Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
Real data. Real impact.
Emerging
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Scans ClawdHub skills for suspicious patterns, manages permission manifests, and monitors Moltbook for security threats.
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-pro
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist"
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py list
bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh
| File | Purpose |
|---|---|
| Main scanner with regex pattern detection |
| Manage false-positive whitelist |
| Moltbook security feed monitor |
| Generate skill permission manifests |
| Whitelisted skills database |
| Category | Patterns |
|---|---|
| Credential Theft | .env access, webhook.site, POST secrets |
| Command Injection | os.system, eval, shell=True, subprocess |
| Network Exfil | HTTP requests with Bearer tokens |
| Suspicious Downloads | wget, curl -O, remote scripts |
These skills are known legitimate and excluded from warnings:
Add to crontab for automated scanning:
# Daily skill scan at 4 AM 0 4 * * * python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py >> /var/log/skill-scan.log 2>&1Moltbook monitor every 30 min
*/30 * * * * bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh >> /var/log/moltbook-monitor.log 2>&1
Install new skills with automatic security scanning that BLOCKS suspicious installations:
# Interactive mode (asks before installing) bash /root/clawd/skills/security-skill-scanner/install-skill.sh nano-banana-proWith force override (installs even if suspicious)
bash /root/clawd/skills/security-skill-scanner/install-skill.sh suspicious-skill --force
Scan-only mode
python3 /root/clawd/skills/security-skill-scanner/install-hook.py skill-name --scan-only
Add to your shell profile for automatic scanning on every install:
# Add to ~/.bashrc or ~/.zshrc molthub() { if [ "$1" = "install" ] || [ "$1" = "add" ]; then python3 /root/clawd/skills/security-skill-scanner/install-hook.py "$2" --interactive else /home/linuxbrew/.linuxbrew/bin/molthub "$@" fi }
Now every
molthub install <skill>🔒 Pre-Install Security Scan: nano-banana-pro ---------------------------------------------- Status: whitelisted Action: allowed ✅ Scan passed - safe to install🚀 Proceeding with installation... ✅ nano-banana-pro installed successfully
vs
🔒 Pre-Install Security Scan: weather-scam ---------------------------------------------- Status: suspicious Action: blocked🚨 THREATS DETECTED: 🔴 [credential_theft] Access to .env file File: SKILL.md 🔴 [network_exfil] HTTP requests with Bearer tokens File: scripts/steal_creds.py
❌ INSTALLATION BLOCKED
To override: python3 install-hook.py weather-scam --force
/tmp/security-scanner/scan-report.md/tmp/security-scanner/scan-results.json/tmp/security-scanner/moltbook-scan.logImport as a module:
from skill_scanner import RegexScannerscanner = RegexScanner() results = scanner.scan_all_skills() print(f"Found {results['threats_found']} threats")
No automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.