Security Skill Scanner
v0.1.0Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
⭐ 4· 2.3k·4 current·4 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description and instructions describe a Python/Bash-based scanner, whitelist manager, Moltbook monitor, and install-hook that can block installs — all reasonable for a 'security scanner' — but the package contains no code files or install spec. The SKILL.md expects scripts at /root/clawd/skills/security-skill-scanner/* and a Python module import, yet no such files are bundled. The metadata also fails to declare required runtimes (python3, bash). This inconsistency (claims vs. actual package contents) is a red flag.
Instruction Scope
Runtime instructions direct the operator to execute specific scripts (skill-scanner.py, whitelist-manager.py, moltbook-monitor.sh, install-hook.py), read/write files under /root/clawd and /tmp, add cron jobs, and modify shell profiles to wrap the molthub command. Those actions can affect system behavior and intercept skill installations. Because the scripts are not included, following the instructions would either fail or require fetching/creating external code — increasing risk.
Install Mechanism
There is no install specification and no code files. The SKILL.md assumes local scripts already exist or must be placed at /root/clawd/skills/security-skill-scanner. The lack of an explicit, auditable install source (git repo clone, release tarball, package manager entry) means a user or agent would need to obtain code from an external/unknown source before the described functionality can run — a high-risk situation.
Credentials
The skill declares no environment variables or credentials, which is proportionate for a scanner. However, the instructions recommend writing to system locations (/root, /var/log, /tmp), modifying ~/.bashrc to intercept installs, and scheduling cron jobs — actions that grant ongoing influence over the environment despite no explicit credential requests. No secrets are requested, but the recommended changes increase the skill's effective reach.
Persistence & Privilege
Although the registry flags do not force persistence, the SKILL.md encourages persistent installations: cron jobs for periodic scans and a shell wrapper for molthub to run the install-hook on every install. Those manual steps would give the scanner long-lived control over the install flow and logs; recommending them without bundled, reviewable code is a significant privilege escalation and should be treated cautiously.
Scan Findings in Context
[NO_CODE_FILES] unexpected: The skill's SKILL.md references multiple scripts and a Python module (skill-scanner.py, whitelist-manager.py, moltbook-monitor.sh, install-hook.py, permission-manager.py, data/whitelist.json), but the package contains no code files. This prevents verification of the behavior the SKILL.md describes.
What to consider before installing
Do not run or install this skill as-is. Before trusting it, obtain and review the referenced code (the repository or release artifact), confirm a secure install source (git tag or release on the project's homepage), and have someone with security knowledge audit the scripts for actions that alter shell profiles, create cron jobs, or intercept installs. If you must test, do so in an isolated VM or sandbox, and verify how the whitelist is managed (who can edit data/whitelist.json). Prefer an install spec that pins a known release and includes checksums or signatures; avoid adding the molthub wrapper or cron jobs until the code is reviewed and you understand uninstall/remediation steps.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🔒 Clawdis
latest
Security Skill Scanner
Scans ClawdHub skills for suspicious patterns, manages permission manifests, and monitors Moltbook for security threats.
Features
- Pattern Detection: Scans SKILL.md files for credential theft, command injection, network exfil patterns
- Whitelist Management: Maintains list of known legitimate skills
- Moltbook Monitoring: Continuously monitors Moltbook for security discussions and scam alerts
- Permission Manifests: Generates and tracks skill permissions with Isnad chains
- Daily Reports: Automatic scanning with markdown/JSON reports
Usage
Scan All Skills
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py
Scan Specific Skill
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-pro
Add to Whitelist
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist"
Check Whitelist
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py list
Monitor Moltbook (One-shot)
bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh
Files
| File | Purpose |
|---|---|
skill-scanner.py | Main scanner with regex pattern detection |
whitelist-manager.py | Manage false-positive whitelist |
moltbook-monitor.sh | Moltbook security feed monitor |
permission-manager.py | Generate skill permission manifests |
data/whitelist.json | Whitelisted skills database |
Patterns Detected
| Category | Patterns |
|---|---|
| Credential Theft | .env access, webhook.site, POST secrets |
| Command Injection | os.system, eval, shell=True, subprocess |
| Network Exfil | HTTP requests with Bearer tokens |
| Suspicious Downloads | wget, curl -O, remote scripts |
Whitelisted Skills
These skills are known legitimate and excluded from warnings:
- nano-banana-pro (Google Gemini)
- notion (Notion API)
- trello (Trello API)
- gog (Google Workspace)
- local-places (Google Places)
- bluebubbles (iMessage)
- weather (Weather API)
- And 5 more...
Cron Jobs (Optional)
Add to crontab for automated scanning:
# Daily skill scan at 4 AM
0 4 * * * python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py >> /var/log/skill-scan.log 2>&1
# Moltbook monitor every 30 min
*/30 * * * * bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh >> /var/log/moltbook-monitor.log 2>&1
Pre-Install Hook (Block Suspicious Skills)
Install new skills with automatic security scanning that BLOCKS suspicious installations:
Quick Install with Scan
# Interactive mode (asks before installing)
bash /root/clawd/skills/security-skill-scanner/install-skill.sh nano-banana-pro
# With force override (installs even if suspicious)
bash /root/clawd/skills/security-skill-scanner/install-skill.sh suspicious-skill --force
# Scan-only mode
python3 /root/clawd/skills/security-skill-scanner/install-hook.py skill-name --scan-only
Integration with molthub
Add to your shell profile for automatic scanning on every install:
# Add to ~/.bashrc or ~/.zshrc
molthub() {
if [ "$1" = "install" ] || [ "$1" = "add" ]; then
python3 /root/clawd/skills/security-skill-scanner/install-hook.py "$2" --interactive
else
/home/linuxbrew/.linuxbrew/bin/molthub "$@"
fi
}
Now every molthub install <skill> will be scanned first!
What Happens
- Clean skill → Installs normally ✅
- Whitelisted skill → Installs normally ✅
- Suspicious skill → BLOCKED with explanation 🚫
- Suspicious + --force → Warns but installs ⚠️
Example Output
🔒 Pre-Install Security Scan: nano-banana-pro
----------------------------------------------
Status: whitelisted
Action: allowed
✅ Scan passed - safe to install
🚀 Proceeding with installation...
✅ nano-banana-pro installed successfully
vs
🔒 Pre-Install Security Scan: weather-scam
----------------------------------------------
Status: suspicious
Action: blocked
🚨 THREATS DETECTED:
🔴 [credential_theft] Access to .env file
File: SKILL.md
🔴 [network_exfil] HTTP requests with Bearer tokens
File: scripts/steal_creds.py
❌ INSTALLATION BLOCKED
To override: python3 install-hook.py weather-scam --force
Reports
/tmp/security-scanner/scan-report.md- Human-readable scan results/tmp/security-scanner/scan-results.json- Structured JSON output/tmp/security-scanner/moltbook-scan.log- Moltbook monitoring log
Integration
Import as a module:
from skill_scanner import RegexScanner
scanner = RegexScanner()
results = scanner.scan_all_skills()
print(f"Found {results['threats_found']} threats")
Comments
Loading comments...