← 返回 Skills 市场
adamthompson33

Moltcops Skill

作者 Adamthompson33 · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
730
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install moltcops-skill
功能描述
Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
安全使用建议
This package appears internally consistent with its stated purpose. Before trusting it: (1) manually open scripts/scan.py and rules.json and search for any network or subprocess calls (e.g., requests, urllib, socket, subprocess, os.system, urllib3, httpx) or hardcoded URLs/endpoints — the SKILL.md claims 'No API calls' and that should be verified; (2) confirm the script does not POST/PUT/GET scanned file contents to remote servers; (3) run the scanner on a harmless test folder first to observe behavior and any network activity (use a network monitor or run offline); (4) inspect rules.json to understand what is flagged and whether it may produce false positives on your code. If you cannot or do not want to inspect the code yourself, treat the skill as untrusted until a third party you trust has audited scripts/scan.py.
功能分析
Type: OpenClaw Skill Name: moltcops-skill Version: 1.0.0 This skill bundle, 'MoltCops', is a security scanner designed to detect malicious patterns in other AI agent skills. The `SKILL.md` clearly outlines its purpose, emphasizing local-first operation with no network calls. The `scripts/scan.py` implements this functionality by reading files and applying regex patterns defined in `rules.json`. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts by this skill itself. All code and documentation align with the stated purpose of a security analysis tool.
能力评估
Purpose & Capability
Name, description, and runtime instructions describe a local-only pre-install scanner. The package includes a scanner script and rule set and requests no env vars, binaries, installs, or config paths — which is proportionate for this purpose.
Instruction Scope
SKILL.md's instructions are narrowly scoped: run python3 scripts/scan.py <path-to-skill-folder>. The scanner necessarily reads files in the target skill folder (expected). The README repeatedly asserts 'No API calls. No uploads.' That claim cannot be validated from the metadata alone; the bundled script must be inspected to confirm it does not transmit scanned data off-host.
Install Mechanism
No install spec — instruction-only with a bundled script. This is low-risk from an install perspective (nothing is written to system locations by an installer).
Credentials
Requires no environment variables, credentials, or special config paths. That aligns with a local scanner's needs. The scanner will read files in the target folder (expected), which may include secrets stored by the skill being scanned — this is expected behavior for a scanner but worth noting.
Persistence & Privilege
Skill does not request always-on presence, model-invocation flags were not set to grant elevated persistence, and there are no declared privileges. This is appropriate for a utility scanner.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install moltcops-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /moltcops-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
MoltCops 1.0.0 initial release: - Launches a local-first, pre-install security scanner for AI agent skills. - Detects 20 security threat categories including prompt injection, code injection, data exfiltration, hardcoded secrets, and more. - Provides clear PASS/WARN/BLOCK verdicts with actionable summaries. - Requires no dependencies; runs entirely via Python 3 standard library. - Optimized false positive handling for common safe patterns. - Browser-based version also available at scan.moltcops.com.
元数据
Slug moltcops-skill
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Moltcops Skill 是什么?

Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 730 次。

如何安装 Moltcops Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltcops-skill」即可一键安装,无需额外配置。

Moltcops Skill 是免费的吗?

是的,Moltcops Skill 完全免费(开源免费),可自由下载、安装和使用。

Moltcops Skill 支持哪些平台?

Moltcops Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Moltcops Skill?

由 Adamthompson33(@adamthompson33)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论