← Back to Skills Marketplace
andyxinweiminicloud

Clone Farm Detector

by andyxinweiminicloud · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
536
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clone-farm-detector
Description
Helps detect clone farming and reputation gaming in AI agent marketplaces. Identifies near-duplicate skills that wash IDs, batch-publish patterns, and artifi...
README (SKILL.md)

40% of Marketplace Skills Are Clones — Detect Gene Farming Before It Erodes Trust

Helps identify coordinated clone campaigns that flood agent marketplaces with near-duplicate skills to game reputation systems.

Problem

Agent marketplaces rank skills by popularity, downloads, and publisher reputation. This creates an incentive to game the system: publish dozens of near-identical skills under different names, each citing the others, to artificially inflate metrics. The result? Genuine skills get buried under clones, search results become useless, and users can't distinguish real innovation from reputation farming. This is the AI equivalent of SEO spam — and most marketplaces have no defense against it.

What This Checks

This detector examines a set of marketplace skills for clone farming indicators:

  1. Content similarity — Compares Capsule source code and Gene summaries across skills. Near-identical content with trivially changed variable names, comments, or formatting suggests cloning
  2. Batch publish patterns — Multiple skills published by the same node within a short time window, especially with sequential or templated naming
  3. ID washing — Skills with different SHA-256 hashes but functionally identical code, achieved by injecting whitespace, comments, or no-op statements to bypass deduplication
  4. Cross-citation rings — Skills that reference each other in dependency chains without functional necessity, creating artificial trust graphs
  5. Metadata templating — Identical description structures, same emoji sets, copy-paste summaries with only the noun changed

How to Use

Input: Provide one of:

  • A list of Capsule/Gene JSON objects to compare
  • A publisher node ID to scan their published catalog
  • A marketplace search term to check top results for cloning

Output: A structured report containing:

  • Cluster groups of similar/identical skills
  • Similarity scores between flagged pairs
  • Publishing timeline analysis
  • Risk rating: CLEAN / SUSPECT / FARMING
  • Evidence summary for each cluster

Example

Input: Scan top 10 results for "code formatter" on marketplace

🧬 FARMING DETECTED — 2 clone clusters found

Cluster A (4 skills, 92% avg similarity):
  - "python-formatter-pro"     published 2024-12-01 08:01
  - "py-code-beautifier"       published 2024-12-01 08:03
  - "format-python-fast"       published 2024-12-01 08:07
  - "python-style-fixer"       published 2024-12-01 08:12
  Publisher: same node (node_a8f3...)
  Technique: variable rename + comment injection
  ID washing: 4 unique hashes, 1 functional implementation

Cluster B (2 skills, 87% similarity):
  - "js-lint-helper"           published 2024-12-02
  - "javascript-lint-tool"     published 2024-12-02
  Publisher: same node (node_a8f3...)
  Cross-cites Cluster A skills as "dependencies"

Total: 6/10 top results are clones from one publisher.
Recommendation: Flag publisher for review. Genuine skills in results: 4/10.

Limitations

Similarity detection helps surface likely clones but cannot prove intent. Legitimate forks, templates, and educational variations may trigger false positives. High similarity alone is an indicator, not a verdict — human review is recommended for final determination.

Usage Guidance
This skill describes a sensible analytic purpose, but the runtime instructions are high-level and do not include scripts, endpoints, or handling rules. Before installing or running it: 1) Confirm how the agent will obtain marketplace data (public pages vs private APIs) and whether any credentials are needed — don't supply secrets unless you understand where they will be used. 2) Ask the skill author for concrete commands or scripts (or an install package) if you want the skill to run local analysis with curl/python3; otherwise the agent may try ad-hoc network calls. 3) If you plan to scan private or sensitive skills, require assurances (and ideally code) showing how data is stored/transmitted and that no external exfiltration occurs. If the author cannot provide clearer runtime details, treat the skill cautiously or test it in a sandboxed environment.
Capability Analysis
Type: OpenClaw Skill Name: clone-farm-detector Version: 1.0.0 The provided files consist of standard metadata (`_meta.json`) and a detailed skill description (`SKILL.md`). The skill's stated purpose is to detect 'clone farming' and 'reputation gaming' in AI agent marketplaces, which is a beneficial security function. The `SKILL.md` clearly outlines the skill's functionality, inputs, and outputs without containing any prompt injection attempts, hidden commands, or instructions for the AI agent to perform actions outside its stated, benign purpose. The required binaries (`curl`, `python3`) are common and align with the described data fetching and analysis tasks. No executable code is provided to analyze for vulnerabilities or malicious implementations, but the intent and documentation are benign.
Capability Assessment
Purpose & Capability
Name and description (detect clone farming in a marketplace) align with requiring network fetch and analysis tools. However, the skill declares required binaries (curl, python3) despite being instruction-only and providing no scripts; that's plausible but not strictly justified by the materials provided. No environment variables or credentials are requested, which is consistent with a read-only public-scan use case, but the skill does not explain how it will access marketplace data (public endpoints vs. private APIs).
Instruction Scope
SKILL.md describes expected inputs (Capsule/Gene JSONs, publisher node id, or search term) and outputs, and lists what it checks, but it lacks concrete runtime instructions: it does not specify how to fetch marketplace data, what endpoints to call, or whether fetching requires credentials. The document also doesn't say whether any collected code or metadata will be transmitted externally. The lack of precise commands or safe-handling guidance grants wide discretion to the agent and could lead to unexpected data access or exfiltration if the agent implements its own fetching logic.
Install Mechanism
There is no install spec and no code files — lowest-risk install surface. No downloads or package installs are declared.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a public-data analysis. That said, realistically scanning publisher catalogs or private marketplace APIs may require credentials or elevated access; the absence of any guidance about credential requirements or safe handling is a gap. If you plan to feed private marketplace data, be aware credentials might be needed and are not declared here.
Persistence & Privilege
The skill does not request persistent/always-on presence (always: false) and does not request other skills' configs or system-wide settings. Autonomous invocation is allowed (the platform default) but not excessive here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clone-farm-detector
  3. After installation, invoke the skill by name or use /clone-farm-detector
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of clone-farm-detector. - Detects clone farming and reputation gaming in AI agent marketplaces. - Flags near-duplicate skills, batch publishing patterns, ID washing, cross-citation rings, and metadata templating. - Accepts skills, publisher IDs, or search terms as input. - Outputs risk ratings, similarity clusters, timeline analysis, and evidence summaries.
Metadata
Slug clone-farm-detector
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Clone Farm Detector?

Helps detect clone farming and reputation gaming in AI agent marketplaces. Identifies near-duplicate skills that wash IDs, batch-publish patterns, and artifi... It is an AI Agent Skill for Claude Code / OpenClaw, with 536 downloads so far.

How do I install Clone Farm Detector?

Run "/install clone-farm-detector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clone Farm Detector free?

Yes, Clone Farm Detector is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clone Farm Detector support?

Clone Farm Detector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clone Farm Detector?

It is built and maintained by andyxinweiminicloud (@andyxinweiminicloud); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments