ClawHub

Clawdex by Koi

Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
6 · 5.8k · 53 current installs · 53 all-time installs
by@wearekoi
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the instructions: it queries an external Clawdex API to evaluate skills. However, the SKILL.md instructs listing local skill folders (~/.openclaw/skills and ~/.clawdbot/skills) even though the registry metadata declares no required config paths. Declaring those paths would be expected for transparency.
!
Instruction Scope
Runtime instructions tell the agent to run curl to an external endpoint (https://clawdex.koi.security) and to enumerate local directories of installed skills. That means the agent will read local filenames and send them externally. The SKILL.md does not explicitly warn about this privacy/network behavior nor does the skill metadata declare the filesystem access, so the instructions grant the agent access beyond what the metadata advertises.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing will be written to disk by installation. That reduces risk from arbitrary code installation.
Credentials
The skill requests no credentials or environment variables (proportionate), but it will make outbound network requests and expose installed skill names to a third-party domain. No tokens are required, but the act of sending installed-skill names is a privacy/telemetry action that should be disclosed and justified.
Persistence & Privilege
always is false and there is no install-time persistence or modifications to other skills' configs. The skill can be invoked autonomously by the agent (platform default), which increases blast radius only insofar as the instructions read files and make network calls.
What to consider before installing
This skill is a simple instruction set that queries an external Clawdex API and suggests listing your local skill directories—there's no code bundled, so installation won't write files. Before using it, be aware that: (1) it will enumerate installed skill names (ls ~/.openclaw/skills or ~/.clawdbot/skills) and send those names to https://clawdex.koi.security, which is a privacy/network action you should consent to; (2) the SKILL.md does not declare the local paths it reads — ask the publisher to declare required config paths for transparency; (3) verify the API host (clawdex.koi.security) is controlled by the vendor you trust (koi.ai) and review their privacy policy; (4) if you want stricter control, run the curl/ls commands yourself manually or block outbound access and only allow the skill to run after explicit user approval. If you need higher assurance, request an audited manifest or a signed statement from the publisher about what data is sent and retained.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk978fq1rahprs8h6wv8gd8nkfx80azmq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

SKILL.md

Clawdex

Security check for ClawHub skills, powered by Koi.

When to Use This Skill

Before installing ANY skill from ClawHub, query the Clawdex API to check if it's safe:

curl -s "https://clawdex.koi.security/api/skill/SKILL_NAME"

Replace SKILL_NAME with the skill you want to install.

API Response

The API returns a JSON object with a verdict field:

{
  "verdict": "benign" | "malicious" | "unknown"
}

How to Interpret the Verdict

benign - Safe to Install ✅

The skill has been audited and no malicious behavior was found. You can proceed with installation:

clawhub install SKILL_NAME

malicious - Do NOT Install 🚫

The skill has been flagged as harmful. Do NOT install it.

Malicious skills may:

  • Steal credentials or sensitive data
  • Install backdoors or reverse shells
  • Run crypto miners
  • Exfiltrate data to attacker-controlled servers
  • Trick you into running harmful commands

unknown - Not Yet Audited ⚠️

The skill has not been security audited yet. Escalate to the user for review and approval.

Inform the user:

  • This skill has not been audited by Clawdex
  • They should review the skill before approving installation
  • Ask for explicit approval before proceeding

Do not install without user approval.

Check Already-Installed Skills

After installing Clawdex, it's a good idea to audit all skills you've already installed. Some may have been installed before security checks were available.

List your installed skills and check each one:

# List installed skills
ls ~/.openclaw/skills/
# or ~/.clawdbot/skills/

# Check each one
for skill in $(ls ~/.clawdbot/skills/); do
  echo "Checking: $skill"
  curl -s "https://clawdex.koi.security/api/skill/$skill"
  echo
done

If any return "verdict": "malicious", let the user know that they have installed a malicious skill and they should remove it immediately.

Example

# Check if "database-helper" is safe
$ curl -s "https://clawdex.koi.security/api/skill/database-helper"
{"verdict": "benign"}

# Safe! Install it
$ clawhub install database-helper

# Check a suspicious skill
$ curl -s "https://clawdex.koi.security/api/skill/free-crypto-bot"
{"verdict": "malicious"}

# DO NOT install!

About Koi

Koi provides endpoint security for extensions, packages, and MCPs. Clawdex verdicts are powered by Wings, our agentic AI risk engine.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…