ClawHub

Clawdex by Koi

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: clawdex Version: 1.0.2 The OpenClaw AgentSkills skill bundle 'clawdex' is designed to perform security checks on other ClawHub skills. Its primary function involves making `curl` requests to `https://clawdex.koi.security/api/skill/SKILL_NAME` to retrieve a security verdict, which is consistent with its stated purpose. It also uses `ls` to list installed skills in `~/.openclaw/skills/` or `~/.clawdbot/skills/` for auditing. While the `SKILL.md` contains instructions for the AI agent (e.g., to inform the user or seek approval for 'unknown' skills), these are security-positive directives that align with the skill's function and do not constitute malicious prompt injection. There is no evidence of data exfiltration, malicious execution, persistence, or other harmful behaviors.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI07: Insecure Inter-Agent Communication
What this means

Koi’s Clawdex service may learn which skills you check or have installed, though the artifacts do not show credentials or file contents being sent.

Why it was flagged

The documented audit workflow sends local installed skill names to an external Clawdex API. This is aligned with the skill’s purpose, but users should notice the third-party data flow.

Skill content
for skill in $(ls ~/.clawdbot/skills/); do ... curl -s "https://clawdex.koi.security/api/skill/$skill"
Recommendation

Use the lookup with awareness of the external data flow, and avoid sending private or internal skill names if that information is sensitive.

NoteHigh Confidence
ASI09: Human-Agent Trust Exploitation
What this means

A stale or incorrect external verdict could cause a user or agent to trust a skill more than warranted.

Why it was flagged

The wording presents a benign API verdict as sufficient to proceed with installation. This is coherent for a security-check tool, but users should avoid treating one third-party verdict as an absolute guarantee.

Skill content
The skill has been audited and no malicious behavior was found. You can proceed with installation:
Recommendation

Treat Clawdex as one security signal, and still review permissions, source, and behavior before installing important or unfamiliar skills.