ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

clawsec-clawhub-checker

ClawHub reputation checker for ClawSec suite. Enhances guarded skill installer with VirusTotal Code Insight reputation scores and additional safety checks.

Why use this skill?

Enhance your OpenClaw skill security. The clawsec-clawhub-checker adds VirusTotal reputation checks and risk assessments to your installation flow.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/davida-ps/clawsec-clawhub-checker
Or

What This Skill Does

The clawsec-clawhub-checker is a vital security enhancement for users of the ClawSec suite. It acts as a hardened gatekeeper for your OpenClaw agent environment by intercepting skill installation requests. Unlike standard installations, this tool performs deep inspection by leveraging VirusTotal Code Insight scores and cross-referencing against ClawHub's reputation database. It provides an automated risk assessment that flags suspicious dependencies, unauthorized network calls, or dangerous patterns like embedded cryptographic keys or eval usage before the code ever hits your machine. By forcing a double-confirmation workflow for low-reputation skills, it effectively mitigates the risk of supply chain attacks within the OpenClaw ecosystem.

Installation

To integrate this safety layer, ensure your environment is pre-configured with the ClawSec suite. First, run npx clawhub@latest install clawsec-suite. Once the base suite is active, execute npx clawhub@latest install clawsec-clawhub-checker. Crucially, you must finalize the installation by running node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/setup_reputation_hook.mjs to register the necessary hooks. Finally, restart your gateway with openclaw gateway restart. The installer intelligently places wrappers in your script directory without deleting your original files, ensuring non-destructive integration.

Use Cases

This skill is ideal for professional developers and security-conscious users who install third-party skills frequently. Use this to verify the safety of new, unverified skills from community repositories. It is particularly useful in enterprise settings where compliance standards mandate that all executed code be scanned for malicious patterns. Additionally, it serves as an early-warning system when existing skills receive updates that may have introduced unauthorized external network dependencies.

Example Prompts

  1. "Check the safety reputation of the newly released web-scraper-pro skill before I install it."
  2. "Why was my skill installation for 'data-vault-tool' blocked with exit code 43? Show me the reputation report."
  3. "Force an enhanced installation of 'network-monitor-v2' with the confirm-reputation flag after reviewing the current risk report."

Tips & Limitations

The primary limitation of this skill is its dependency on ClawHub's reach; if the service is unreachable, the reputation check may default to a restrictive state. Always monitor your CLAWHUB_REPUTATION_THRESHOLD. We recommend a threshold of 75 for production environments. Remember that this tool detects patterns, not intent; a high-reputation skill can still be abused if it possesses excessive privileges. Use this alongside standard system access controls for layered defense.

Read Full Documentation on GitHub

Metadata

Author@davida-ps
Stars2190
Views3
Updated2026-03-07
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-davida-ps-clawsec-clawhub-checker": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#devsecops#openclaw#reputation#safety
Safety Score: 5/5

Flags: code-execution, external-api

Related Skills

clawsec-feed

Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.

davida-ps 2387

clawsec-scanner

Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and basic DAST security testing for skill hooks.

davida-ps 2387

clawtributor

Community incident reporting for AI agents. Contribute to collective security by reporting threats.

davida-ps 2387

soul-guardian

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

davida-ps 2387

clawsec-nanoclaw

Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot

davida-ps 2387