SClawHub

About SClawHub

SClawHub is a security scanner focused on OpenClaw AI agent skills. It inspects skills for risky behaviors and assigns a trust score (0-100) along with a detailed vulnerability report to inform installation choices.

Review

SClawHub automatically analyzes agent skills for issues such as data exfiltration, credential access attempts, unsafe file operations, risky code execution, and obfuscation. The service is offered for free with a transparent, open methodology and includes a browser extension that displays trust badges on skill listings.

Key Features

• Automated scans for data exfiltration, credential theft, unsafe file operations, code execution risks, and obfuscation attempts.
• Trust score from 0 to 100 plus a detailed vulnerability report for each scanned skill.
• Browser extension that overlays trust badges on skill listings to surface security information before install.
• Open and transparent methodology with public reporting of findings.
• Tech stack built around a Node.js scanner, static analysis tooling, and AI-assisted review to speed analysis.

Pricing and Value

SClawHub is offered for free. Its main value lies in providing a quick, readable security assessment before installing third-party OpenClaw skills, helping reduce the likelihood of installing a malicious or poorly written skill. As a complimentary layer of defense, it is most useful when combined with other security practices such as careful key management and sandboxing.

Pros

• Provides a clear trust score and detailed reports that make security findings actionable.
• Targets high-risk areas for agent skills, including credential access and data exfiltration.
• Free and transparent, with visible methodology that users can review.
• Browser extension surfaces security information directly where skills are discovered.
• Rapid development and simple deployment model make it easy to adopt.

Cons

• Coverage is limited at launch; only a modest number of skills have been scanned so far, so not all listings will have assessments.
• Analysis relies on tooling and AI heuristics, which can produce false positives or miss novel attack techniques-it should not replace a full security audit.
• The browser extension may require store approval before wide distribution, which can delay convenience for some users.

Overall, SClawHub is best suited for developers and users who install or publish OpenClaw skills and want a quick, accessible check for common security issues. It works well as an early warning system to surface obvious risks, but critical deployments should still use comprehensive security review and safe key management practices.

Open 'SClawHub' Website