moltcops
Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.
Install
mkdir -p .claude/skills/moltcops && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6386" && unzip -o skill.zip -d .claude/skills/moltcops && rm skill.zipInstalls to .claude/skills/moltcops
About this skill
MoltCops — Skill Security Scanner
Scan any skill for security threats before you install it. Detects prompt injection, data exfiltration, sleeper triggers, drain patterns, and 16 more threat categories.
Local-first. Your code never leaves your machine. No API calls. No uploads. No accounts.
When to Use
- Before installing any skill from ClawHub, GitHub, or other sources
- Before running skills shared by other agents
- When evaluating unknown code from any source
- After ClawHavoc: 341 malicious skills were found on ClawHub this week. Scan first.
How to Run
python3 scripts/scan.py <path-to-skill-folder>
Example:
# Scan a skill before installing
python3 scripts/scan.py ~/.openclaw/skills/suspicious-skill
# Scan a freshly downloaded skill
python3 scripts/scan.py ./my-new-skill
No dependencies required — uses only Python 3 standard library.
Reading Results
The scanner returns three verdicts:
| Verdict | Exit Code | Meaning |
|---|---|---|
| PASS | 0 | No critical or high-risk threats detected. Safe to install. |
| WARN | 1 | High-risk patterns found. Review findings before installing. |
| BLOCK | 2 | Critical threats detected. Do NOT install this skill. |
What It Detects
20 detection rules across these threat categories:
| Category | Rules | Examples |
|---|---|---|
| Prompt Injection | MC-001, MC-002, MC-003 | System prompt override, jailbreak payloads, tool-use steering |
| Code Injection | MC-004, MC-005, MC-006, MC-019 | Shell injection, eval/exec, base64-to-exec, child_process |
| Data Exfiltration | MC-007, MC-008, MC-009, MC-010, MC-020 | Webhook URLs, env var harvesting, SSH key access, credential files |
| Hardcoded Secrets | MC-011, MC-012 | API keys in source, private key material |
| Financial | MC-013 | Drain patterns, unlimited withdrawals |
| Lateral Movement | MC-014 | Git credential access, repo manipulation |
| Persistence | MC-015, MC-016 | SOUL.md writes, cron job creation |
| Autonomy Abuse | MC-017 | Destructive force flags (rm -rf, git push --force) |
| Infrastructure | MC-018 | Permission escalation (sudo, chmod 777) |
False Positive Handling
The scanner includes context-aware filtering to reduce false positives:
- Env var access (MC-008): Only flags when variable names contain KEY, SECRET, PASSWORD, TOKEN, or CREDENTIAL
- Git operations (MC-014): Skips standard remotes (github.com, gitlab.com, bitbucket.org)
- Force flags (MC-017): Only flags on destructive operations, not install scripts
Example Output
MoltCops Security Scanner
========================================
Scanning: ./suspicious-skill
Files: 5
Rules: 20
FINDINGS
----------------------------------------
[CRITICAL] MC-007: Exfiltration URL (main.py:14)
[CRITICAL] MC-004: Shell Injection (helper.sh:8)
[HIGH] MC-005: Dynamic Code Execution (main.py:22)
SUMMARY
========================================
Files scanned: 5
Total findings: 3
Critical: 2
High: 1
Medium: 0
VERDICT: BLOCK
Critical threats detected. Do NOT install this skill.
Web Scanner
For a browser-based version with the same engine, visit: https://scan.moltcops.com
About MoltCops
MoltCops protects the AI agent ecosystem from malicious skills. While VirusTotal catches known malware signatures, MoltCops catches behavioral patterns — drain logic, sleeper triggers, prompt injection, and data exfiltration that signature-based scanning misses.
- Web: https://moltcops.com
- Moltbook: https://moltbook.com/u/MoltCops
More by openclaw
View all skills by openclaw →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
Snyk Agent ScanSecurity scanner for AI agents, MCP servers, and agent skills. Automatically scan code for vulnerabilities, license issu
Cycode Security ScannerUse Cycode Security Scanner for automated SAST and site scanner virus checks on local files and repos, with detailed vul
MCP FortressMCP Fortress — Advanced security scanner that detects vulnerabilities, prompt injection, and tool poisoning to protect y
Security ScannerUse our Security Scanner as a website virus scanner to detect site scanner virus threats, vulnerabilities, and exposed s
Security ScannerSecurity Scanner analyzes code repositories to find exposed secrets, vulnerabilities, dependency flaws and misconfigurat
Code Audit (Ollama)Scan your website for viruses and vulnerabilities with Code Audit (Ollama). Get a comprehensive site scanner virus check