ClawHub

Clawdex by Koi

v1.0.2

Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.

6· 6.3k·57 current·58 all-time
by@wearekoi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the instructions: it queries an external Clawdex API to evaluate skills. However, the SKILL.md instructs listing local skill folders (~/.openclaw/skills and ~/.clawdbot/skills) even though the registry metadata declares no required config paths. Declaring those paths would be expected for transparency.
!
Instruction Scope
Runtime instructions tell the agent to run curl to an external endpoint (https://clawdex.koi.security) and to enumerate local directories of installed skills. That means the agent will read local filenames and send them externally. The SKILL.md does not explicitly warn about this privacy/network behavior nor does the skill metadata declare the filesystem access, so the instructions grant the agent access beyond what the metadata advertises.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing will be written to disk by installation. That reduces risk from arbitrary code installation.
Credentials
The skill requests no credentials or environment variables (proportionate), but it will make outbound network requests and expose installed skill names to a third-party domain. No tokens are required, but the act of sending installed-skill names is a privacy/telemetry action that should be disclosed and justified.
Persistence & Privilege
always is false and there is no install-time persistence or modifications to other skills' configs. The skill can be invoked autonomously by the agent (platform default), which increases blast radius only insofar as the instructions read files and make network calls.
What to consider before installing
This skill is a simple instruction set that queries an external Clawdex API and suggests listing your local skill directories—there's no code bundled, so installation won't write files. Before using it, be aware that: (1) it will enumerate installed skill names (ls ~/.openclaw/skills or ~/.clawdbot/skills) and send those names to https://clawdex.koi.security, which is a privacy/network action you should consent to; (2) the SKILL.md does not declare the local paths it reads — ask the publisher to declare required config paths for transparency; (3) verify the API host (clawdex.koi.security) is controlled by the vendor you trust (koi.ai) and review their privacy policy; (4) if you want stricter control, run the curl/ls commands yourself manually or block outbound access and only allow the skill to run after explicit user approval. If you need higher assurance, request an audited manifest or a signed statement from the publisher about what data is sent and retained.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fq1rahprs8h6wv8gd8nkfx80azmq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments