Moltcops
PassAudited by ClawScan on May 1, 2026.
Overview
MoltCops appears to be a coherent local scanner with no artifact evidence of hidden network, credential, persistence, or destructive behavior, but users should treat its results as advisory rather than a safety guarantee.
This looks safe to install as a local, manual scanner. Run it only on skill folders you intend to inspect, verify the package version/source, and do not treat a PASS result as a complete guarantee of safety.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user points the scanner at a large or sensitive directory, it will read eligible text/config files there during the scan.
The scanner recursively enumerates files under the user-supplied directory. This is expected for a local security scanner, but it can inspect many local files if pointed at a broad path.
for root, dirs, fnames in os.walk(skill_path): ... files.append(os.path.join(root, fn))
Run it only against the specific skill folder or downloaded package you want to inspect.
A user might over-trust a clean scan result and skip other review steps.
The 'Safe to install' wording may be overconfident for a rule-based scanner; the code checks listed regex patterns but cannot prove arbitrary code is safe.
| **PASS** | 0 | No critical or high-risk threats detected. Safe to install. |
Treat PASS as 'no listed patterns matched,' not as a full guarantee that a skill is safe.
Users may need to verify they are reviewing and running the intended package version with the expected runtime available.
The user-facing artifact documents a different version than the registry metadata and _meta.json, and it requires python3 despite no required binary declaration. This is a setup/provenance consistency note, not evidence of hidden behavior.
version: 1.0.0 ... python3 scripts/scan.py <path-to-skill-folder>
Confirm the package source/version before relying on it, and ensure python3 is available before running the documented command.