Skip to content

Skill Scanning

When skills are published to the OpenMotoko registry, they undergo automated security scanning. This protects users from installing malicious or vulnerable skills.

  1. Manifest validation: the skill manifest is checked against the Zod schema for required fields, valid capability declarations, and proper tool definitions
  2. Source analysis: the skill source code is scanned for known vulnerability patterns
  3. Capability audit: declared capabilities are checked against actual usage in the code
  4. Grade assignment: a security grade is computed based on findings

The scanner checks for these categories:

PatternRiskDescription
eval() / new Function()CriticalDynamic code execution
child_process importsHighShell spawning outside declared capabilities
vm module usageHighSandbox escape potential
PatternRiskDescription
Undeclared fetch / httpHighNetwork access not in manifest
Hardcoded URLs to suspicious domainsMediumPotential data exfiltration
DNS lookupsLowMay indicate undeclared network use
PatternRiskDescription
fs access outside declared pathsHighPath traversal
Symlink creationMediumPotential escape from allowed paths
Access to sensitive paths (.ssh, .env)CriticalCredential theft
PatternRiskDescription
Environment variable access beyond declaredHighSecret leakage
Base64 encoding of file contentsMediumPotential exfiltration prep
Clipboard accessMediumData theft
GradeMeaningCriteria
AExcellentNo findings, minimal capabilities
BGoodLow-risk findings only
CAcceptableMedium-risk findings, all explained
DWarningHigh-risk findings present
FRejectedCritical findings, not published

A skill is rejected (grade F) if any of the following are true:

  • Contains eval() or new Function() calls
  • Accesses filesystem paths not declared in the manifest
  • Uses network without declaring network: true
  • Reads environment variables not listed in capabilities.env
  • Contains obfuscated code
  • Attempts to modify the skill runtime or IPC bridge

Skills with grade C or D are flagged for manual review by registry maintainers before being listed as “verified.”

MethodPathDescription
GET/api/registry/searchSearch with verified filter
GET/api/registry/:idIncludes security grade
POST/api/registry/rateCommunity ratings supplement scanning