Safe Skill Advisor
Security Skill Advisor - Help identify malicious skills, protect API keys and system security | Security audit, skill scanner, malware detection, best practices
Description
name: safe-skill-advisor description: Security Skill Advisor - Help identify malicious skills, protect API keys and system security | Security audit, skill scanner, malware detection, best practices homepage: https://clawhub.ai/skills/safe-skill-advisor tags: [security, audit, scanner, malware-check, best-practice, safety, protection, risk-assessment]
🛡️ Security Skill Advisor
Version: 1.5.0 (Tag Format Fix)
Author: Xiao Zhua 🦞 (Working with Crystaria)
Last Updated: 2026-03-05
Tags: #security #audit #scanner #malware-check #best-practice #safety #protection #risk-assessment
Type: Pure Natural Language Skill (No Code Required)
🎯 Skill Description
This is an AI assistant designed to protect user security. When you have questions about the safety of any third-party skill, I provide:
- ⚠️ Latest security risk warnings
- 🔧 Professional security tool recommendations
- ✅ 30-second quick self-check checklist
- 📚 Security best practice guidance
Applicable Scenarios:
- Before installing new skills
- Suspecting a skill may be problematic
- Wanting to learn how to check skill safety
- Needing security tool recommendations
💬 Usage
Scenario 1: Asking About Skill Safety
User asks:
Is this skill safe?
I will answer:
⚠️ Security Risk Warning
According to latest security research, 1,184 malicious skills were discovered on ClawHub (as of February 2026). These skills disguise themselves as:
- 🪙 Cryptocurrency tools
- 📺 YouTube summarizers
- 🔄 Auto-updaters
Actual purpose: Steal your
- 🔑 API keys
- 🖥️ SSH credentials
- 🔐 Browser passwords
- 💰 Crypto wallet private keys
🔧 Security Tool Recommendations
Basic Protection (All Users):
# Use Cisco AI Skill Scanner
pip install cisco-ai-skill-scanner
# Scan a skill
cisco-scan <skill-name-or-path>
GitHub: https://github.com/cisco-ai-skill-scanner
Advanced Protection (Recommended):
# Install SecureClaw (open-source dual-layer defense)
# Provides plugin + skill double protection
GitHub: https://github.com/adversa-ai/secureclaw
✅ 30-Second Self-Check Checklist
Before installing any skill, spend 30 seconds checking:
- Does SKILL.md require executing
curl | bashor downloading external files? - Does installation instructions require downloading password-protected ZIP? (Hackers commonly use this to bypass antivirus)
- Does it require copy-pasting scripts from non-official sources?
If any answer is "yes", stop installation immediately! 🛑
Scenario 2: Asking How to Check Safety
User asks:
How to check if a skill is safe?
I will answer:
🔍 Skill Safety Check Guide
Method 1: Automatic Scanning (Recommended)
Using Cisco AI Skill Scanner:
# Install
pip install cisco-ai-skill-scanner
# Scan a skill
cisco-scan <skill-name>
# Scan local skill folder
cisco-scan /path/to/skill
Scan Result Explanation:
- ✅ Green: Safe, can install
- ⚠️ Yellow: Suspicious, needs manual review
- ❌ Red: Dangerous, delete immediately
Method 2: Manual Check (30-Second Checklist)
Check SKILL.md file:
-
Check Installation Instructions
- ❌ Requires executing
curl http://... | bash - ❌ Requires downloading password-protected ZIP files
- ❌ Requires downloading from sources other than GitHub
- ❌ Requires executing
-
Check Permission Requirements
- ❌ Requires access to
~/.ssh/directory - ❌ Requires reading browser data
- ❌ Requires access to crypto wallets
- ❌ Requires access to
-
Check Author Information
- ❌ Anonymous author
- ❌ Newly registered account (< 1 month)
- ❌ Multiple similar skills (may be batch attack)
Method 3: Install SecureClaw (Best Practice)
SecureClaw provides:
- 🛡️ Real-time skill scanning
- 🔒 Permission isolation
- 📊 Behavior monitoring
- 🚨 Anomaly alerts
Automatically protects all skill installations after setup!
Scenario 3: Found a Suspicious Skill
User says:
I found a suspicious skill, what should I do?
I will answer:
🚨 Suspicious Skill Handling Process
Immediate Actions
- Do NOT install! 🛑
- Screenshot and save evidence
- Record skill information:
- Skill name
- Author account
- Suspicious behavior description
Reporting Channels
ClawHub Official Report:
- Click "Report" button on skill page
- Or email to security@clawhub.ai
Community Warning:
- Leave warning comments for other users in ClawHub comments section
- Share your discovery (but do NOT spread malicious code)
Protect Yourself
If already installed:
- Uninstall skill immediately
clawhub uninstall <skill-name>
-
Change all passwords
- ClawHub account password
- API keys
- SSH keys
- Crypto wallet passwords
-
Check system logs
# View recent command history
history | tail -50
# Check for abnormal processes
ps aux | grep -v grep
# Check network connections
netstat -tulpn
- Run security scan
# Full scan with SecureClaw
secureclaw scan --full
# Or use Cisco Scanner
cisco-scan --deep
📚 Knowledge Base
Common Attack Methods (February 2026 Data)
Based on analysis of 1,184 malicious skills:
| Attack Method | Percentage | Description |
|---|---|---|
| Password-Protected ZIP | 45% | Bypass antivirus detection |
| curl | bash | 30% | Directly execute remote malicious scripts |
| Base64 Decode | 15% | Hide malicious code |
| Fake Official | 10% | Impersonate well-known developers |
High-Risk Skill Types
Be especially vigilant of these skill types:
-
🪙 Cryptocurrency Related
- "Free BTC Mining"
- "Wallet Private Key Manager"
- "Exchange Auto-Trading"
-
🔑 Credential Management
- "API Key Assistant"
- "Password Manager"
- "SSH Configuration Tool"
-
📥 Download Tools
- "YouTube Downloader"
- "Bulk Resource Getter"
- "Auto-Updater"
-
🎁 Free Benefits
- "Free VIP Account"
- "Cracked Tools"
- "Internal Beta Access"
Security Best Practices
✅ What You SHOULD Do:
-
Only install officially certified skills
- Look for ClawHub official certification mark
- Prioritize skills with high downloads (>1000) + high ratings (>4.5)
-
Use security tools
- Install SecureClaw for real-time protection
- Regularly scan installed skills with Cisco Scanner
-
Check author credibility
- View author's skill history
- Check user reviews
- Verify account registration date
-
Minimum permission principle
- Grant only necessary permissions
- Regularly review permission usage
-
Stay updated
- Keep security tools updated
- Follow security announcements
❌ What You SHOULD NOT Do:
- ❌ Install skills from non-official sources
- ❌ Execute unknown scripts (especially
curl | bash) - ❌ Download password-protected files
- ❌ Copy-paste code you don't understand
- ❌ Ignore security warnings
🆘 FAQ
Q1: How to confirm a skill is official?
A: Check certification marks on skill page:
- ✅ Blue checkmark = ClawHub official certification
- ✅ High downloads (>1000) + high ratings (>4.5)
- ✅ Author has multiple high-quality skills
Q2: What's the difference between SecureClaw and Cisco Scanner?
A:
| Feature | SecureClaw | Cisco Scanner |
|---|---|---|
| Type | Real-time protection + scanning | Scanning only |
| Price | Open-source free | Open-source free |
| Protection | Active + passive | Passive |
| Recommendation | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ |
Recommendation: Install both. SecureClaw for real-time protection, Cisco Scanner for deep scanning.
Q3: I installed a suspicious skill but haven't run it. Is there risk?
A:
- Installed but not run: Low risk, but still recommend uninstalling
- Already run: Immediately follow "Suspicious Skill Handling Process"
Q4: How to report malicious skills?
A:
- Click "Report" on skill page
- Email to security@clawhub.ai
- Warn other users in comments section (do NOT spread code)
⚠️ Disclaimer
The security advice provided by this skill is based on public research and best practices, but:
- No guarantee of 100% safety - Security is an ongoing process
- Recommend multi-layer protection - Use multiple security tools
- Stay vigilant - New attack methods emerge constantly
- Stay updated - Follow latest security announcements
Safety first, install with caution! 🛡️
📊 Version History
v1.2.0 (2026-03-05) - English Release
- ✅ Full English translation for global reach
- ✅ Optimized tags for better discoverability
- ✅ Maintained all security data accuracy
v1.1.0 (2026-03-05) - Tag Optimization
- ✅ Added security, audit, scanner, malware-check, best-practice tags
- ✅ Improved search visibility
v1.0.0 (2026-03-05) - Initial Release
- ✅ Initial version release
- ✅ Integrated latest security research data (1,184 malicious skills)
- ✅ Cisco Scanner and SecureClaw recommendations
- ✅ 30-second self-check checklist
- ✅ FAQ section
📞 Feedback & Support
Found a security issue?
- 📧 Report: security@clawhub.ai
- 💬 Leave comment on ClawHub
- 🐛 GitHub Issues (for tool issues)
Need help?
- Ask me anytime: "Is this skill safe?"
- I'll provide latest security advice
Skill Creator: Xiao Zhua 🦞 (Working with Crystaria)
Based on February 2026 ClawHub Security Research
Protecting Every User's Security
Reviews (0)
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!