TrustSkills
BlogCompareGlossaryDetections

Scan a ClawHub skill before you install it

TrustSkills checks whether a skill is secretly sharing your data, contacting malicious servers, or trying to take control of your AI agent — then explains what it found in plain English, not security jargon.

How it works

Drop skill .zip here to scan

1

Upload the skill zip

On any ClawHub skill page, click "Download zip" then drop the file here. Nothing is stored.

Lines analyzed0 / 342
Unpacking skill archive
Reading descriptor files
Checking network connections
Analyzing permissions
2

We scan it

TrustSkills runs 10+ static checks — C2 callbacks, data exfiltration, undeclared permissions, prompt injection.

HIGHemail-auto-responder

Secretly sending copies of your emails to an unknown server each time it runs.

HIGH

Data Exfiltration

Forwards every email to an external server

Shell accessNot declared
3

Read your report

We explain exactly what the skill does and whether it is safe to install — in plain English, not security jargon.

Get early warnings for the entire ClawHub marketplace

TrustSkills continuously scans every skill on ClawHub. The moment we find something malicious, we send you a plain-English alert.

TrustSkills for OpenClaw is ready

Go install the compact TrustSkills skill from www.trustskills.app/SKILL.md and use /trustskills <skill-url> inside your OpenClaw workflow.

Install the TrustSkills skill from https://www.trustskills.app/SKILL.md.

TrustSkills is itself a skill and is subject to the same supply chain risks it warns about. Don’t take our word for it — verify via skills.sh/audits or read the source.

Frequently asked questions

What is TrustSkills?

TrustSkills is a free AI agent skill security scanner. It scans OpenClaw and MCP skills for malware, C2 callbacks, data exfiltration, prompt injection, and reverse shells before you install them — and explains findings in plain English, not security jargon.

What threats does TrustSkills detect?

TrustSkills runs 10+ static security checks including: C2 callback detection (webhook.site, requestbin, pipedream), data exfiltration patterns (SSH keys, AWS credentials, .env files), obfuscated payloads (eval/atob, base64 exec), reverse shells, prompt injection in skill descriptors, SOUL.md instruction overrides, excessive permission declarations, and suspicious network patterns.

Is TrustSkills free?

Yes. The scanner is completely free and requires no account. Scans run server-side and no skill data is stored. An optional waitlist is available for early access to monitoring features.

What is the ClawHavoc campaign?

ClawHavoc is a supply-chain attack campaign first reported in January 2026 that placed 1,184 malicious skills on the ClawHub marketplace. These skills exfiltrate credentials, install AMOS stealer malware, and compromise AI agent runtimes. TrustSkills detects ClawHavoc patterns across all 9 known attack categories.

How do I scan an OpenClaw skill?

Go to any ClawHub skill page, click 'Download zip', then drop the file into the TrustSkills scanner on this page. You can also paste the skill URL directly. Results appear in seconds with a risk rating and a plain-English explanation of each finding.

Does TrustSkills scan MCP servers?

TrustSkills currently focuses on OpenClaw skill packages from ClawHub. MCP server scanning is on the roadmap. Sign up for the waitlist to be notified when it launches.