moltcops
Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/adamthompson33/moltcopsWhat This Skill Does
MoltCops is a security-first utility designed for the OpenClaw ecosystem to protect your local environment from malicious AI agent skills. By running a comprehensive local scan, it inspects source code for dangerous patterns, including prompt injection, data exfiltration attempts, and unauthorized system access, before you commit to installing any new skill. It is a local-first solution that ensures your sensitive data and system configuration never leave your machine during the analysis process.
Installation
As a core utility, MoltCops does not require an installation via a package manager; it is designed to be run as a standalone Python script. To utilize it, simply ensure you have Python 3 installed on your system. Clone the repository or download the source code from the official OpenClaw repository. You can execute the scanner directly from your terminal using: python3 scripts/scan.py <path-to-skill-folder>. No external dependencies or internet connectivity are required to perform the analysis, ensuring maximum privacy and zero risk of the scan itself communicating with external servers.
Use Cases
- Pre-Install Audits: Every time you download a new skill from ClawHub or a community repository, run the scan to verify code integrity.
- Dependency Verification: If you are building complex agent workflows that rely on third-party libraries or shared modules, use MoltCops to check for injected vulnerabilities.
- Environment Hardening: Protect your production agent environments by automating the scan of any incoming script or configuration file.
- Incident Investigation: If an agent shows signs of erratic behavior, scan its codebase to identify potential malicious triggers or hidden persistence mechanisms.
Example Prompts
- "Hey OpenClaw, please run a security audit on the folder ~/downloads/experimental-data-plugin using the MoltCops scanner and report any high-risk flags."
- "OpenClaw, I just downloaded a new browser automation skill. Before I run it, could you scan it with MoltCops and let me know if it triggers any data exfiltration warnings?"
- "Perform a deep scan on the current directory using the MoltCops tool and provide a summary of the findings, specifically looking for any hardcoded secrets or suspicious network requests."
Tips & Limitations
- Stay Updated: While MoltCops is a powerful tool, it relies on its defined rule set. Keep the scanner updated to capture the latest threat intelligence regarding malicious agent behavior.
- Review Warnings: Do not ignore 'WARN' verdicts. A high-risk finding might be a legitimate coding practice in some contexts, but it requires manual human verification before execution.
- Context is Key: MoltCops uses context-aware filtering to minimize false positives, but always perform a manual code walkthrough for any file flagged with a 'CRITICAL' verdict.
- No Internet Required: You can safely run this on air-gapped systems or machines with sensitive network configurations without worry.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-adamthompson33-moltcops": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read