Detection coverage
What TrustSkills detects
TrustSkills scans OpenClaw and ClawHub skills for 7 threat categories. Every scan is free, runs server-side, and returns plain-English findings — no CVE IDs, no security jargon.
C2 Callback Detection
criticalDetect hidden command-and-control connections in AI agent skills
Data Exfiltration Detection
criticalDetect skills that steal credentials, API keys, and sensitive files
Prompt Injection Detection
highDetect instructions hidden in skill files that hijack agent behavior
Obfuscated Payload Detection
highDetect base64-encoded and eval-wrapped malicious code hiding in skills
Reverse Shell Detection
criticalDetect bash TCP, netcat, and PowerShell reverse shells in skill code
Permission Scope Detection
mediumDetect skills that claim minimal permissions but use far more at runtime
Suspicious Network Pattern Detection
mediumDetect undeclared network activity and beaconing in AI agent skills
Run a scan now
Paste a ClawHub skill URL or upload a skill zip. TrustSkills checks all 7 categories and returns a risk level with plain-English findings in seconds. Free. No account required.
Scan a skill free →