moltcops

1
1
Source

Pre-install security scanner for AI agent skills. Detects malicious patterns before you trust code. Local-first — code never leaves your machine.

Install

mkdir -p .claude/skills/moltcops && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6386" && unzip -o skill.zip -d .claude/skills/moltcops && rm skill.zip

Installs to .claude/skills/moltcops

About this skill

MoltCops — Skill Security Scanner

Scan any skill for security threats before you install it. Detects prompt injection, data exfiltration, sleeper triggers, drain patterns, and 16 more threat categories.

Local-first. Your code never leaves your machine. No API calls. No uploads. No accounts.

When to Use

  • Before installing any skill from ClawHub, GitHub, or other sources
  • Before running skills shared by other agents
  • When evaluating unknown code from any source
  • After ClawHavoc: 341 malicious skills were found on ClawHub this week. Scan first.

How to Run

python3 scripts/scan.py <path-to-skill-folder>

Example:

# Scan a skill before installing
python3 scripts/scan.py ~/.openclaw/skills/suspicious-skill

# Scan a freshly downloaded skill
python3 scripts/scan.py ./my-new-skill

No dependencies required — uses only Python 3 standard library.

Reading Results

The scanner returns three verdicts:

VerdictExit CodeMeaning
PASS0No critical or high-risk threats detected. Safe to install.
WARN1High-risk patterns found. Review findings before installing.
BLOCK2Critical threats detected. Do NOT install this skill.

What It Detects

20 detection rules across these threat categories:

CategoryRulesExamples
Prompt InjectionMC-001, MC-002, MC-003System prompt override, jailbreak payloads, tool-use steering
Code InjectionMC-004, MC-005, MC-006, MC-019Shell injection, eval/exec, base64-to-exec, child_process
Data ExfiltrationMC-007, MC-008, MC-009, MC-010, MC-020Webhook URLs, env var harvesting, SSH key access, credential files
Hardcoded SecretsMC-011, MC-012API keys in source, private key material
FinancialMC-013Drain patterns, unlimited withdrawals
Lateral MovementMC-014Git credential access, repo manipulation
PersistenceMC-015, MC-016SOUL.md writes, cron job creation
Autonomy AbuseMC-017Destructive force flags (rm -rf, git push --force)
InfrastructureMC-018Permission escalation (sudo, chmod 777)

False Positive Handling

The scanner includes context-aware filtering to reduce false positives:

  • Env var access (MC-008): Only flags when variable names contain KEY, SECRET, PASSWORD, TOKEN, or CREDENTIAL
  • Git operations (MC-014): Skips standard remotes (github.com, gitlab.com, bitbucket.org)
  • Force flags (MC-017): Only flags on destructive operations, not install scripts

Example Output

MoltCops Security Scanner
========================================
Scanning: ./suspicious-skill
Files: 5
Rules: 20

FINDINGS
----------------------------------------
[CRITICAL] MC-007: Exfiltration URL (main.py:14)
[CRITICAL] MC-004: Shell Injection (helper.sh:8)
[HIGH] MC-005: Dynamic Code Execution (main.py:22)

SUMMARY
========================================
Files scanned: 5
Total findings: 3
  Critical: 2
  High:     1
  Medium:   0

VERDICT: BLOCK
Critical threats detected. Do NOT install this skill.

Web Scanner

For a browser-based version with the same engine, visit: https://scan.moltcops.com

About MoltCops

MoltCops protects the AI agent ecosystem from malicious skills. While VirusTotal catches known malware signatures, MoltCops catches behavioral patterns — drain logic, sleeper triggers, prompt injection, and data exfiltration that signature-based scanning misses.

a-stock-analysis

openclaw

A股实时行情与分时量能分析。获取沪深股票实时价格、涨跌、成交量,分析分时量能分布(早盘/尾盘放量)、主力动向(抢筹/出货信号)、涨停封单。支持持仓管理和盈亏分析。Use when: (1) 查询A股实时行情, (2) 分析主力资金动向, (3) 查看分时成交量分布, (4) 管理股票持仓, (5) 分析持仓盈亏。

754288

fivem

openclaw

Fix, create, or validate FiveM server resources for QBCore/ESX (config.lua, fxmanifest.lua, items, housing/furniture, scripts, MLOs). Use when asked to debug resource errors, convert ESX↔QB, update fxmanifest versions, add items, or source scripts from GitHub. Also use for SSH key generation for SFTP access.

406258

research-paper-writer

openclaw

Creates formal academic research papers following IEEE/ACM formatting standards with proper structure, citations, and scholarly writing style. Use when the user asks to write a research paper, academic paper, or conference paper on any topic.

81168

keyword-research

openclaw

Discovers high-value keywords with search intent analysis, difficulty assessment, and content opportunity mapping. Essential for starting any SEO or GEO content strategy.

439107

html-to-ppt

openclaw

Convert HTML/Markdown to PowerPoint presentations using Marp

33289

weread

openclaw

WeChat Reading (微信读书) CLI tool for fetching notes and highlights. Use when: (1) user asks about weread/微信读书 notes or highlights, (2) fetching today's or recent reading notes, (3) exporting book highlights, (4) managing reading bookshelf, (5) any task involving reading notes from WeChat Reading.

11285

You might also like

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

2,8632,517

pdf-to-markdown

aliceisjustplaying

Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.

3,7791,648

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

2,1471,638

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

2,2621,464

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

2,4551,220

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

1,950967