โ AI Management Systems (reviewer is a certified Lead Auditor)
- ISO 27001 โ Information Security Management fundamentals
โ ๏ธ An Honest Note on Limitations
No security review โ human or automated โ can guarantee 100% safety. The AI agent landscape evolves rapidly, new attack vectors emerge regularly, and a safe skill today could be compromised by an upstream dependency change tomorrow.
What we provide is a significant reduction in risk through professional human review across multiple threat categories. We believe honesty about limitations is itself a sign of security competence.
Frequently Asked Questions
How are skills audited?
Five-step review: source verification, behavioral analysis, permission review, data flow inspection, functional testing. Conducted by a cybersecurity professional with 20+ years of experience and ISO 42001/27001 certifications.
Are they guaranteed 100% safe?
No โ and we're transparent about that. No review eliminates all risk. We significantly reduce risk compared to installing unvetted skills from public registries.
How is this different from VirusTotal?
VirusTotal detects known malware signatures. We go further: prompt injection, data exfiltration via legitimate channels, permission escalation, social engineering, and supply chain integrity.
Who performs the reviews?
Nasser Oumer โ 20+ years in cybersecurity, certified ISO 42001 Lead Auditor and ISO 27001 practitioner.
๐ก๏ธ Ready to Use Skills You Can Trust?
25 packs ยท 169 rules ยท 24 agents โ OSINT, cybersecurity, marketing, business ops, and more.
Explore Skills Packs โ