MoltCops — Skill Security Scanner

Scan any skill for security threats before you install it. Detects prompt injection, data exfiltration, sleeper triggers, drain patterns, and 16 more threat categories.

Local-first. Your code never leaves your machine. No API calls. No uploads. No accounts.

When to Use

• - Before installing any skill from ClawHub, GitHub, or other sources
• Before running skills shared by other agents
• When evaluating unknown code from any source
• After ClawHavoc: 341 malicious skills were found on ClawHub this week. Scan first.

How to Run

CODEBLOCK0

Example:
CODEBLOCK1

No dependencies required — uses only Python 3 standard library.

Reading Results

The scanner returns three verdicts:

Verdict	Exit Code	Meaning
PASS	0	No critical or high-risk threats detected. Safe to install.
WARN

1 | High-risk patterns found. Review findings before installing. |
| BLOCK | 2 | Critical threats detected. Do NOT install this skill. |

What It Detects

20 detection rules across these threat categories:

Category	Rules	Examples
Prompt Injection	MC-001, MC-002, MC-003	System prompt override, jailbreak payloads, tool-use steering
Code Injection

MC-004, MC-005, MC-006, MC-019 | Shell injection, eval/exec, base64-to-exec, child_process |
| Data Exfiltration | MC-007, MC-008, MC-009, MC-010, MC-020 | Webhook URLs, env var harvesting, SSH key access, credential files |
| Hardcoded Secrets | MC-011, MC-012 | API keys in source, private key material |
| Financial | MC-013 | Drain patterns, unlimited withdrawals |
| Lateral Movement | MC-014 | Git credential access, repo manipulation |
| Persistence | MC-015, MC-016 | SOUL.md writes, cron job creation |
| Autonomy Abuse | MC-017 | Destructive force flags (rm -rf, git push --force) |
| Infrastructure | MC-018 | Permission escalation (sudo, chmod 777) |

False Positive Handling

The scanner includes context-aware filtering to reduce false positives:

• - Env var access (MC-008): Only flags when variable names contain KEY, SECRET, PASSWORD, TOKEN, or CREDENTIAL
• Git operations (MC-014): Skips standard remotes (github.com, gitlab.com, bitbucket.org)
• Force flags (MC-017): Only flags on destructive operations, not install scripts

Example Output

CODEBLOCK2

Web Scanner

For a browser-based version with the same engine, visit: https://scan.moltcops.com

About MoltCops

MoltCops protects the AI agent ecosystem from malicious skills. While VirusTotal catches known malware signatures, MoltCops catches behavioral patterns — drain logic, sleeper triggers, prompt injection, and data exfiltration that signature-based scanning misses.

• - Web: https://moltcops.com
• Moltbook: https://moltbook.com/u/MoltCops