ClawSec ClawHub Checker
Enhances the ClawSec suite's guarded skill installer with ClawHub reputation checks. Adds a second layer of security by checking VirusTotal Code Insight scores and other reputation signals before allowing skill installation.
Operational Notes
- - Required runtime:
node, clawhub, �INLINECODE2 - Depends on: installed �INLINECODE3
- Side effects:
setup_reputation_hook.mjs copies files into the installed suite and rewrites �INLINECODE5 - Network behavior: reputation checks query ClawHub and may trigger remote metadata lookups during
inspect/declined install flows - Trust model: reputation scores are heuristic, not authoritative; keep the double-confirmation flow enabled
What It Does
- 1. Wraps
clawhub install - Intercepts skill installation requests - Checks VirusTotal reputation - Uses ClawHub's built-in VirusTotal Code Insight
- Adds double confirmation - For suspicious skills (reputation score below threshold)
- Integrates with advisory feed - Works alongside existing clawsec-suite advisories
- Provides detailed reports - Shows why a skill is flagged as suspicious
Installation
This skill must be installed after clawsec-suite:
CODEBLOCK0
The setup script prints a preflight review before it mutates the installed suite files.
After setup, the checker adds enhanced_guarded_install.mjs and
guarded_skill_install_wrapper.mjs under clawsec-suite/scripts and updates the advisory
guardian hook. The original guarded_skill_install.mjs is not replaced.
Review the printed preflight summary before running setup. The script intentionally modifies the installed suite in place rather than operating on a temporary copy.
How It Works
Enhanced Guarded Installer
After setup, run the wrapper (drop-in path) or the enhanced script directly:
�CODEBLOCK1
The enhanced flow:
- 1. Advisory check (existing) - Checks clawsec advisory feed
- Reputation check (new) - Queries ClawHub for VirusTotal scores
- Risk assessment - Combines advisory + reputation signals
- Double confirmation - If risky, requires explicit �INLINECODE14
Reputation Signals Checked
- 1. VirusTotal Code Insight - Malicious code patterns, external dependencies (Docker usage, network calls, eval usage, crypto keys)
- Skill age & updates - New skills vs established ones
- Author reputation - Other skills by same author
- Download statistics - Popularity signals
Exit Codes
- -
0 - Safe to install (no advisories, good reputation) - INLINECODE16� - Advisory match found (existing behavior)
- INLINECODE17� - Reputation warning (new - requires
--confirm-reputation) - INLINECODE19� - Error
Configuration
Environment variables:
- -
CLAWHUB_REPUTATION_THRESHOLD - Minimum reputation score (0-100, default: 70)
Integration with Existing Suite
The checker enhances but doesn't replace existing security:
- - Advisory feed still primary - Known malicious skills blocked first
- Reputation is secondary - Unknown/suspicious skills get extra scrutiny
- Double confirmation preserved - Both layers require explicit user approval
Example Usage
CODEBLOCK2
Safety Notes
- - This is a defense-in-depth layer, not a replacement for advisory feeds
- VirusTotal scores are heuristic, not definitive
- False positives possible - Legitimate skills with novel patterns might be flagged
- Always review skill code before installing with �INLINECODE21
Current Limitations
Missing OpenClaw Internal Check Data
ClawHub shows two security badges on skill pages:
- 1. VirusTotal Code Insight - ✅ Our checker catches these flags
- OpenClaw internal check - ❌ Not exposed via API (only on website)
Example from clawsec-suite page:
- - VirusTotal: "Benign" ✓
- OpenClaw internal check: "The package is internally consistent with a feed-monitoring / advisory-guardian purpose, but a few operational details and optional bypasses deserve attention before installing."
Our checker cannot access OpenClaw internal check warnings as they're not exposed via clawhub CLI or API.
Recommendation for ClawHub
To enable complete reputation checking, ClawHub should expose internal check results via:
- -
clawhub inspect --json endpoint - Additional API field for security tools
- Or include in
clawhub install warning output
Workaround
Our heuristic checks (skill age, author reputation, downloads, updates) provide similar risk assessment but miss specific operational warnings about bypasses, missing signatures, etc. Always check the ClawHub website for complete security assessment.
Development
To modify the reputation checking logic, edit:
- -
scripts/enhanced_guarded_install.mjs - Main enhanced installer - INLINECODE27� - Reputation checking logic
- INLINECODE28� - Hook integration
License
GNU AGPL v3.0 or later - Part of the ClawSec security suite
技能名称: clawsec-clawhub-checker
详细描述:
ClawSec ClawHub Checker
通过ClawHub信誉检查增强ClawSec套件的受保护技能安装器。在允许技能安装前,通过检查VirusTotal Code Insight评分及其他信誉信号,增加第二层安全防护。
操作说明
- - 所需运行时:node、clawhub、openclaw
- 依赖项:已安装的clawsec-suite
- 副作用:setupreputationhook.mjs会将文件复制到已安装的套件中,并重写hooks/clawsec-advisory-guardian/handler.ts
- 网络行为:信誉检查会查询ClawHub,并在inspect/被拒绝的install流程中可能触发远程元数据查找
- 信任模型:信誉评分为启发式,非权威性;请保持双重确认流程开启
功能说明
- 1. 包装clawhub install - 拦截技能安装请求
- 检查VirusTotal信誉 - 使用ClawHub内置的VirusTotal Code Insight
- 增加双重确认 - 针对可疑技能(信誉评分低于阈值)
- 与咨询源集成 - 与现有clawsec-suite咨询协同工作
- 提供详细报告 - 显示技能被标记为可疑的原因
安装
此技能必须在clawsec-suite之后安装:
bash
首先安装套件
npx clawhub@latest install clawsec-suite
然后安装检查器
npx clawhub@latest install clawsec-clawhub-checker
运行设置脚本以集成到clawsec-suite
node ~/.openclaw/skills/clawsec-clawhub-checker/scripts/setup
reputationhook.mjs
重启OpenClaw网关使更改生效
openclaw gateway restart
设置脚本在修改已安装的套件文件之前会打印预检概览。
设置完成后,检查器会在clawsec-suite/scripts下添加enhancedguardedinstall.mjs和guardedskillinstallwrapper.mjs,并更新咨询守护钩子。原始的guardedskill_install.mjs不会被替换。
在运行设置前请查看打印的预检摘要。该脚本会直接修改已安装的套件,而非在临时副本上操作。
工作原理
增强型受保护安装器
设置完成后,运行包装器(即插即用路径)或直接运行增强脚本:
bash
推荐的即插即用包装器
node scripts/guarded
skillinstall_wrapper.mjs --skill some-skill --version 1.0.0
或直接调用增强脚本
node scripts/enhanced
guardedinstall.mjs --skill some-skill --version 1.0.0
增强流程:
- 1. 咨询检查(现有) - 检查clawsec咨询源
- 信誉检查(新增) - 查询ClawHub获取VirusTotal评分
- 风险评估 - 结合咨询与信誉信号
- 双重确认 - 如有风险,需显式使用--confirm-reputation
检查的信誉信号
- 1. VirusTotal Code Insight - 恶意代码模式、外部依赖(Docker使用、网络调用、eval使用、加密密钥)
- 技能年龄与更新 - 新技能与成熟技能对比
- 作者信誉 - 同一作者的其他技能
- 下载统计 - 流行度信号
退出代码
- - 0 - 安全可安装(无咨询警告,信誉良好)
- 42 - 发现咨询匹配(现有行为)
- 43 - 信誉警告(新增 - 需使用--confirm-reputation)
- 1 - 错误
配置
环境变量:
- - CLAWHUBREPUTATIONTHRESHOLD - 最低信誉评分(0-100,默认:70)
与现有套件集成
检查器增强但不替代现有安全机制:
- - 咨询源仍为主力 - 已知恶意技能优先被阻止
- 信誉为辅助 - 未知/可疑技能接受额外审查
- 双重确认保留 - 两层均需用户显式批准
使用示例
bash
尝试安装技能
node scripts/guarded
skillinstall_wrapper.mjs --skill suspicious-skill --version 1.0.0
输出可能显示:
警告:技能suspicious-skill信誉评分较低(45/100)
- 被VirusTotal Code Insight标记:加密密钥、外部API、eval使用
- 作者未发布其他技能
- 技能创建时间不足7天
# 如需忽略信誉警告安装,请运行:
node scripts/guardedskillinstall_wrapper.mjs --skill suspicious-skill --version 1.0.0 --confirm-reputation
带确认的安装
node scripts/guarded
skillinstall_wrapper.mjs --skill suspicious-skill --version 1.0.0 --confirm-reputation
安全说明
- - 此为纵深防御层,不能替代咨询源
- VirusTotal评分为启发式,非决定性
- 可能存在误报 - 具有新颖模式的合法技能可能被标记
- 使用--confirm-reputation安装前,请务必审查技能代码
当前限制
缺少OpenClaw内部检查数据
ClawHub在技能页面上显示两个安全徽章:
- 1. VirusTotal Code Insight - ✅ 我们的检查器能捕获这些标记
- OpenClaw内部检查 - ❌ 未通过API暴露(仅在网站上显示)
来自clawsec-suite页面的示例:
- - VirusTotal:良性 ✓
- OpenClaw内部检查:该包在内部与源监控/咨询守护目的保持一致,但一些操作细节和可选绕过方式在安装前值得关注。
我们的检查器无法访问OpenClaw内部检查警告,因为它们未通过clawhub CLI或API暴露。
对ClawHub的建议
为实现完整的信誉检查,ClawHub应通过以下方式暴露内部检查结果:
- - clawhub inspect --json端点
- 为安全工具增加额外API字段
- 或包含在clawhub install警告输出中
变通方案
我们的启发式检查(技能年龄、作者信誉、下载量、更新频率)提供类似的风险评估,但会遗漏关于绕过方式、缺失签名等具体操作警告。请始终查看ClawHub网站以获取完整的安全评估。
开发
如需修改信誉检查逻辑,请编辑:
- - scripts/enhancedguardedinstall.mjs - 主增强安装器
- scripts/checkclawhubreputation.mjs - 信誉检查逻辑
- hooks/clawsec-advisory-guardian/lib/reputation.mjs - 钩子集成
许可证
GNU AGPL v3.0或更高版本 - 属于ClawSec安全套件的一部分
