Frisk
/install frisk
⚡ Frisk
Security verification for ClawHub skills. Scan any skill — by local path or ClawHub slug — against 9 continuously-updated threat intelligence sources using 7 autonomous security checks.
What it does
Frisk scans a skill directory for security issues before you install it. It checks dependencies against known vulnerability databases, scans for hardcoded secrets, detects indicators of compromise, and looks for prompt injection vectors — all without sending your data anywhere.
One command to scan any ClawHub skill:
frisk scan weather-forecast
That downloads the skill from ClawHub, scans it, shows results, and cleans up. No manual steps.
Or scan a local skill directory:
frisk scan ./my-skill
When to use this skill
Use Frisk when you are about to install a skill from ClawHub and want to verify it is safe. Also use it when developing your own skills — run a scan before publishing to catch issues early.
Parameters
- target (required) — A local directory path or a ClawHub skill slug (e.g.
weather-forecast). If a slug is provided, the skill is downloaded temporarily, scanned, and removed. - checks (optional) — Comma-separated list of checks to run:
dep-scan,static-analysis,secret-scan,yara-scan,ioc-match,behavioral,prompt-inject. Default: all 7. - json (optional) — Output results as JSON for programmatic use.
Return value
Frisk outputs a structured report with:
- verdict —
pass,warn, orfail - findings — Array of issues found, each with severity (
critical,high,medium), description, and file location - report_id — Short ID for later retrieval via
frisk report \x3Cid>
Exit codes: 0 = pass, 1 = warn, 2 = fail
Checks
| Check | What it does |
|---|---|
| dep-scan | Cross-references dependencies against CISA KEV and OSV databases |
| static-analysis | Runs Semgrep rules for security anti-patterns |
| secret-scan | Scans for hardcoded API keys, tokens, and credentials using Gitleaks |
| yara-scan | Matches files against YARA rules for malware patterns |
| ioc-match | Matches IPs, domains, URLs, and file hashes against ThreatFox, URLhaus, MalwareBazaar, and Feodo trackers |
| behavioral | Detects suspicious patterns: eval usage, shell injection, data exfiltration vectors, DNS tunneling |
| prompt-inject | Detects prompt injection and instruction-hiding patterns in SKILL.md |
Threat intel sources (9, continuously synced)
CISA KEV · OSV (npm + PyPI) · EPSS · MalwareBazaar · URLhaus · ThreatFox · Feodo Tracker · YARA Rules · Semgrep Rules
Run frisk sync to refresh the intel cache.
Security & Privacy
- No data leaves your machine. All scanning happens locally. No telemetry, no phone-home, no analytics.
- Downloaded skills are sandboxed. When scanning by slug, the skill is downloaded to a 0700-permission temp directory, all files have execute permissions stripped before scanning, and npm postinstall scripts are suppressed. The skill is deleted after scanning.
- Credentials stay local. Frisk reads environment variables for configuration but never transmits them.
External endpoints
Frisk downloads threat intel feeds from these public sources during frisk sync:
| Source | URL | Data sent |
|---|---|---|
| CISA KEV | https://www.cisa.gov/sites/default/files/feeds/ | None (GET only) |
| OSV | https://api.osv.dev/v1/query | Package name + version for dependency lookup |
| EPSS | https://epss.cyentia.com/api/v1/ | None (GET only) |
| MalwareBazaar | https://mb-api.abuse.ch/api/v1/ | None (POST for hash lookup) |
| URLhaus | https://urlhaus-api.abuse.ch/v1/urls/ | None (GET only) |
| ThreatFox | https://threatfox-api.abuse.ch/api/v1/ | None (POST for IOC lookup) |
| Feodo Tracker | https://feodotracker.abuse.ch/downloads/ | None (GET only) |
| YARA Rules | https://github.com/Yara-Rules/rules.git | None (git clone) |
| Semgrep Rules | https://github.com/returntocorp/semgrep-rules.git | None (git clone) |
During frisk scan, no network requests are made. All intel is local.
Local files read
~/.frisk/intel/— Threat intel cache- Skill directory passed as scan target
Local files written
~/.frisk/intel/— Synced threat intel data~/.frisk/reports/— Scan reports (JSON)~/.frisk/venv/— Python virtual environment for scan checks~/.frisk/frisk.log— Scan log output
Trust statement
By using Frisk, you trust the threat intel sources listed above to provide accurate vulnerability and IOC data. No skill code or scan targets are transmitted to any external service. Install it only if you trust the Low Watt Labs project and the listed intel sources.
Install
npm install -g @lowwattlabs/frisk
First run automatically creates a Python venv and syncs threat intel. After that, frisk scan works with zero configuration.
License
MIT-0 — same as all ClawHub skills.
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install frisk - 安装完成后,直接呼叫该 Skill 的名称或使用
/frisk触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
Frisk 是什么?
Pre-install security audit and vulnerability scanner for ClawHub skills -- scan by slug or local path, 9 threat intel sources, 7 checks including malware sca... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 75 次。
如何安装 Frisk?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install frisk」即可一键安装,无需额外配置。
Frisk 是免费的吗?
是的,Frisk 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Frisk 支持哪些平台?
Frisk 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Frisk?
由 jchandler187(@jchandler187)开发并维护,当前版本 v3.0.0。