Crabukit

The OpenClaw skill 'crabukit' is a security scanner designed to detect malicious patterns, vulnerabilities, and prompt injection attempts in *other* OpenClaw skills. While its codebase contains numerous patterns for highly malicious activities (e.g., RCE, data exfiltration, backdoors, `curl|bash`, `eval`/`exec`, prompt injection phrases), these are consistently implemented as *detection rules* within its analyzers and pattern definitions (`crabukit/rules/patterns.py`, `crabukit/analyzers/*.py`), or as *test fixtures* (`tests/fixtures/malicious-skill/`) to validate its detection capabilities. The `SECURITY.md` explicitly addresses potential false positives from antivirus software due to its defensive nature. The only external network call identified (`crabukit/external_scanners.py`) is a legitimate query to the Clawdex threat intelligence API (`https://clawdex.koi.security`) to check the reputation of the *skill being scanned*, not to exfiltrate user data. The `scripts/claw-safe-install.sh` wrapper also implements a defensive 'scan-before-install' mechanism. There is no evidence of intentional harmful behavior by the 'crabukit' skill itself; its purpose is to enhance security.