跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

ClawHub Reputation Checker

技能 已验证 活跃

ClawHub reputation checker for clawsec-suite. Adds a standalone reputation gate before guarded skill installation.

目的

To enhance the safety of skill installations by adding a reputation-based security check before allowing installations, preventing the accidental deployment of untrusted or risky skills.

功能

  • ClawHub reputation check
  • Heuristic scoring and thresholding
  • Explicit confirmation for low-reputation installs
  • Optional advisory hook integration
  • Standalone installation validation

使用场景

  • Installing new skills from clawsec-suite when a reputation warning is issued
  • Auditing the reputation of a specific skill before installation
  • Setting custom reputation thresholds for automated deployments

非目标

  • Replacing the core functionality of clawsec-suite
  • Performing malware analysis beyond aggregated scanner data
  • Acting as a sole security arbiter for all skill installations

工作流

  1. Parse command-line arguments and environment variables.
  2. Check ClawHub reputation for the specified skill and version.
  3. Apply heuristic scoring and compare against threshold.
  4. If reputation is low and not confirmed, exit with a confirmation required code.
  5. If reputation is sufficient or confirmed, run the original guarded installer from clawsec-suite.
  6. Exit with appropriate status code based on the outcome.

实践

  • Security best practices
  • Error handling
  • Input validation

先决条件

  • Node.js runtime
  • clawhub CLI
  • openclaw runtime
  • installed clawsec-suite

安装

npx skills add prompt-security/clawsec

通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。

质量评分

已验证
100 /100
1 day ago 分析

信任信号

最近提交2 days ago
GitHub 所有者 prompt-security (opens in new tab)
星标983
许可证AGPL-3.0-or-later
网站prompt.security(opens in new tab)
状态
查看源代码

类似扩展

Omc Doctor

99

Diagnose and fix oh-my-claudecode installation issues

技能
Yeachan-Heo

Vector Setup

100

First-run setup for ruvector@0.2.25 — installs ONNX/Brain/SONA add-ons, registers the MCP server, and verifies the install via `doctor`

技能
ruvnet

Install Almanac Content

100

Install skills, agents, and teams from agent-almanac into any supported agentic framework using the CLI. Covers framework detection, content search, installation with dependency resolution, health auditing, and manifest-based syncing. Use when setting up a new project with agentic capabilities, installing specific skills or entire domains, targeting multiple frameworks simultaneously, or maintaining a declarative manifest of installed content.

技能
pjt222

Secrets Management

100

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

技能
wshobson

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

技能
trailofbits

Safe Mode

100

Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.

技能
rohitg00