This is a pre-install security auditor that flags suspicious network behavior before you run untrusted skills. It scans for red flags like connections to raw IPs, DNS tunneling, exfiltration patterns where code reads files then POSTs them somewhere, and endpoints that weren't declared upfront. The real value is catching skills that request both file read and network permissions, which is the classic setup for stealing your .env or source code. It won't run the skill itself, just static analysis of what it declares and what patterns show up in the code. If you're installing community skills or anything from outside your org, this catches the obvious data theft attempts before they happen.
npx skills add https://github.com/useai-pro/openclaw-skills-security --skill network-watcher