Chita Cloud SkillScan is a security scanner designed to analyze AI agent skill files (SKILL.md) for behavioral threats before installation. It targets the AI agent skill supply chain, specifically skills distributed through platforms like ClawHub, and uses natural language processing (NLP) to detect malicious instructions that traditional signature-based scanners such as VirusTotal do not detect. The tool scans skill content for a range of threat categories including: - Supply chain attacks (pipe-to-bash remote code execution patterns) - Credential theft (instructions to read .env files or API key variables) - Data exfiltration (skills that POST user data to external capture services) - Prompt injection (attempts to override agent core instructions) - System prompt access (attempts to read or modify the agent's system prompt) - Known indicators of compromise (IOCs) from documented attack campaigns (e.g., ClawHavoc Feb 2026) Scanning can be performed by submitting a skill URL or pasting raw skill content directly. Results include a safety score, risk level, threat count, evidence snippets, threat categories, and remediation steps. The free tier provides 3 full scans per day with complete threat details. The Pro tier ($9/month or $0.49/scan) provides up to 100 scans/month, full threat details, and JSON API access via API key authentication. A Hosting Provider tier ($19/month) offers unlimited scans and a pre-install endpoint that returns BLOCK/REVIEW/INSTALL decisions, intended for OpenClaw-compatible hosting platforms. Payment is accepted via Bitcoin and Ethereum/USDC cryptocurrency only, with manual key activation via email.