Moltcops Skill
v1.0.0Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
⭐ 0· 672·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and runtime instructions describe a local-only pre-install scanner. The package includes a scanner script and rule set and requests no env vars, binaries, installs, or config paths — which is proportionate for this purpose.
Instruction Scope
SKILL.md's instructions are narrowly scoped: run python3 scripts/scan.py <path-to-skill-folder>. The scanner necessarily reads files in the target skill folder (expected). The README repeatedly asserts 'No API calls. No uploads.' That claim cannot be validated from the metadata alone; the bundled script must be inspected to confirm it does not transmit scanned data off-host.
Install Mechanism
No install spec — instruction-only with a bundled script. This is low-risk from an install perspective (nothing is written to system locations by an installer).
Credentials
Requires no environment variables, credentials, or special config paths. That aligns with a local scanner's needs. The scanner will read files in the target folder (expected), which may include secrets stored by the skill being scanned — this is expected behavior for a scanner but worth noting.
Persistence & Privilege
Skill does not request always-on presence, model-invocation flags were not set to grant elevated persistence, and there are no declared privileges. This is appropriate for a utility scanner.
Assessment
This package appears internally consistent with its stated purpose. Before trusting it: (1) manually open scripts/scan.py and rules.json and search for any network or subprocess calls (e.g., requests, urllib, socket, subprocess, os.system, urllib3, httpx) or hardcoded URLs/endpoints — the SKILL.md claims 'No API calls' and that should be verified; (2) confirm the script does not POST/PUT/GET scanned file contents to remote servers; (3) run the scanner on a harmless test folder first to observe behavior and any network activity (use a network monitor or run offline); (4) inspect rules.json to understand what is flagged and whether it may produce false positives on your code. If you cannot or do not want to inspect the code yourself, treat the skill as untrusted until a third party you trust has audited scripts/scan.py.Like a lobster shell, security has layers — review code before you run it.
latestvk970a6ytfnahwb1gxgvtxkzthh80xcgm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.