ClawHub

clawsec-clawhub-checker

v0.0.3

ClawHub reputation checker for clawsec-suite. Adds a standalone reputation gate before guarded skill installation.

0· 387·7 current·7 all-time
by@davida-ps

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for davida-ps/clawsec-clawhub-checker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "clawsec-clawhub-checker" (davida-ps/clawsec-clawhub-checker) from ClawHub.
Skill page: https://clawhub.ai/davida-ps/clawsec-clawhub-checker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node, clawhub, openclaw
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawsec-clawhub-checker

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawsec-clawhub-checker
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared dependency on clawsec-suite, and required binaries (node, clawhub, openclaw) match the code and CLI behavior. The scripts call clawhub inspect/search and delegate to the clawsec-suite guarded installer as described, so the requested capabilities are appropriate for the stated purpose.
Instruction Scope
Runtime instructions and scripts stay within the stated scope: they run ClawHub inspect/search, compute heuristics, and optionally instruct a manual integration into clawsec-suite hooks. A caution: the enhanced installer delegates to the suite's guarded installer and streams process.env to it (no new env vars are read by the skill), so the ultimate install flow will run the original installer with the full environment—expected but worth noting.
Install Mechanism
No external install/download is present in the skill bundle (instruction-only install). All code is provided in the package; there are no remote URLs or extract/install steps that would pull arbitrary code at install time.
Credentials
The skill declares no required secrets and only one optional env var (CLAWHUB_REPUTATION_THRESHOLD), which is proportional. Minor caveat: enhanced_guarded_install passes the parent process.env unchanged to the original guarded installer—this is functionally reasonable but means any environment-level secrets present will also be available to the delegated installer process.
Persistence & Privilege
The skill does not request always:true or automatic mutation of other skills. The setup helper explicitly avoids rewriting other skills and the advisory-hook wiring is manual, which limits persistent/privileged changes.
Assessment
This package appears to do exactly what it claims: run ClawHub inspections and apply a reputation heuristic before delegating to the clawsec-suite installer. Before installing: (1) confirm you trust the clawhub and clawsec-suite binaries on your system, since the scripts call them; (2) review the provided scripts (especially enhanced_guarded_install.mjs and check_clawhub_reputation.mjs) if you plan to wire the optional hook into clawsec-suite; (3) be aware the enhanced installer forwards your process environment to the original installer (so any env-held secrets would be available to that child process); and (4) note the behavior is 'fail closed' when scanner metadata is missing — you may encounter blocked installs for packages lacking ClawHub scanner data. If you need higher assurance, run the scripts locally in a controlled environment and inspect outputs before enabling them in production.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis
Binsnode, clawhub, openclaw
latestvk97bs4g0dswkapxta4swefqyrn850mzn
387downloads
0stars
3versions
Updated 1w ago
v0.0.3
MIT-0
@davida-ps
latest
Download

ClawSec ClawHub Checker

Adds a reputation gate on top of the clawsec-suite guarded installer.

Operational Notes

  • Required runtime: node, clawhub, openclaw
  • Depends on: installed clawsec-suite
  • Side effects: none on other skills; this package does not rewrite installed suite files
  • Advisory-hook wiring is optional and manual in this release
  • Network behavior: reputation checks call ClawHub inspect/search endpoints
  • Trust model: scores are heuristic and confirmation-gated

What It Does

  1. Reads skill metadata from ClawHub (inspect --json)
  2. Evaluates scanner status (including VirusTotal summary when present)
  3. Applies additional reputation heuristics (age, updates, author history, downloads)
  4. Requires explicit --confirm-reputation when score is below threshold

Installation

Install after clawsec-suite:

npx clawhub@latest install clawsec-suite
npx clawhub@latest install clawsec-clawhub-checker

Optional preflight check (validates local paths and prints recommended command):

node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/setup_reputation_hook.mjs

Usage

Run the enhanced installer directly from this skill:

node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/enhanced_guarded_install.mjs \
  --skill some-skill \
  --version 1.0.0

If a skill is below threshold, rerun only with explicit approval:

node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/enhanced_guarded_install.mjs \
  --skill some-skill \
  --version 1.0.0 \
  --confirm-reputation

Optional Advisory-Hook Wiring (Manual)

This release does not auto-patch clawsec-suite hook files.
If you rely on advisory alerts that include reputationWarning / reputationWarnings, wire the checker module manually:

  • Source module: ~/.openclaw/skills/clawsec-clawhub-checker/hooks/clawsec-advisory-guardian/lib/reputation.mjs
  • Target hook file: ~/.openclaw/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts

Treat that wiring as a deliberate local customization and review it before enabling.

Exit Codes

  • 0 safe to install
  • 42 advisory confirmation required (from clawsec-suite)
  • 43 reputation confirmation required
  • 1 error

Configuration

Environment variables:

  • CLAWHUB_REPUTATION_THRESHOLD - Minimum score (0-100, default: 70)

Safety Notes

  • This is defense-in-depth, not a replacement for advisory matching
  • Scanner outputs can produce false positives and false negatives
  • Always review skill code before overriding warnings

Development

Key files:

  • scripts/enhanced_guarded_install.mjs
  • scripts/check_clawhub_reputation.mjs
  • scripts/setup_reputation_hook.mjs
  • hooks/clawsec-advisory-guardian/lib/reputation.mjs

License

GNU AGPL v3.0 or later - Part of the ClawSec security suite

Comments

Loading comments...