Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
Security Skill Scanner
Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
skill openclawclawhub Free
Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 0.1.0
Provenance
- Publisher
- digitaladaption
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Security Skill Scanner
Scans ClawdHub skills for suspicious patterns, manages permission manifests, and monitors Moltbook for security threats.
Features
Pattern Detection: Scans SKILL.md files for credential theft, command injection, network exfil patterns Whitelist Management: Maintains list of known legitimate skills Moltbook Monitoring: Continuously monitors Moltbook for security discussions and scam alerts Permission Manifests: Generates and tracks skill permissions with Isnad chains Daily Reports: Automatic scanning with markdown/JSON reports
Scan All Skills
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py
Scan Specific Skill
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-pro
Add to Whitelist
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist"
Check Whitelist
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py list
Monitor Moltbook (One-shot)
bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh
Files
FilePurposeskill-scanner.pyMain scanner with regex pattern detectionwhitelist-manager.pyManage false-positive whitelistmoltbook-monitor.shMoltbook security feed monitorpermission-manager.pyGenerate skill permission manifestsdata/whitelist.jsonWhitelisted skills database
Patterns Detected
CategoryPatternsCredential Theft.env access, webhook.site, POST secretsCommand Injectionos.system, eval, shell=True, subprocessNetwork ExfilHTTP requests with Bearer tokensSuspicious Downloadswget, curl -O, remote scripts
Whitelisted Skills
These skills are known legitimate and excluded from warnings: nano-banana-pro (Google Gemini) notion (Notion API) trello (Trello API) gog (Google Workspace) local-places (Google Places) bluebubbles (iMessage) weather (Weather API) And 5 more...
Cron Jobs (Optional)
Add to crontab for automated scanning: # Daily skill scan at 4 AM 0 4 * * * python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py >> /var/log/skill-scan.log 2>&1 # Moltbook monitor every 30 min */30 * * * * bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh >> /var/log/moltbook-monitor.log 2>&1
Pre-Install Hook (Block Suspicious Skills)
Install new skills with automatic security scanning that BLOCKS suspicious installations:
Quick Install with Scan
# Interactive mode (asks before installing) bash /root/clawd/skills/security-skill-scanner/install-skill.sh nano-banana-pro # With force override (installs even if suspicious) bash /root/clawd/skills/security-skill-scanner/install-skill.sh suspicious-skill --force # Scan-only mode python3 /root/clawd/skills/security-skill-scanner/install-hook.py skill-name --scan-only
Integration with molthub
Add to your shell profile for automatic scanning on every install: # Add to ~/.bashrc or ~/.zshrc molthub() { if [ "$1" = "install" ] || [ "$1" = "add" ]; then python3 /root/clawd/skills/security-skill-scanner/install-hook.py "$2" --interactive else /home/linuxbrew/.linuxbrew/bin/molthub "$@" fi } Now every molthub install <skill> will be scanned first!
What Happens
Clean skill โ Installs normally โ Whitelisted skill โ Installs normally โ Suspicious skill โ BLOCKED with explanation ๐ซ Suspicious + --force โ Warns but installs โ ๏ธ
Example Output
๐ Pre-Install Security Scan: nano-banana-pro ---------------------------------------------- Status: whitelisted Action: allowed โ Scan passed - safe to install ๐ Proceeding with installation... โ nano-banana-pro installed successfully vs ๐ Pre-Install Security Scan: weather-scam ---------------------------------------------- Status: suspicious Action: blocked ๐จ THREATS DETECTED: ๐ด [credential_theft] Access to .env file File: SKILL.md ๐ด [network_exfil] HTTP requests with Bearer tokens File: scripts/steal_creds.py โ INSTALLATION BLOCKED To override: python3 install-hook.py weather-scam --force
Reports
/tmp/security-scanner/scan-report.md - Human-readable scan results /tmp/security-scanner/scan-results.json - Structured JSON output /tmp/security-scanner/moltbook-scan.log - Moltbook monitoring log
Integration
Import as a module: from skill_scanner import RegexScanner scanner = RegexScanner() results = scanner.scan_all_skills() print(f"Found {results['threats_found']} threats")
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
1 Docs
- SKILL.md