Scan Report
0 /100
jcvd
Authorization gatekeeper for OpenClaw agents. Scoped grants, time-bound permissions, skill scanning, prompt injection detection, and full audit trail.
Jean-Claw Van Damme is a legitimate authorization gatekeeper skill that performs security scanning and audit logging. No malicious behavior detected.
Safe to install
This skill is safe to install. It functions as documented: a pure markdown authorization framework with helper scripts for scanning and audit export.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | SKILL.md (implicit): reads target skill files during scan |
| Shell | NONE | WRITE | ✓ Aligned | scan-skill.sh, audit-export.sh: grep/cp operations scoped to target skill direct… |
2 findings
Medium External URL 外部 URL
https://agenticpoa.com README.md:9 Medium External URL 外部 URL
https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/ README.md:13 File Tree
5 files · 27.0 KB · 801 lines Markdown 2f · 431L
Shell 2f · 305L
JSON 1f · 65L
├─
audit-export.sh
Shell
├─
policy.json
JSON
├─
README.md
Markdown
├─
scan-skill.sh
Shell
└─
SKILL.md
Markdown
Security Positives
✓ Pure markdown skill -- no compiled code, fully readable
✓ No external dependencies or third-party packages
✓ No obfuscation or encoded payloads anywhere
✓ Helper scripts are documented in README.md architecture section
✓ Security-focused tool: prompt injection detection, skill scanning, audit logging
✓ No credential harvesting, data exfiltration, or network exfiltration behavior
✓ No base64-encoded payloads or dynamic code execution
✓ No references to sensitive paths (~/.ssh, ~/.aws, .env)
✓ scan-skill.sh correctly detects its own patterns as a self-referential security scanner
✓ Open source MIT license, author from known organization (agenticpoa)