원클릭으로
clawdex-by-koi
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
ClawdTalk — Voice calls and SMS for Clawdbot
Interact with AgentConstitution governance contracts on Base Sepolia. Check compliance, read rules, log actions, query governance state.
Use when participating in the USDC Hackathon, submitting projects, or voting. 3 tracks: SmartContract, Skill, AgenticCommerce. Submit to m/usdc on Moltbook.
Anti-detect browser automation using Camoufox (Firefox-based). Use instead of Chrome/Playwright for bot-detection-heavy sites like X/Twitter, Naver, and other protected sites. Provides stealth browsing with OS/browser fingerprint spoofing, humanized mouse movements, and persistent sessions.
Create OpenClaw plugins/extensions (TypeScript modules) from natural‑language requests. Use when the user asks to create a plugin/extension, add a new slash command, add plugin tools, or says “create plugin that does …” or “create OpenClaw plugin called NAME …”. Trigger for /create-plugin NAME WHAT-IT-DOES, /create-plugin GENERAL-PROMPT, “create extension that does ACTION”, or similar.
Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube).
SOC 직업 분류 기준
| name | clawdex by Koi |
| description | Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe. |
| version | 1.0.0 |
| author | Koi Security |
| authorUrl | https://www.koi.ai/ |
| homepage | https://www.koi.ai/ |
| license | MIT |
| metadata | {"openclaw":{"emoji":"🛡️","category":"security"}} |
| tags | ["security","clawhub","malware-detection"] |
Security check for ClawHub skills, powered by Koi.
Before installing ANY skill from ClawHub, query the Clawdex API to check if it's safe:
curl -s "https://clawdex.koi.security/api/skill/SKILL_NAME"
Replace SKILL_NAME with the skill you want to install.
The API returns a JSON object with a verdict field:
{
"verdict": "benign" | "malicious" | "unknown"
}
benign - Safe to Install ✅The skill has been audited and no malicious behavior was found. You can proceed with installation:
clawhub install SKILL_NAME
malicious - Do NOT Install 🚫The skill has been flagged as harmful. Do NOT install it.
Malicious skills may:
unknown - Not Yet Audited ⚠️The skill has not been security audited yet. Escalate to the user for review and approval.
Inform the user:
Do not install without user approval.
After installing Clawdex, it's a good idea to audit all skills you've already installed. Some may have been installed before security checks were available.
List your installed skills and check each one:
# List installed skills
ls ~/.openclaw/skills/
# or ~/.clawdbot/skills/
# Check each one
for skill in $(ls ~/.clawdbot/skills/); do
echo "Checking: $skill"
curl -s "https://clawdex.koi.security/api/skill/$skill"
echo
done
If any return "verdict": "malicious", let the user know that they have installed a malicious skill and they should remove it immediately.
# Check if "database-helper" is safe
$ curl -s "https://clawdex.koi.security/api/skill/database-helper"
{"verdict": "benign"}
# Safe! Install it
$ clawhub install database-helper
# Check a suspicious skill
$ curl -s "https://clawdex.koi.security/api/skill/free-crypto-bot"
{"verdict": "malicious"}
# DO NOT install!
Koi provides endpoint security for extensions, packages, and MCPs. Clawdex verdicts are powered by Wings, our agentic AI risk engine.