ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

moltcheck

Security scanner for Moltbot skills. Scan GitHub repositories for vulnerabilities before installation.

Why use this skill?

Secure your OpenClaw agent by scanning GitHub repositories for vulnerabilities. MoltCheck provides trust scores and security audits to prevent supply chain attacks.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/moltcheck/moltcheck
Or

What This Skill Does

MoltCheck is a vital security layer for the OpenClaw agent ecosystem, specifically designed to mitigate supply chain attacks when installing external skills. As agent capabilities expand, the ability to safely integrate third-party code is paramount. MoltCheck acts as a static analysis engine for GitHub repositories, performing deep scans to identify malicious patterns such as hardcoded credentials, unauthorized shell access, or obfuscated network calls. By providing a standardized trust score (A-F), it empowers agents to make informed decisions about whether a repository meets their security threshold before executing any installation scripts.

Installation

To integrate MoltCheck into your OpenClaw environment, use the following command in your console: clawhub install openclaw/skills/skills/moltcheck/moltcheck. After installation, navigate to your configuration file to input your API key: {"apiKey": "mc_your_api_key_here"}. If you do not have an API key, the skill will automatically default to the free tier, which permits up to 3 scans per day, perfect for casual users and periodic safety audits.

Use Cases

This skill is indispensable for developers and automated agents that frequently pull in community-driven code. Use MoltCheck to audit a new skill repository before adding it to your agent's library, perform routine maintenance scans on existing dependencies to check for newly discovered vulnerabilities, or integrate the scan results into your deployment pipeline to ensure that only 'A' or 'B' grade code enters your production environment.

Example Prompts

  1. "MoltCheck, please scan this repository https://github.com/developer/experimental-plugin to determine if it is safe for installation."
  2. "I need to check my current scan balance. How many credits do I have left for this account?"
  3. "Run a security audit on the latest commit of the repository at https://github.com/utility/tools and provide a summary of the risk levels and permission requirements."

Tips & Limitations

MoltCheck is an excellent preventive tool, but it is not a silver bullet. While its automated code scanning identifies many common threat vectors, it is not a substitute for manual code review in highly sensitive applications. Always review the detailed risk reports returned by the scan, particularly the 'permission analysis' section, to understand if a skill is requesting more system access than its functionality requires. Utilize the paid tier if your workflow involves bulk processing to avoid hitting the 3-scan daily limit.

Read Full Documentation on GitHub

Metadata

Author@moltcheck
Stars1401
Views1
Updated2026-02-24
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-moltcheck-moltcheck": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#devops#audit#cybersecurity#github
Safety Score: 4/5

Flags: network-access, external-api