Clawdex by Koi
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only security-check skill is coherent and transparent, but it sends skill names to Koi’s Clawdex API and users should treat its verdicts as advisory rather than absolute proof of safety.
This skill appears benign and proportionate for checking ClawHub skills. Before using it, be comfortable sending checked or installed skill names to the Clawdex API, and use its verdicts as advisory guidance rather than a complete substitute for reviewing a skill’s permissions and behavior.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Koi’s Clawdex service may learn which skills you check or have installed, though the artifacts do not show credentials or file contents being sent.
The documented audit workflow sends local installed skill names to an external Clawdex API. This is aligned with the skill’s purpose, but users should notice the third-party data flow.
for skill in $(ls ~/.clawdbot/skills/); do ... curl -s "https://clawdex.koi.security/api/skill/$skill"
Use the lookup with awareness of the external data flow, and avoid sending private or internal skill names if that information is sensitive.
A stale or incorrect external verdict could cause a user or agent to trust a skill more than warranted.
The wording presents a benign API verdict as sufficient to proceed with installation. This is coherent for a security-check tool, but users should avoid treating one third-party verdict as an absolute guarantee.
The skill has been audited and no malicious behavior was found. You can proceed with installation:
Treat Clawdex as one security signal, and still review permissions, source, and behavior before installing important or unfamiliar skills.