← 返回 Skills 市场
bkojusner

Yeeth Claw

作者 bkojusner · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
100
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yeeth-claw
功能描述
Supply chain security hooks for Claude Code. Intercepts npm, pip, yarn, pnpm, and cargo install commands before execution and checks each package for supply...
安全使用建议
This skill appears to do what it claims: inspect package install commands, query public registries, and flag or block suspicious packages. Before installing: (1) inspect the included files yourself (they are bundled and local); (2) back up ~/.claude/settings.json before running the install script or allow the script to merge only with jq; (3) be aware the hook makes outbound requests to public package registries (npm, PyPI, crates.io) and — only if you set OPENCLAW_ARGUS_URL/OPENCLAW_ARGUS_KEY — will it submit blocked-package metadata to that external Argus endpoint. Only set the Argus variables if you trust the receiving service; otherwise leave them unset (the hook will still warn/block locally).
功能分析
Type: OpenClaw Skill Name: yeeth-claw Version: 1.0.0 The yeeth-claw skill is a security-focused hook for Claude Code designed to prevent supply chain attacks by intercepting package installation commands (npm, pip, cargo, etc.). It performs legitimate risk assessments including typosquatting detection using Levenshtein distance and package age verification via official registries (npmjs.org, pypi.org, crates.io). While it can optionally exfiltrate package names to an external API (app.yeethsecurity.com) for analysis, this behavior is clearly documented, requires explicit user configuration of environment variables, and is consistent with its stated purpose as a security tool.
能力标签
crypto
能力评估
Purpose & Capability
Name/description align with the included files: hook.py intercepts Bash install commands, registry/typosquat/argus modules implement the described checks and optional escalation. The files and install script are consistent with a Claude Code PreToolUse hook.
Instruction Scope
SKILL.md instructs installing the hook under ~/.claude/hooks/openclaw and registering a PreToolUse hook that runs hook.py. At runtime the hook reads Claude's hook JSON from stdin, inspects Bash commands, queries public registries, and optionally posts blocked-package metadata to an Argus API if env vars are set — these behaviors are in-scope for a supply-chain hook but do involve network requests and (when enabled) external submission of package metadata.
Install Mechanism
No remote downloads or archive extraction in the installer; install.sh copies bundled files into ~/.claude/hooks/openclaw and optionally merges settings with jq. This is a local, transparent install step; user consent is required to run the script.
Credentials
The skill does not require environment variables by default. Two optional env vars (OPENCLAW_ARGUS_URL and OPENCLAW_ARGUS_KEY) enable escalation to an external Argus service; if set, the hook will send minimal package metadata (name, ecosystem, age, similarity, install-script flag). Requiring those env vars is proportional and optional, but enabling them transmits data to a third party and should be considered by the user.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill privileges. install.sh writes into the user's Claude config directory (~/.claude) which is expected for a hook; it does not modify other skills beyond adding a PreToolUse hook entry (jq merge is optional).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install yeeth-claw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /yeeth-claw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of yeeth-claw. - Adds supply chain security hooks for Claude Code, intercepting npm, pip, yarn, pnpm, and cargo install commands. - Flags or blocks packages based on package age, typosquat detection against popular targets, and presence of install scripts. - Supports risk tiering with WARN (flags), BLOCK (installs blocked), and ARGUS (full analysis via Argus API). - Easy installation with bash script and Claude Code hook configuration. - No external dependencies required (Python stdlib only).
元数据
Slug yeeth-claw
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Yeeth Claw 是什么?

Supply chain security hooks for Claude Code. Intercepts npm, pip, yarn, pnpm, and cargo install commands before execution and checks each package for supply... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。

如何安装 Yeeth Claw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install yeeth-claw」即可一键安装,无需额外配置。

Yeeth Claw 是免费的吗?

是的,Yeeth Claw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Yeeth Claw 支持哪些平台?

Yeeth Claw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Yeeth Claw?

由 bkojusner(@bkojusner)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论