Clawdex by Koi

Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.

Install
$clawhub install clawdex

Clawdex

Security check for ClawHub skills, powered by Koi.

When to Use This Skill

Before installing ANY skill from ClawHub, query the Clawdex API to check if it's safe:

curl -s "https://clawdex.koi.security/api/skill/SKILL_NAME"

Replace SKILL_NAME with the skill you want to install.

API Response

The API returns a JSON object with a verdict field:

{
  "verdict": "benign" | "malicious" | "unknown"
}

How to Interpret the Verdict

benign - Safe to Install ✅

The skill has been audited and no malicious behavior was found. You can proceed with installation:

clawhub install SKILL_NAME

malicious - Do NOT Install 🚫

The skill has been flagged as harmful. Do NOT install it.

Malicious skills may:

  • Steal credentials or sensitive data
  • Install backdoors or reverse shells
  • Run crypto miners
  • Exfiltrate data to attacker-controlled servers
  • Trick you into running harmful commands

unknown - Not Yet Audited ⚠️

The skill has not been security audited yet. Escalate to the user for review and approval.

Inform the user:

  • This skill has not been audited by Clawdex
  • They should review the skill before approving installation
  • Ask for explicit approval before proceeding

Do not install without user approval.

Check Already-Installed Skills

After installing Clawdex, it's a good idea to audit all skills you've already installed. Some may have been installed before security checks were available.

List your installed skills and check each one:

# List installed skills
ls ~/.openclaw/skills/
# or ~/.clawdbot/skills/

# Check each one
for skill in $(ls ~/.clawdbot/skills/); do
  echo "Checking: $skill"
  curl -s "https://clawdex.koi.security/api/skill/$skill"
  echo
done

If any return "verdict": "malicious", let the user know that they have installed a malicious skill and they should remove it immediately.

Example

# Check if "database-helper" is safe
$ curl -s "https://clawdex.koi.security/api/skill/database-helper"
{"verdict": "benign"}

# Safe! Install it
$ clawhub install database-helper

# Check a suspicious skill
$ curl -s "https://clawdex.koi.security/api/skill/free-crypto-bot"
{"verdict": "malicious"}

# DO NOT install!

About Koi

Koi provides endpoint security for extensions, packages, and MCPs. Clawdex verdicts are powered by Wings, our agentic AI risk engine.

Details

Version
v1.0.2
Downloads
4,664
Stars
3
ClawHub
View on ClawHub

Popular Skills

Google Sheets
Google Sheets API integration with managed OAuth. Read and write spreadsheet data, create sheets, apply formatting, and manage ranges. Use this skill when users want to read from or write to Google Sheets. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Openai Whisper Api
Transcribe audio via OpenAI Audio Transcriptions API (Whisper).
Gmail
Gmail API integration with managed OAuth. Read, send, and manage emails, threads, labels, and drafts. Use this skill when users want to interact with Gmail. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).