How does SkillRisk protect against OpenClaw threats like ClawHavoc?

SkillRisk was built with OpenClaw security as a core focus. We scan SKILL.md files, hook scripts, and MCP configurations for the exact attack patterns used in ClawHavoc — embedded curl exfiltration, AMOS stealer payloads, and hidden command execution. With 1,184 malicious skills found on ClawHub and CVE-2026-25253 (CVSS 8.8) still impacting OpenClaw, scanning before installation is essential.

Does SkillRisk detect MCP server vulnerabilities like SSRF?

Yes. BlueRock Security found that 36.7% of MCP servers are potentially vulnerable to server-side request forgery (SSRF). SkillRisk scans MCP server configurations for SSRF patterns, command injection via server args, known malicious endpoints, and overly permissive configurations that could be exploited in agentic AI deployments.

Are my skill files uploaded to your servers?

No. SkillRisk runs 100% in your browser. Your code never leaves your device — all scanning is performed client-side using our security rule engine. No data is uploaded, stored, or transmitted to any server.

What AI agent supply chain attacks does SkillRisk detect?

SkillRisk detects multiple supply chain attack vectors including ClawHavoc-style SKILL.md payload injection, malicious postinstall scripts, compromised MCP server endpoints, hidden network exfiltration commands, credential theft patterns (AMOS stealer), and CVE-2026-2256 unsanitized shell execution vulnerabilities. Our 646+ security rules cover the full spectrum of AI agent supply chain threats identified in the IBM 2026 X-Force Threat Index.

What file formats does SkillRisk support?

You can upload a .zip of your skill folder. We specifically analyze SKILL.md, settings.json, .mcp.json, and any referenced .sh or .js hook scripts used by OpenClaw, Claude Code, Cursor, Windsurf, and other AI coding agents.

Securing Claude Cowork: File Exfiltration in 48 Hours, CVEs, and What You Must Do Now

Published 2026-03-20 by Security Team

Within 48 hours of launch, researchers demonstrated that a single Word document could trick Claude Cowork into uploading sensitive files to an attacker. Combined with two critical CVEs and a broken permission model, here is how to actually secure your Cowork setup.

Tags: Claude Code, Cowork, Security, Prompt Injection

Back to all articles | Scan your skills

Why 36% of MCP Servers Are Vulnerable to SSRF — And How to Protect Yours
The Complete OpenClaw Skill Security Checklist: What to Check Before Installing
VirusTotal vs SkillRisk: Why File Scanning Isn't Enough for OpenClaw Skills

Securing Claude Cowork: File Exfiltration in 48 Hours, CVEs, and What You Must Do Now

Related Articles