技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.1.0
统计:⭐ 2 · 1.1k · 0 current installs · 0 all-time installs
⭐ 2
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:adamthompson33/moltcops
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
Moltcops is internally consistent: a local, instruction-first security scanner that only reads files in a target folder and requires no credentials or installs — but review how you use it (don't scan highly sensitive directories blindly) and treat the external web links in the README with normal caution.
目的
Name/description (pre-install security scanner) match the provided artifacts: SKILL.md describes a local scanner and the included scripts (scripts/scan.py + rules.json) implement a file-based pattern scanner. There are no unrelated env vars, binaries, or install steps requested.
说明范围
Runtime instructions tell the agent/user to run python3 scripts/scan.py <path>. The scanner walks and reads files under the provided path (expected for this purpose). Note: the scanner prints matched line snippets (up to 120 chars) so scanning folders that contain private keys, credentials, or other secrets will surface parts of those secrets to local stdout — this is normal for a scanner but is a privacy consideration. SKILL.md also advertise…
安装机制
No install spec; instruction-only with a small Python script relying only on the Python standard library. No downloads, no archived extracts, no external package installs. This is low-risk and proportionate for the stated function.
证书
The skill declares no required environment variables, no primary credential, and no config paths. The scanner purposely looks for patterns that indicate access to env vars and credential files in the target code, but the scanner itself does not access the environment beyond ordinary os operations. The requested privileges are minimal and appropriate.
持久
No always:true flag, no install hooks, and the skill does not modify agent configuration or request persistent system presence. Autonomous invocation is allowed by default (disable-model-invocation=false) which is normal for skills; this combined with the scanner's narrow scope does not raise additional concerns.
综合结论
Moltcops appears to be what it claims: a small, local file-pattern scanner. Before running it: 1) review rules.json if you want to see what patterns will be flagged (and to tune noisy rules); 2) test the scanner on a non-sensitive folder first so you understand its output format; 3) avoid pointing it at directories containing unencrypted private keys or credentials you don't want printed to stdout (it will show matched line snippets locally); …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Moltcops」。简介:Pre-install security scanner for AI agent skills. Detects malicious patterns be…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adamthompson33/moltcops/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: moltcops
version: 1.0.0
description: Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
---
# MoltCops — Skill Security Scanner
Scan any skill for security threats **before** you install it. Detects prompt injection, data exfiltration, sleeper triggers, drain patterns, and 16 more threat categories.
**Local-first.** Your code never leaves your machine. No API calls. No uploads. No accounts.
## When to Use
- **Before installing any skill** from ClawHub, GitHub, or other sources
- **Before running** skills shared by other agents
- **When evaluating** unknown code from any source
- **After ClawHavoc**: 341 malicious skills were found on ClawHub this week. Scan first.
## How to Run
```bash
python3 scripts/scan.py <path-to-skill-folder>
```
Example:
```bash
# Scan a skill before installing
python3 scripts/scan.py ~/.openclaw/skills/suspicious-skill
# Scan a freshly downloaded skill
python3 scripts/scan.py ./my-new-skill
```
**No dependencies required** — uses only Python 3 standard library.
## Reading Results
The scanner returns three verdicts:
| Verdict | Exit Code | Meaning |
|---------|-----------|---------|
| **PASS** | 0 | No critical or high-risk threats detected. Safe to install. |
| **WARN** | 1 | High-risk patterns found. Review findings before installing. |
| **BLOCK** | 2 | Critical threats detected. Do NOT install this skill. |
## What It Detects
20 detection rules across these threat categories:
| Category | Rules | Examples |
|----------|-------|---------|
| **Prompt Injection** | MC-001, MC-002, MC-003 | System prompt override, jailbreak payloads, tool-use steering |
| **Code Injection** | MC-004, MC-005, MC-006, MC-019 | Shell injection, eval/exec, base64-to-exec, child_process |
| **Data Exfiltration** | MC-007, MC-008, MC-009, MC-010, MC-020 | Webhook URLs, env var harvesting, SSH key access, credential files |
| **Hardcoded Secrets** | MC-011, MC-012 | API keys in source, private key material |
| **Financial** | MC-013 | Drain patterns, unlimited withdrawals |
| **Lateral Movement** | MC-014 | Git credential access, repo manipulation |
| **Persistence** | MC-015, MC-016 | SOUL.md writes, cron job creation |
| **Autonomy Abuse** | MC-017 | Destructive force flags (rm -rf, git push --force) |
| **Infrastructure** | MC-018 | Permission escalation (sudo, chmod 777) |
## False Positive Handling
The scanner includes context-aware filtering to reduce false positives:
- **Env var access** (MC-008): Only flags when variable names contain KEY, SECRET, PASSWORD, TOKEN, or CREDENTIAL
- **Git operations** (MC-014): Skips standard remotes (github.com, gitlab.com, bitbucket.org)
- **Force flags** (MC-017): Only flags on destructive operations, not install scripts
## Example Output
```
MoltCops Security Scanner
========================================
Scanning: ./suspicious-skill
Files: 5
Rules: 20
FINDINGS
----------------------------------------
[CRITICAL] MC-007: Exfiltration URL (main.py:14)
[CRITICAL] MC-004: Shell Injection (helper.sh:8)
[HIGH] MC-005: Dynamic Code Execution (main.py:22)
SUMMARY
========================================
Files scanned: 5
Total findings: 3
Critical: 2
High: 1
Medium: 0
VERDICT: BLOCK
Critical threats detected. Do NOT install this skill.
```
## Web Scanner
For a browser-based version with the same engine, visit: **https://scan.moltcops.com**
## About MoltCops
MoltCops protects the AI agent ecosystem from malicious skills. While VirusTotal catches known malware signatures, MoltCops catches **behavioral patterns** — drain logic, sleeper triggers, prompt injection, and data exfiltration that signature-based scanning misses.
- Web: https://moltcops.com
- Moltbook: https://moltbook.com/u/MoltCops