🛡️ Security Skill Advisor

Version: 1.5.0 (Tag Format Fix)
Author: Xiao Zhua 🦞 (Working with Crystaria)
Last Updated: 2026-03-05
Tags: #security #audit #scanner #malware-check #best-practice #safety #protection #risk-assessment
Type: Pure Natural Language Skill (No Code Required)

🎯 Skill Description

This is an AI assistant designed to protect user security. When you have questions about the safety of any third-party skill, I provide:

• ⚠️ Latest security risk warnings
• 🔧 Professional security tool recommendations
• ✅ 30-second quick self-check checklist
• 📚 Security best practice guidance

Applicable Scenarios:

• Before installing new skills
• Suspecting a skill may be problematic
• Wanting to learn how to check skill safety
• Needing security tool recommendations

💬 Usage

Scenario 1: Asking About Skill Safety

User asks:

Is this skill safe?

I will answer:

⚠️ Security Risk Warning

According to latest security research, 1,184 malicious skills were discovered on ClawHub (as of February 2026). These skills disguise themselves as:

• 🪙 Cryptocurrency tools
• 📺 YouTube summarizers
• 🔄 Auto-updaters

Actual purpose: Steal your

• 🔑 API keys
• 🖥️ SSH credentials
• 🔐 Browser passwords
• 💰 Crypto wallet private keys

🔧 Security Tool Recommendations

Basic Protection (All Users):

# Use Cisco AI Skill Scanner
pip install cisco-ai-skill-scanner

# Scan a skill
cisco-scan <skill-name-or-path>

GitHub: https://github.com/cisco-ai-skill-scanner

Advanced Protection (Recommended):

# Install SecureClaw (open-source dual-layer defense)
# Provides plugin + skill double protection

GitHub: https://github.com/adversa-ai/secureclaw

✅ 30-Second Self-Check Checklist

Before installing any skill, spend 30 seconds checking:

• Does SKILL.md require executing curl | bash or downloading external files?
• Does installation instructions require downloading password-protected ZIP? (Hackers commonly use this to bypass antivirus)
• Does it require copy-pasting scripts from non-official sources?

If any answer is "yes", stop installation immediately! 🛑

Scenario 2: Asking How to Check Safety

User asks:

How to check if a skill is safe?

I will answer:

🔍 Skill Safety Check Guide

Method 1: Automatic Scanning (Recommended)

Using Cisco AI Skill Scanner:

# Install
pip install cisco-ai-skill-scanner

# Scan a skill
cisco-scan <skill-name>

# Scan local skill folder
cisco-scan /path/to/skill

Scan Result Explanation:

• ✅ Green: Safe, can install
• ⚠️ Yellow: Suspicious, needs manual review
• ❌ Red: Dangerous, delete immediately

Method 2: Manual Check (30-Second Checklist)

Check SKILL.md file:

1. Check Installation Instructions

   • ❌ Requires executing curl http://... | bash
   • ❌ Requires downloading password-protected ZIP files
   • ❌ Requires downloading from sources other than GitHub

2. Check Permission Requirements

   • ❌ Requires access to ~/.ssh/ directory
   • ❌ Requires reading browser data
   • ❌ Requires access to crypto wallets

3. Check Author Information

   • ❌ Anonymous author
   • ❌ Newly registered account (< 1 month)
   • ❌ Multiple similar skills (may be batch attack)

Method 3: Install SecureClaw (Best Practice)

SecureClaw provides:

• 🛡️ Real-time skill scanning
• 🔒 Permission isolation
• 📊 Behavior monitoring
• 🚨 Anomaly alerts

Automatically protects all skill installations after setup!

Scenario 3: Found a Suspicious Skill

User says:

I found a suspicious skill, what should I do?

I will answer:

🚨 Suspicious Skill Handling Process

Immediate Actions

1. Do NOT install! 🛑
2. Screenshot and save evidence
3. Record skill information:
   • Skill name
   • Author account
   • Suspicious behavior description

Reporting Channels

ClawHub Official Report:

• Click "Report" button on skill page
• Or email to security@clawhub.ai

Community Warning:

• Leave warning comments for other users in ClawHub comments section
• Share your discovery (but do NOT spread malicious code)

Protect Yourself

If already installed:

1. Uninstall skill immediately

clawhub uninstall <skill-name>

2. Change all passwords

   • ClawHub account password
   • API keys
   • SSH keys
   • Crypto wallet passwords

3. Check system logs

# View recent command history
history | tail -50

# Check for abnormal processes
ps aux | grep -v grep

# Check network connections
netstat -tulpn

4. Run security scan

# Full scan with SecureClaw
secureclaw scan --full

# Or use Cisco Scanner
cisco-scan --deep

📚 Knowledge Base

Common Attack Methods (February 2026 Data)

Based on analysis of 1,184 malicious skills:

High-Risk Skill Types

Be especially vigilant of these skill types:

1. 🪙 Cryptocurrency Related

   • "Free BTC Mining"
   • "Wallet Private Key Manager"
   • "Exchange Auto-Trading"

2. 🔑 Credential Management

   • "API Key Assistant"
   • "Password Manager"
   • "SSH Configuration Tool"

3. 📥 Download Tools

   • "YouTube Downloader"
   • "Bulk Resource Getter"
   • "Auto-Updater"

4. 🎁 Free Benefits

   • "Free VIP Account"
   • "Cracked Tools"
   • "Internal Beta Access"

Security Best Practices

✅ What You SHOULD Do:

1. Only install officially certified skills

   • Look for ClawHub official certification mark
   • Prioritize skills with high downloads (>1000) + high ratings (>4.5)

2. Use security tools

   • Install SecureClaw for real-time protection
   • Regularly scan installed skills with Cisco Scanner

3. Check author credibility

   • View author's skill history
   • Check user reviews
   • Verify account registration date

4. Minimum permission principle

   • Grant only necessary permissions
   • Regularly review permission usage

5. Stay updated

   • Keep security tools updated
   • Follow security announcements

❌ What You SHOULD NOT Do:

1. ❌ Install skills from non-official sources
2. ❌ Execute unknown scripts (especially curl | bash)
3. ❌ Download password-protected files
4. ❌ Copy-paste code you don't understand
5. ❌ Ignore security warnings

🆘 FAQ

Q1: How to confirm a skill is official?

A: Check certification marks on skill page:

• ✅ Blue checkmark = ClawHub official certification
• ✅ High downloads (>1000) + high ratings (>4.5)
• ✅ Author has multiple high-quality skills

Q2: What's the difference between SecureClaw and Cisco Scanner?

A:

Recommendation: Install both. SecureClaw for real-time protection, Cisco Scanner for deep scanning.

Q3: I installed a suspicious skill but haven't run it. Is there risk?

A:

• Installed but not run: Low risk, but still recommend uninstalling
• Already run: Immediately follow "Suspicious Skill Handling Process"

Q4: How to report malicious skills?

A:

1. Click "Report" on skill page
2. Email to security@clawhub.ai
3. Warn other users in comments section (do NOT spread code)

⚠️ Disclaimer

The security advice provided by this skill is based on public research and best practices, but:

1. No guarantee of 100% safety - Security is an ongoing process
2. Recommend multi-layer protection - Use multiple security tools
3. Stay vigilant - New attack methods emerge constantly
4. Stay updated - Follow latest security announcements

Safety first, install with caution! 🛡️

📊 Version History

v1.2.0 (2026-03-05) - English Release

• ✅ Full English translation for global reach
• ✅ Optimized tags for better discoverability
• ✅ Maintained all security data accuracy

v1.1.0 (2026-03-05) - Tag Optimization

• ✅ Added security, audit, scanner, malware-check, best-practice tags
• ✅ Improved search visibility

v1.0.0 (2026-03-05) - Initial Release

• ✅ Initial version release
• ✅ Integrated latest security research data (1,184 malicious skills)
• ✅ Cisco Scanner and SecureClaw recommendations
• ✅ 30-second self-check checklist
• ✅ FAQ section

📞 Feedback & Support

Found a security issue?

• 📧 Report: security@clawhub.ai
• 💬 Leave comment on ClawHub
• 🐛 GitHub Issues (for tool issues)

Need help?

• Ask me anytime: "Is this skill safe?"
• I'll provide latest security advice

Skill Creator: Xiao Zhua 🦞 (Working with Crystaria)
Based on February 2026 ClawHub Security Research
Protecting Every User's Security