← Back to Skills Marketplace
adamthompson33

Moltcops Skill

by Adamthompson33 · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
730
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install moltcops-skill
Description
Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
Usage Guidance
This package appears internally consistent with its stated purpose. Before trusting it: (1) manually open scripts/scan.py and rules.json and search for any network or subprocess calls (e.g., requests, urllib, socket, subprocess, os.system, urllib3, httpx) or hardcoded URLs/endpoints — the SKILL.md claims 'No API calls' and that should be verified; (2) confirm the script does not POST/PUT/GET scanned file contents to remote servers; (3) run the scanner on a harmless test folder first to observe behavior and any network activity (use a network monitor or run offline); (4) inspect rules.json to understand what is flagged and whether it may produce false positives on your code. If you cannot or do not want to inspect the code yourself, treat the skill as untrusted until a third party you trust has audited scripts/scan.py.
Capability Analysis
Type: OpenClaw Skill Name: moltcops-skill Version: 1.0.0 This skill bundle, 'MoltCops', is a security scanner designed to detect malicious patterns in other AI agent skills. The `SKILL.md` clearly outlines its purpose, emphasizing local-first operation with no network calls. The `scripts/scan.py` implements this functionality by reading files and applying regex patterns defined in `rules.json`. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts by this skill itself. All code and documentation align with the stated purpose of a security analysis tool.
Capability Assessment
Purpose & Capability
Name, description, and runtime instructions describe a local-only pre-install scanner. The package includes a scanner script and rule set and requests no env vars, binaries, installs, or config paths — which is proportionate for this purpose.
Instruction Scope
SKILL.md's instructions are narrowly scoped: run python3 scripts/scan.py <path-to-skill-folder>. The scanner necessarily reads files in the target skill folder (expected). The README repeatedly asserts 'No API calls. No uploads.' That claim cannot be validated from the metadata alone; the bundled script must be inspected to confirm it does not transmit scanned data off-host.
Install Mechanism
No install spec — instruction-only with a bundled script. This is low-risk from an install perspective (nothing is written to system locations by an installer).
Credentials
Requires no environment variables, credentials, or special config paths. That aligns with a local scanner's needs. The scanner will read files in the target folder (expected), which may include secrets stored by the skill being scanned — this is expected behavior for a scanner but worth noting.
Persistence & Privilege
Skill does not request always-on presence, model-invocation flags were not set to grant elevated persistence, and there are no declared privileges. This is appropriate for a utility scanner.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install moltcops-skill
  3. After installation, invoke the skill by name or use /moltcops-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
MoltCops 1.0.0 initial release: - Launches a local-first, pre-install security scanner for AI agent skills. - Detects 20 security threat categories including prompt injection, code injection, data exfiltration, hardcoded secrets, and more. - Provides clear PASS/WARN/BLOCK verdicts with actionable summaries. - Requires no dependencies; runs entirely via Python 3 standard library. - Optimized false positive handling for common safe patterns. - Browser-based version also available at scan.moltcops.com.
Metadata
Slug moltcops-skill
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Moltcops Skill?

Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine. It is an AI Agent Skill for Claude Code / OpenClaw, with 730 downloads so far.

How do I install Moltcops Skill?

Run "/install moltcops-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Moltcops Skill free?

Yes, Moltcops Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Moltcops Skill support?

Moltcops Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Moltcops Skill?

It is built and maintained by Adamthompson33 (@adamthompson33); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments