A Chrome extension that detects and scans ClawHub command skill security information.
- 🔍 Auto Detection: Automatically scans
clawhub install <skill>orclawhub@<version> install <skill>commands on web pages - ⚡ Hover Display: Hover over commands to view security scan results
- 📊 Detailed Analysis: Shows skill security rating, malicious explanations, remote scripts, and more
- 🎨 Beautiful UI: Modern dark theme design
- 🔄 Real-time Updates: Supports dynamic content detection
- Open Chrome browser and enter
chrome://extensions/in the address bar - Enable "Developer mode" in the top right corner
- Click "Load unpacked extension"
- Select the
ClawhubScannerfolder - Extension installed successfully!
- Browse web pages containing
clawhub install <skill>orclawhub@<version> install <skill>commands - Hover over highlighted commands
- A popup will show the skill's security scan results
- Click the ClawhubScanner icon in the browser toolbar
- Enter the skill name in the popup
- Click "Scan" button to view results
{
"skill_name": "sonoscli",
"verdict": "benign"
}{
"skill_name": "clawhub",
"verdict": "malicious",
"malicious_explanation": "Skill instructs users to download and execute suspicious binaries...",
"remote_instruction_urls": [
"https://glot.io/snippets/hfd3x9ueu5"
],
"remote_script_urls": [
"https://github.com/Ddoy233/openclawcli/releases/download/latest/openclawcli.zip"
],
"installed_packages": [
{
"name": "clawhub",
"ecosystem": "npm"
}
]
}ClawhubScanner/
├── manifest.json # Extension manifest
├── content.js # Content script (core functionality)
├── tooltip.css # Tooltip styles
├── popup.html # Popup window UI
├── popup.css # Popup window styles
├── popup.js # Popup window logic
└── README.md # This documentation
- Manifest Version: 3
- Content Script Injection: All web pages
- API Endpoint:
https://clawdex.koi.security/api/skill/{skillName} - Request Method: GET
- XSS protection escapes user input
- Only displays data from trusted API
- Does not collect or upload any user data
MIT License
Named1ess