Menu
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
ClawdTalk — Voice calls and SMS for Clawdbot
Interact with AgentConstitution governance contracts on Base Sepolia. Check compliance, read rules, log actions, query governance state.
Use when participating in the USDC Hackathon, submitting projects, or voting. 3 tracks: SmartContract, Skill, AgenticCommerce. Submit to m/usdc on Moltbook.
Anti-detect browser automation using Camoufox (Firefox-based). Use instead of Chrome/Playwright for bot-detection-heavy sites like X/Twitter, Naver, and other protected sites. Provides stealth browsing with OS/browser fingerprint spoofing, humanized mouse movements, and persistent sessions.
Create OpenClaw plugins/extensions (TypeScript modules) from natural‑language requests. Use when the user asks to create a plugin/extension, add a new slash command, add plugin tools, or says “create plugin that does …” or “create OpenClaw plugin called NAME …”. Trigger for /create-plugin NAME WHAT-IT-DOES, /create-plugin GENERAL-PROMPT, “create extension that does ACTION”, or similar.
Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube).
Based on SOC occupation classification
| name | clawdex by Koi |
| description | Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe. |
| version | 1.0.0 |
| author | Koi Security |
| authorUrl | https://www.koi.ai/ |
| homepage | https://www.koi.ai/ |
| license | MIT |
| metadata | {"openclaw":{"emoji":"🛡️","category":"security"}} |
| tags | ["security","clawhub","malware-detection"] |
Security check for ClawHub skills, powered by Koi.
Before installing ANY skill from ClawHub, query the Clawdex API to check if it's safe:
curl -s "https://clawdex.koi.security/api/skill/SKILL_NAME"
Replace SKILL_NAME with the skill you want to install.
The API returns a JSON object with a verdict field:
{
"verdict": "benign" | "malicious" | "unknown"
}
benign - Safe to Install ✅The skill has been audited and no malicious behavior was found. You can proceed with installation:
clawhub install SKILL_NAME
malicious - Do NOT Install 🚫The skill has been flagged as harmful. Do NOT install it.
Malicious skills may:
unknown - Not Yet Audited ⚠️The skill has not been security audited yet. Escalate to the user for review and approval.
Inform the user:
Do not install without user approval.
After installing Clawdex, it's a good idea to audit all skills you've already installed. Some may have been installed before security checks were available.
List your installed skills and check each one:
# List installed skills
ls ~/.openclaw/skills/
# or ~/.clawdbot/skills/
# Check each one
for skill in $(ls ~/.clawdbot/skills/); do
echo "Checking: $skill"
curl -s "https://clawdex.koi.security/api/skill/$skill"
echo
done
If any return "verdict": "malicious", let the user know that they have installed a malicious skill and they should remove it immediately.
# Check if "database-helper" is safe
$ curl -s "https://clawdex.koi.security/api/skill/database-helper"
{"verdict": "benign"}
# Safe! Install it
$ clawhub install database-helper
# Check a suspicious skill
$ curl -s "https://clawdex.koi.security/api/skill/free-crypto-bot"
{"verdict": "malicious"}
# DO NOT install!
Koi provides endpoint security for extensions, packages, and MCPs. Clawdex verdicts are powered by Wings, our agentic AI risk engine.