Secure Your AI Agent: Top Security Skills on ClawHub

When you install a Claude Code skill, you're extending the capabilities of an agent that has access to your filesystem, your terminal, your APIs, and potentially your production environment. That's a significant trust surface.

Most developers think about this for five seconds and then install whatever looks useful. That's how problems start.

This post covers the security skills on ClawHub that address this problem directly — tools that vet what you install, guard against runtime misuse, and audit your codebase for vulnerabilities. If you're using Claude Code in anything approaching a production context, these skills aren't optional.

skill-vetter (Start Here)

Before you install any other skill, install skill-vetter. It's the skill that evaluates other skills — analyzing them for security issues, scope mismatches, and malicious patterns before they have access to your environment.

What it checks:

• Permission scope vs. stated purpose: A note-taking skill requesting network access is suspicious. A productivity skill asking for filesystem write access to directories outside your project is a red flag. skill-vetter identifies these mismatches.
• Known malicious patterns: Maintains a database of obfuscated instruction patterns, prompt injection attempts, and jailbreak techniques seen in previously flagged skills.
• Publisher verification status: Verified publishers on ClawHub have gone through identity confirmation and community review. skill-vetter shows you this status clearly.
• Community signals: Review counts, report counts, install numbers, and the ratio between installs and reports.
• Dependency analysis: If the skill depends on other skills or packages, vetter checks those too.

Install:

/skills install skill-vetter

Usage example:

/vet some-free-productivity-skill

# → Publisher: unverified (account age: 4 days, 0 previous skills)
# → Permissions requested: filesystem read/write (all paths), network access (all hosts)
# → Stated purpose: "productivity enhancements and quick notes"
# → CRITICAL MISMATCH: unrestricted filesystem + network access is not
#   consistent with note-taking functionality
# → Community: 847 installs, 23 reports in 4 days
# → Verdict: HIGH RISK — strongly recommend against installing

That output is exactly what you want before installing something that could exfiltrate your SSH keys or send your source code somewhere.

Limitation worth knowing: New skills with no install history return limited signals. skill-vetter will tell you this explicitly: "insufficient data for assessment." For those, rely on publisher verification status and your own judgment about whether the requested permissions make sense.

moltguard

Where skill-vetter is a pre-install checkpoint, moltguard is a runtime guardian. It monitors Claude Code's behavior during sessions and intervenes when the agent attempts actions that violate configured policies.

Think of it as a permissions firewall that runs continuously while Claude Code operates.

What it guards against:

• Unauthorized filesystem access (reads or writes outside defined project boundaries)
• Network requests to non-whitelisted hosts
• Execution of shell commands that match high-risk patterns (rm -rf, curl | bash, etc.)
• Attempts to access credentials, environment variables, or secrets files
• Data exfiltration patterns (writing large amounts of content to network endpoints)
• Prompt injection attempts from untrusted content (webpage content, file contents, user inputs)

Install:

/skills install moltguard

Setup:

/moltguard configure
# → Define project root: /Users/you/projects/myapp
# → Allowed network hosts: api.github.com, registry.npmjs.org
# → Blocked patterns: [default list loads, review and customize]
# → Alert mode: warn (logs and asks for confirmation) or block (stops action)

Usage example — what you see when moltguard intervenes:

Agent attempting: read file /Users/you/.ssh/id_rsa
moltguard: BLOCKED — this file is outside your configured project root
           and matches the credentials pattern list.
           If this was intentional, run: /moltguard permit once

That's the intervention you want. The agent may have had a perfectly innocent reason — or it may have been manipulated by injected instructions in a document it was processing. Either way, the action stops and you decide.

Limitation worth knowing: moltguard in block mode can occasionally be overly aggressive on legitimate operations. Start in warn mode, review the logs for a week, then promote specific patterns to your allowlist before switching to block mode. Going straight to block mode on an active project will frustrate you.

Security Audit Skills

code-security-auditor

A static analysis skill that reviews your codebase for security vulnerabilities. Less comprehensive than a dedicated SAST tool (Semgrep, CodeQL), but more accessible and faster to set up.

What it catches:

• Hardcoded secrets and API keys
• SQL injection vulnerabilities
• Unvalidated user input flowing into dangerous operations
• Insecure dependency configurations
• Common authentication and authorization mistakes
• OWASP Top 10 patterns

Install:

/skills install code-security-auditor

Usage example:

/audit src/

# Security Audit Results — src/ (247 files)
# Critical (fix immediately):
# — src/handlers/upload.ts:34: Unvalidated user input passed to fs.writeFile()
#   path parameter — arbitrary file write vulnerability
# — src/config/database.ts:12: Hardcoded database password in source file
#
# High (fix before production):
# — src/api/users.ts:89: SQL query built with string concatenation — injection risk
# — src/auth/session.ts:45: Session token uses Math.random() — not cryptographically secure
#
# Medium (review):
# — src/middleware/cors.ts:8: CORS origin set to '*' — overly permissive
# [14 more medium findings...]

That output — especially the critical findings — represents real vulnerabilities that could result in data breaches or unauthorized access. This is the kind of review that typically requires a security engineer's time to run. With this skill, it's a 5-minute automated pass.

Limitation worth knowing: Static analysis has false positives. The hardcoded password finding is almost always real. The SQL injection finding occasionally flags parameterized queries that happen to be structured in a way that looks like concatenation to the analyzer. Review findings rather than auto-remediate.

dependency-auditor

Scans your project's dependencies (npm, pip, gem) against known vulnerability databases and reports CVEs with severity ratings and patched version recommendations.

Install:

/skills install dependency-auditor

Usage example:

/audit-deps package.json

# 3 vulnerabilities found
# Critical: lodash@4.17.15 — CVE-2021-23337 (Prototype Pollution)
#           Fix: upgrade to 4.17.21
# High: axios@0.21.1 — CVE-2021-3749 (ReDoS)
#       Fix: upgrade to 0.21.2
# Medium: glob-parent@5.1.1 — CVE-2020-28469
#         Fix: upgrade to 5.1.2
# Auto-fix available: run /audit-deps fix to apply all patches

Limitation worth knowing: The auto-fix command (/audit-deps fix) updates package versions but doesn't test for breaking changes. Always run your test suite after applying dependency patches.

The Security Baseline

For any Claude Code setup operating in a production or professional context, this is the minimum viable security posture:

1. Install skill-vetter first — before you install anything else, so you can vet everything you add
2. Install moltguard in warn mode, review logs for a week, then tighten configuration
3. Run code-security-auditor before any code goes to production
4. Run dependency-auditor as part of your regular dependency update cycle

This isn't about paranoia. It's about the same discipline you apply to any software that operates with elevated permissions in your environment. Claude Code is a powerful tool. These skills make sure that power stays under your control.