Skill Verifier
Verify an OpenClaw Skill
Paste a skill URL, name, or manifest JSON to check if it's safe. Everything runs in your browser — no data leaves your device.
What it checks (fast)
- Known malicious skill fingerprints
- Permissions (filesystem, network, shell)
- Heuristics: suspicious endpoints, install hooks, shell/network combos
Red flags
- Network enabled without a clear reason
- Shell access + install hooks
- Broad filesystem read (home folders, dotfiles)
- Obfuscated code or strange download URLs
Limitations
- This is not a full static analyzer or sandbox execution.
- “Clean” result ≠ guaranteed safe — treat untrusted skills as code execution.
Start with the pillar guide: OpenClaw Security · Browse audited options: Verified Skills