ClawHub

Bot Police

v1.0.0

Detect, investigate, and contain malicious or compromised bots using behavior analysis, policy enforcement, and escalation protocols.

0· 44·0 current·0 all-time
byAdnane Arharbi@arhadnane
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (detect/investigate/contain malicious bots) align with the included code: index.js accepts a list of bots, computes risk scores from observable indicators, and returns recommended actions; required capabilities and manifest are proportionate.
Instruction Scope
SKILL.md instructs the agent to 'gather evidence from logs and message traces', 'trigger quarantine', and 'notify orchestrator and human owner'. The code does not implement log collection, notification, or enforcement; these would rely on the agent runtime or external integrations. This is plausible but means the agent (not the skill code) will need access to logs/notification endpoints to perform those steps, so be mindful of what runtime permissions you grant.
Install Mechanism
No install spec is provided (instruction-only with a small JS file). Nothing is downloaded or written by an installer; no external packages or extractable archives are referenced.
Credentials
The skill requests no environment variables, credentials, or config paths. The SKILL.md's suggested actions (e.g., notifying an orchestrator) would require external credentials in practice, but none are requested by the skill itself.
Persistence & Privilege
always is false and the skill does not request elevated persistence. disable-model-invocation is false (normal). There is no code that modifies other skills or system-wide config.
Assessment
This skill is coherent and implements a local scoring model only — it does not itself access networks or credentials. However, the runtime instructions expect the agent to collect logs, perform quarantines, and send notifications, which would require giving your agent access to logs, orchestration APIs, or the ability to modify bot permissions. Before installing: (1) review and limit what logs/endpoints the agent can read and write; (2) require human approval before executing quarantine/block actions (test with 'watch' outcomes first); (3) verify any orchestrator/notification endpoints and credentials you intend to use; and (4) run the skill on non-sensitive test data to confirm behavior matches expectations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brwvdj27cm4w749yndb91518450tp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚓 Clawdis

Comments