Most agent skills are dropped into a workspace and trusted on the strength of a one-paragraph SKILL.md. The Scanner reads what they actually do — the shell calls, the network requests, the file writes, the secrets they reach for — and gives a short, honest report on whether the behavior matches what the skill says about itself.
Free while in beta. Paste a public GitHub URL for any OpenClaw skill or MCP server. We read it like a careful reviewer reads code: with the assumption that something interesting is hiding.
Static analysis flags shell-exec, network calls to non-public hosts, file writes outside declared scope, obfuscated strings, and unpinned dependencies. Then a Claude pass reads the SKILL.md against the handler code and calls out what doesn't match.
Skills get a 0–100 trust score with the reasoning shown — line-level, not vibes. Not a pass/fail. The reader decides if that one network call to api.example.com is a feature or a leak.
Skill authors who score above 85 can claim a Verified badge to embed on their listing. A small fee covers re-verification each quarter; the public scan stays free for everyone.
The Scanner is a sibling to the Landing Page Grade — same editorial conviction, applied to code instead of copy. Eight dimensions: declared-vs-observed scope, secret handling, network egress, filesystem reach, shell discipline, dependency hygiene, prompt injection surface, and supply-chain risk. Each dimension gets a paragraph. The score is the argument.