Skillv1.1.0

ClawScan security

Moltcops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Moltcops is internally consistent: a local, instruction-first security scanner that only reads files in a target folder and requires no credentials or installs — but review how you use it (don't scan highly sensitive directories blindly) and treat the external web links in the README with normal caution.
Guidance: Moltcops appears to be what it claims: a small, local file-pattern scanner. Before running it: 1) review rules.json if you want to see what patterns will be flagged (and to tune noisy rules); 2) test the scanner on a non-sensitive folder first so you understand its output format; 3) avoid pointing it at directories containing unencrypted private keys or credentials you don't want printed to stdout (it will show matched line snippets locally); 4) treat the advertised web links as external resources — the script doesn't call them, but verify those sites yourself before visiting; and 5) if you need stronger privacy, run the script inside a sandbox or container and redirect output to a secure location. Overall the skill is coherent and low-risk for its intended purpose.

Review Dimensions

Purpose & Capability: okName/description (pre-install security scanner) match the provided artifacts: SKILL.md describes a local scanner and the included scripts (scripts/scan.py + rules.json) implement a file-based pattern scanner. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope: noteRuntime instructions tell the agent/user to run python3 scripts/scan.py <path>. The scanner walks and reads files under the provided path (expected for this purpose). Note: the scanner prints matched line snippets (up to 120 chars) so scanning folders that contain private keys, credentials, or other secrets will surface parts of those secrets to local stdout — this is normal for a scanner but is a privacy consideration. SKILL.md also advertises external web pages (moltcops.com, moltbook, and a 'Web Scanner' URL) even though the code is local-only; those links are not invoked by the code but warrant normal caution.
Install Mechanism: okNo install spec; instruction-only with a small Python script relying only on the Python standard library. No downloads, no archived extracts, no external package installs. This is low-risk and proportionate for the stated function.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. The scanner purposely looks for patterns that indicate access to env vars and credential files in the target code, but the scanner itself does not access the environment beyond ordinary os operations. The requested privileges are minimal and appropriate.
Persistence & Privilege: okNo always:true flag, no install hooks, and the skill does not modify agent configuration or request persistent system presence. Autonomous invocation is allowed by default (disable-model-invocation=false) which is normal for skills; this combined with the scanner's narrow scope does not raise additional concerns.