openclaw-skills-security-checkerSecurity scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
Install via ClawdBot CLI:
clawdbot install digitaladaption/openclaw-skills-security-checkerScans ClawdHub skills for suspicious patterns, manages permission manifests, and monitors Moltbook for security threats.
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.pypython3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-propython3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist"python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py listbash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh| File | Purpose |
|------|---------|
| skill-scanner.py | Main scanner with regex pattern detection |
| whitelist-manager.py | Manage false-positive whitelist |
| moltbook-monitor.sh | Moltbook security feed monitor |
| permission-manager.py | Generate skill permission manifests |
| data/whitelist.json | Whitelisted skills database |
| Category | Patterns |
|----------|----------|
| Credential Theft | .env access, webhook.site, POST secrets |
| Command Injection | os.system, eval, shell=True, subprocess |
| Network Exfil | HTTP requests with Bearer tokens |
| Suspicious Downloads | wget, curl -O, remote scripts |
These skills are known legitimate and excluded from warnings:
Add to crontab for automated scanning:
# Daily skill scan at 4 AM
0 4 * * * python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py >> /var/log/skill-scan.log 2>&1
# Moltbook monitor every 30 min
*/30 * * * * bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh >> /var/log/moltbook-monitor.log 2>&1Install new skills with automatic security scanning that BLOCKS suspicious installations:
# Interactive mode (asks before installing)
bash /root/clawd/skills/security-skill-scanner/install-skill.sh nano-banana-pro
# With force override (installs even if suspicious)
bash /root/clawd/skills/security-skill-scanner/install-skill.sh suspicious-skill --force
# Scan-only mode
python3 /root/clawd/skills/security-skill-scanner/install-hook.py skill-name --scan-onlyAdd to your shell profile for automatic scanning on every install:
# Add to ~/.bashrc or ~/.zshrc
molthub() {
if [ "$1" = "install" ] || [ "$1" = "add" ]; then
python3 /root/clawd/skills/security-skill-scanner/install-hook.py "$2" --interactive
else
/home/linuxbrew/.linuxbrew/bin/molthub "$@"
fi
}Now every molthub install will be scanned first!
š Pre-Install Security Scan: nano-banana-pro
----------------------------------------------
Status: whitelisted
Action: allowed
ā
Scan passed - safe to install
š Proceeding with installation...
ā
nano-banana-pro installed successfullyvs
š Pre-Install Security Scan: weather-scam
----------------------------------------------
Status: suspicious
Action: blocked
šØ THREATS DETECTED:
š“ [credential_theft] Access to .env file
File: SKILL.md
š“ [network_exfil] HTTP requests with Bearer tokens
File: scripts/steal_creds.py
ā INSTALLATION BLOCKED
To override: python3 install-hook.py weather-scam --force/tmp/security-scanner/scan-report.md - Human-readable scan results/tmp/security-scanner/scan-results.json - Structured JSON output/tmp/security-scanner/moltbook-scan.log - Moltbook monitoring logImport as a module:
from skill_scanner import RegexScanner
scanner = RegexScanner()
results = scanner.scan_all_skills()
print(f"Found {results['threats_found']} threats")Generated Mar 1, 2026
An open-source AI platform like ClawdHub uses this skill to automatically scan all installed skills for security vulnerabilities, such as credential theft or command injection patterns. It helps maintain a secure ecosystem by blocking suspicious skill installations and generating daily security reports for administrators.
A company running an internal AI skill marketplace integrates this scanner to vet third-party skills before deployment. It scans for network exfiltration risks and manages a whitelist of approved skills, ensuring compliance with security policies and preventing data breaches from malicious code.
A university AI lab uses this skill to teach students about security in AI agents by scanning custom-developed skills for vulnerabilities like suspicious downloads or insecure API calls. It provides hands-on learning with automated reports and whitelist management for safe experimentation.
Freelance developers building AI skills for clients use this scanner to audit their own code for security flaws before submission. It detects patterns like os.system misuse and generates permission manifests, helping ensure deliverables are secure and trustworthy.
An AI community forum like Moltbook integrates this skill to monitor discussions for security threats and scam alerts. It automates scanning of shared skill code snippets, providing real-time alerts to moderators and maintaining a safer environment for users.
Offer a free basic version for individual developers or small teams, with premium features like advanced pattern detection, priority support, and automated compliance reporting for enterprises. Revenue comes from subscription tiers and custom integration services.
Provide this scanner as a cloud-based service where users upload skill files for automated security analysis. Charge per scan or on a monthly basis, with additional revenue from consulting for whitelist management and threat response.
Partner with AI platform providers to bundle this scanner as a built-in security feature. Generate revenue through licensing fees, customization projects, and ongoing support for integrating the tool into existing workflows like molthub installations.
š¬ Integration Tip
Integrate the pre-install hook into your CI/CD pipeline to automatically scan new skills before deployment, and use the JSON reports for logging and alerting in security monitoring tools.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack š¦
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper ā gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard ā runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...