Pre-Install Scanner (Free)

Intercept a clawhub install request and run a quick safety check — before anything is written to disk.

Signals included (free version — 3 of 10):

Signal	Tier	What it catches
shell+network combo	HIGH	exec + outbound network in same skill — classic exfil pattern
hardcoded-external-url	HIGH	Raw external URLs embedded in instructions
unverified-publisher	MEDIUM	Publisher has no verified badge on clawhub.com

Not included (full version — Security Pack):

• Data exfiltration pattern detection
• Suspicious exec chain analysis (curl | bash, base64 -d | bash)
• Source unreachable handling
• Missing/vague description flag
• Excessive permissions check
• New publisher signal
• No changelog signal

Get all 10 signals → ClawHub Security Pack

---

When to run

• "Install [skill-name] from ClawHub" — runs automatically before install
• "Is [skill-name] safe to install?" — on-demand scan
• "clawhub install [skill-name]" — intercepts and scans first

Output format

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔍 Pre-Install Scan (Free — 3/10 signals): <skill-name>
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Publisher : <name> [verified / unverified]
Version   : <version>
Risk      : LOW | MEDIUM | HIGH

Flags:
  ⚠️  <signal>  — <one-line explanation>

Summary: <1–2 sentences>
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

*Full 10-signal scan: https://theagentgordo.gumroad.com/l/clawhub-security-pack*

Actions by rating

Rating	Action
LOW	Proceed with install
MEDIUM	Warn user, ask for confirmation
HIGH	Block install. Requires --force to override

Requirements

• web_fetch — to retrieve the SKILL.md from ClawHub
• web_search — to check publisher standing
• No API keys required

Support

https://clawhub.com/@ordo-tech | Full pack: https://theagentgordo.gumroad.com/l/clawhub-security-pack