openclaw 网盘下载
OpenClaw

技能详情(站内镜像,无评论)

首页 > 技能库 > Moltcops Skill

Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.

开发与 DevOps

许可证:MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本:v1.0.0

统计:⭐ 0 · 602 · 0 current installs · 0 all-time installs

0

安装量(当前) 0

🛡 VirusTotal :良性 · OpenClaw :良性

Package:adamthompson33/moltcops-skill

安全扫描(ClawHub)

  • VirusTotal :良性
  • OpenClaw :良性

OpenClaw 评估

The skill's declared purpose (local pre-install scanner) matches its visible requirements and instructions, but I can't fully verify the bundled script's runtime behavior without inspecting its source for network or exfiltration calls.

目的

Name, description, and runtime instructions describe a local-only pre-install scanner. The package includes a scanner script and rule set and requests no env vars, binaries, installs, or config paths — which is proportionate for this purpose.

说明范围

SKILL.md's instructions are narrowly scoped: run python3 scripts/scan.py <path-to-skill-folder>. The scanner necessarily reads files in the target skill folder (expected). The README repeatedly asserts 'No API calls. No uploads.' That claim cannot be validated from the metadata alone; the bundled script must be inspected to confirm it does not transmit scanned data off-host.

安装机制

No install spec — instruction-only with a bundled script. This is low-risk from an install perspective (nothing is written to system locations by an installer).

证书

Requires no environment variables, credentials, or special config paths. That aligns with a local scanner's needs. The scanner will read files in the target folder (expected), which may include secrets stored by the skill being scanned — this is expected behavior for a scanner but worth noting.

持久

Skill does not request always-on presence, model-invocation flags were not set to grant elevated persistence, and there are no declared privileges. This is appropriate for a utility scanner.

综合结论

This package appears internally consistent with its stated purpose. Before trusting it: (1) manually open scripts/scan.py and rules.json and search for any network or subprocess calls (e.g., requests, urllib, socket, subprocess, os.system, urllib3, httpx) or hardcoded URLs/endpoints — the SKILL.md claims 'No API calls' and that should be verified; (2) confirm the script does not POST/PUT/GET scanned file contents to remote servers; (3) run the…

安装(复制给龙虾 AI)

将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Moltcops Skill」。简介:Pre-install security scanner for AI agent skills. Detects malicious patterns be…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adamthompson33/moltcops-skill/SKILL.md
(来源:yingzhi8.cn 技能库)

SKILL.md

打开原始 SKILL.md(GitHub raw)

---
name: moltcops
version: 1.0.0
description: Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
---

# MoltCops — Skill Security Scanner

Scan any skill for security threats **before** you install it. Detects prompt injection, data exfiltration, sleeper triggers, drain patterns, and 16 more threat categories.

**Local-first.** Your code never leaves your machine. No API calls. No uploads. No accounts.

## When to Use

- **Before installing any skill** from ClawHub, GitHub, or other sources
- **Before running** skills shared by other agents
- **When evaluating** unknown code from any source
- **After ClawHavoc**: 341 malicious skills were found on ClawHub this week. Scan first.

## How to Run

```bash
python3 scripts/scan.py <path-to-skill-folder>
```

Example:
```bash
# Scan a skill before installing
python3 scripts/scan.py ~/.openclaw/skills/suspicious-skill

# Scan a freshly downloaded skill
python3 scripts/scan.py ./my-new-skill
```

**No dependencies required** — uses only Python 3 standard library.

## Reading Results

The scanner returns three verdicts:

| Verdict | Exit Code | Meaning |
|---------|-----------|---------|
| **PASS** | 0 | No critical or high-risk threats detected. Safe to install. |
| **WARN** | 1 | High-risk patterns found. Review findings before installing. |
| **BLOCK** | 2 | Critical threats detected. Do NOT install this skill. |

## What It Detects

20 detection rules across these threat categories:

| Category | Rules | Examples |
|----------|-------|---------|
| **Prompt Injection** | MC-001, MC-002, MC-003 | System prompt override, jailbreak payloads, tool-use steering |
| **Code Injection** | MC-004, MC-005, MC-006, MC-019 | Shell injection, eval/exec, base64-to-exec, child_process |
| **Data Exfiltration** | MC-007, MC-008, MC-009, MC-010, MC-020 | Webhook URLs, env var harvesting, SSH key access, credential files |
| **Hardcoded Secrets** | MC-011, MC-012 | API keys in source, private key material |
| **Financial** | MC-013 | Drain patterns, unlimited withdrawals |
| **Lateral Movement** | MC-014 | Git credential access, repo manipulation |
| **Persistence** | MC-015, MC-016 | SOUL.md writes, cron job creation |
| **Autonomy Abuse** | MC-017 | Destructive force flags (rm -rf, git push --force) |
| **Infrastructure** | MC-018 | Permission escalation (sudo, chmod 777) |

## False Positive Handling

The scanner includes context-aware filtering to reduce false positives:

- **Env var access** (MC-008): Only flags when variable names contain KEY, SECRET, PASSWORD, TOKEN, or CREDENTIAL
- **Git operations** (MC-014): Skips standard remotes (github.com, gitlab.com, bitbucket.org)
- **Force flags** (MC-017): Only flags on destructive operations, not install scripts

## Example Output

```
MoltCops Security Scanner
========================================
Scanning: ./suspicious-skill
Files: 5
Rules: 20

FINDINGS
----------------------------------------
[CRITICAL] MC-007: Exfiltration URL (main.py:14)
[CRITICAL] MC-004: Shell Injection (helper.sh:8)
[HIGH] MC-005: Dynamic Code Execution (main.py:22)

SUMMARY
========================================
Files scanned: 5
Total findings: 3
  Critical: 2
  High:     1
  Medium:   0

VERDICT: BLOCK
Critical threats detected. Do NOT install this skill.
```

## Web Scanner

For a browser-based version with the same engine, visit: **https://scan.moltcops.com**

## About MoltCops

MoltCops protects the AI agent ecosystem from malicious skills. While VirusTotal catches known malware signatures, MoltCops catches **behavioral patterns** — drain logic, sleeper triggers, prompt injection, and data exfiltration that signature-based scanning misses.

- Web: https://moltcops.com
- Moltbook: https://moltbook.com/u/MoltCops