en un clic
clawscan
clawscan contient 4 skills collectées depuis openclaw, avec une couverture métier par dépôt et des pages de détail sur le site.
Skills dans ce dépôt
Use when running or explaining the ClawScan CLI, including one-off agent-skill scans, benchmark runs, scanner fixtures, judge harness commands, env var validation, and interpreting clawscan-run-v1 and clawscan-benchmark-v1 artifacts.
Pre-commit/ship bundle-only code review: Codex default; optional Claude, Pi, or Droid.
Use when a researcher, maintainer, or contributor found or suspects a malicious skill on ClawHub and needs a private reporting workflow: opening a GitHub private vulnerability report, preparing a proposal-only PR, creating `proposals/<GHSA-ID>/clawscan.yml`, running ClawScan against the malicious skill, and explaining what evidence belongs in private versus public channels.
Use when an OpenClaw maintainer or owner is reviewing a ClawHub malicious-skill profile proposal PR: checking `proposals/<GHSA-ID>/clawscan.yml`, reading the private vulnerability context without leaking it, running the SkillTrustBench Profile Gate or equivalent local benchmark, updating the accepted baseline, and promoting an accepted candidate into `internal/profiles/clawhub/clawscan.yml`.