moltcops
Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/adamthompson33/moltcops-skillWhat This Skill Does
MoltCops is a security-first scanning utility designed to protect your OpenClaw environment. It performs deep static analysis on agent skills before they are executed. By acting as a gatekeeper, MoltCops scans for 20 distinct threat vectors, ranging from prompt injection attempts to sophisticated data exfiltration tactics. Built as a local-first tool, it operates entirely within your machine's environment, ensuring that the code you are analyzing never leaves your local file system, protecting your privacy and sensitive data.
Installation
MoltCops does not require traditional installation through a package manager. Since it is written in pure Python 3, you can simply clone the repository or place the script into your local utility folder. It has zero external dependencies, meaning you do not need to manage virtual environments or install additional pip packages. To begin using it, just ensure you have a standard Python 3 runtime available on your path, then execute it directly from the terminal against any skill directory.
Use Cases
You should deploy MoltCops whenever you encounter an untrusted source. This includes downloading new skills from ClawHub, pulling experimental code from GitHub repositories, or accepting custom skill files sent by other agents. It is particularly crucial for developers who want to maintain a 'zero-trust' environment in their agent workflows. Given the recent uptick in malicious code injection attacks, running a MoltCops scan should be a mandatory step in your personal security hygiene checklist before integrating any new automated functionality.
Example Prompts
- "MoltCops, scan the newly downloaded skills directory located at ~/.openclaw/skills/imported-plugin and report any critical threats."
- "Run a security audit on the current skill folder using MoltCops to ensure there are no hardcoded secrets or unauthorized network calls."
- "Can you help me interpret the output from the MoltCops scan I just ran on my custom skill? It returned an exit code of 1."
Tips & Limitations
MoltCops is a static analysis tool; it cannot detect obfuscated runtime behavior that only manifests during active execution. Always combine these scans with manual code review for complex skills. To minimize false positives, the tool is context-aware—for instance, it ignores standard Git remotes and common configuration-related environment variables. Remember that a 'PASS' status indicates the absence of known malicious patterns, but it does not guarantee the logic is bug-free.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-adamthompson33-moltcops-skill": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read