← Back to Skills Marketplace
100
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install yeeth-claw
Description
Supply chain security hooks for Claude Code. Intercepts npm, pip, yarn, pnpm, and cargo install commands before execution and checks each package for supply...
Usage Guidance
This skill appears to do what it claims: inspect package install commands, query public registries, and flag or block suspicious packages. Before installing: (1) inspect the included files yourself (they are bundled and local); (2) back up ~/.claude/settings.json before running the install script or allow the script to merge only with jq; (3) be aware the hook makes outbound requests to public package registries (npm, PyPI, crates.io) and — only if you set OPENCLAW_ARGUS_URL/OPENCLAW_ARGUS_KEY — will it submit blocked-package metadata to that external Argus endpoint. Only set the Argus variables if you trust the receiving service; otherwise leave them unset (the hook will still warn/block locally).
Capability Analysis
Type: OpenClaw Skill
Name: yeeth-claw
Version: 1.0.0
The yeeth-claw skill is a security-focused hook for Claude Code designed to prevent supply chain attacks by intercepting package installation commands (npm, pip, cargo, etc.). It performs legitimate risk assessments including typosquatting detection using Levenshtein distance and package age verification via official registries (npmjs.org, pypi.org, crates.io). While it can optionally exfiltrate package names to an external API (app.yeethsecurity.com) for analysis, this behavior is clearly documented, requires explicit user configuration of environment variables, and is consistent with its stated purpose as a security tool.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description align with the included files: hook.py intercepts Bash install commands, registry/typosquat/argus modules implement the described checks and optional escalation. The files and install script are consistent with a Claude Code PreToolUse hook.
Instruction Scope
SKILL.md instructs installing the hook under ~/.claude/hooks/openclaw and registering a PreToolUse hook that runs hook.py. At runtime the hook reads Claude's hook JSON from stdin, inspects Bash commands, queries public registries, and optionally posts blocked-package metadata to an Argus API if env vars are set — these behaviors are in-scope for a supply-chain hook but do involve network requests and (when enabled) external submission of package metadata.
Install Mechanism
No remote downloads or archive extraction in the installer; install.sh copies bundled files into ~/.claude/hooks/openclaw and optionally merges settings with jq. This is a local, transparent install step; user consent is required to run the script.
Credentials
The skill does not require environment variables by default. Two optional env vars (OPENCLAW_ARGUS_URL and OPENCLAW_ARGUS_KEY) enable escalation to an external Argus service; if set, the hook will send minimal package metadata (name, ecosystem, age, similarity, install-script flag). Requiring those env vars is proportional and optional, but enabling them transmits data to a third party and should be considered by the user.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill privileges. install.sh writes into the user's Claude config directory (~/.claude) which is expected for a hook; it does not modify other skills beyond adding a PreToolUse hook entry (jq merge is optional).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install yeeth-claw - After installation, invoke the skill by name or use
/yeeth-claw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of yeeth-claw.
- Adds supply chain security hooks for Claude Code, intercepting npm, pip, yarn, pnpm, and cargo install commands.
- Flags or blocks packages based on package age, typosquat detection against popular targets, and presence of install scripts.
- Supports risk tiering with WARN (flags), BLOCK (installs blocked), and ARGUS (full analysis via Argus API).
- Easy installation with bash script and Claude Code hook configuration.
- No external dependencies required (Python stdlib only).
Metadata
Frequently Asked Questions
What is Yeeth Claw?
Supply chain security hooks for Claude Code. Intercepts npm, pip, yarn, pnpm, and cargo install commands before execution and checks each package for supply... It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.
How do I install Yeeth Claw?
Run "/install yeeth-claw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Yeeth Claw free?
Yes, Yeeth Claw is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Yeeth Claw support?
Yeeth Claw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Yeeth Claw?
It is built and maintained by bkojusner (@bkojusner); the current version is v1.0.0.
More Skills