ClawHub

Crabukit

v0.1.3

Security scanner for OpenClaw skills with Clawdex integration. Analyzes SKILL.md and scripts for dangerous permissions, hardcoded secrets, shell injection vu...

2· 568·0 current·0 all-time
by@tnbradley
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description (security scanner) matches the code and tests: analyzers for bash/python, permission checks, rules/patterns, CLI, and CI integration. It does not request unrelated credentials or system-wide binaries. One minor mismatch: registry metadata said 'no install spec / instruction-only' while SKILL.md includes package install metadata (pip). This likely reflects packaging metadata being present in SKILL.md but is not a functional risk.
Instruction Scope
SKILL.md contains clear runtime instructions for scanning, installing via pip, and optional integration with Clawdex. It also suggests copying a 'claw-safe-install.sh' wrapper into the user's home and adding it to shell config — that is a persistent change the user must opt into. The SKILL.md also lists prompt-injection trigger phrases (e.g., 'ignore-previous-instructions') as detection targets; the presence of those strings is expected for a scanner but was flagged by the pre-scan detector.
Install Mechanism
Installation is via pip / standard Python packaging and links to a GitHub repo in docs/examples. There is no binary download from an untrusted host or extract-from-arbitrary-URL behavior. CI uses pip install -e . which is standard for Python projects.
Credentials
The package declares no required environment variables, no primary credential, and no config paths. Optional integration with Clawdex is documented; that integration appears to be optional and should be explained to users before providing any Clawdex credentials. No broad unrelated credentials are requested.
Persistence & Privilege
The skill does not request permanent agent inclusion (always:false) and does not modify other skills. However, documentation recommends copying a shell wrapper into the user's home and sourcing it in shell config, which is a user-driven persistent change. Users should inspect that script before adding it to their shell startup.
Scan Findings in Context
[prompt-injection-detected-in-SKILL.md:ignore-previous-instructions] expected: The SKILL.md intentionally documents prompt-injection patterns and trigger phrases (for detection), so the string 'ignore-previous-instructions' appearing in documentation is expected. The pre-scan detector flagged it as a potential prompt-injection attempt, but in context it is part of the scanner's detection rules/research.
Assessment
Crabukit appears to be what it claims: a static security scanner with rule sets and tests. Before installing or running it with elevated privileges: 1) Inspect scripts/claw-safe-install.sh and do not blindly copy/source it into your shell — run it in a sandbox first or read it line-by-line. 2) Review external_scanners.py (Clawdex integration) to confirm which remote endpoints are contacted and whether any credentials are needed. 3) Prefer installing from the published package index (or a verified GitHub release) rather than unverified sources; verify the project URL and maintainer. 4) Run the package in an isolated environment (virtualenv/container) and run the test-suite included to verify behavior. 5) Because this is a security tool that looks for dangerous patterns, antivirus false positives are possible — treat those explanations cautiously and audit the code yourself if you rely on it for security-critical workflows.

Like a lobster shell, security has layers — review code before you run it.

latestvk976cgnt29pfjjbzke8y1ngd8981m92v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis

Comments