AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
Best use case
AURA Security Scanner is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
Teams using AURA Security Scanner should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/aura-security-scanner/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How AURA Security Scanner Compares
| Feature / Agent | AURA Security Scanner | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Best AI Skills for ChatGPT
Find the best AI skills to adapt into ChatGPT workflows for research, writing, summarization, planning, and repeatable assistant tasks.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# AURA Security Scanner
Protect your AI agent from malicious skills. Scan any OpenClaw, Claude MCP, or LangChain skill before installation.
## What It Detects
- **Malware Patterns** - Credential theft, file exfiltration, crypto miners, backdoors
- **Prompt Injection** - Attempts to override system instructions or jailbreak agents
- **Permission Issues** - Overly broad filesystem, network, or execution permissions
- **Suspicious Networks** - Connections to known exfiltration domains (webhook.site, etc.)
- **Obfuscated Code** - Base64/hex encoded execution, dynamic eval patterns
## Usage
Ask me to scan a skill before you install it:
```
"Scan this skill for security issues: https://github.com/user/cool-skill"
```
```
"Is this skill safe? https://github.com/example/mcp-tool"
```
```
"Check https://clawhub.xyz/skill/weather-api for malware"
```
## Verdicts
| Verdict | Risk Score | Meaning |
|---------|-----------|---------|
| SAFE | 0-20 | No issues found, safe to install |
| WARNING | 21-50 | Minor concerns, review before installing |
| DANGEROUS | 51-80 | Significant risks detected, avoid |
| BLOCKED | 81-100 | Critical threats, do not install |
## AURA Verified Badge
Skills with a SAFE verdict can display the AURA Verified badge, showing users they've been scanned and approved.
## Examples
### Safe Skill Response
```
AURA Skill Scan: weather-api
Verdict: SAFE
Risk Score: 5/100
AURA Verified: Yes
Summary: Clean skill with minimal permissions.
Requests only weather API access.
Recommendation: Safe to install.
```
### Dangerous Skill Response
```
AURA Skill Scan: suspicious-helper
Verdict: DANGEROUS
Risk Score: 78/100
AURA Verified: No
Findings:
- CRITICAL: Accesses SSH keys (~/.ssh/id_rsa)
- HIGH: Sends data to webhook.site
- HIGH: Runs eval() on decoded base64
Recommendation: Do not install. Contains credential
theft and data exfiltration patterns.
```
## API
This skill calls the AURA Security API:
```
POST https://api.aurasecurity.io/scan-skill
{
"skillUrl": "https://github.com/user/skill",
"format": "auto",
"includeRepoTrust": true
}
```
## About AURA
AURA (Agent Universal Reputation & Assurance) provides security infrastructure for the AI agent ecosystem. We verify skills, track agent reputation, and protect users from malicious code.
- Website: https://aurasecurity.io
- GitHub: https://github.com/aurasecurityio/aura-security
- X/Twitter: @aurasecurityioRelated Skills
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
SX-security-audit
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
Contract Reviewer - AI Legal Document Risk Scanner
Upload any contract or legal document and get a structured risk analysis with flagged clauses, plain-language explanations, and negotiation suggestions.
security-audit-hand
自主安全审计 - 定期检查系统安全、发现风险、生成报告
Agent Security Auditor
Scans ERC-8004 agents for security vulnerabilities and generates comprehensive security reports.
security-sentinel
Scan the workspace for security vulnerabilities, exposed secrets, and misconfigurations.
aura-openclaw
No description provided.
openclaw-security
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response.
openclaw-security-policy-check
OpenClaw 网关安全自动化审计与配置检查工具。自动检查 OpenClaw 配置文件中的常见安全风险,执行安全审计。适用于:
ants-openclaw-security-audit
审计本地 openclaw 的安全配置与运行暴露面。用于检查、验证、解释和总结当前机器或沙箱中的 openclaw 相关安全设置,包括代理配置、sandbox 配置、docker 端口暴露、gateway 检查、文件权限、workspace symlink 风险、本地监听端口以及整体本地安全状态。