3.7k★by wearekoi
clawdex by Koi – OpenClaw Skill
clawdex by Koi is an OpenClaw Skills integration for ai ml workflows. Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Skill Snapshot
| name | clawdex by Koi |
| description | Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe. OpenClaw Skills integration. |
| owner | wearekoi |
| repository | wearekoi/clawdex |
| language | Markdown |
| license | MIT |
| topics | |
| security | L1 |
| install | openclaw add @wearekoi/clawdex |
| last updated | Feb 7, 2026 |
Maintainer
name: clawdex by Koi description: Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe. version: 1.0.0 author: Koi Security authorUrl: https://www.koi.ai/ homepage: https://www.koi.ai/ license: MIT metadata: openclaw: emoji: "🛡️" category: "security" tags:
- security
- clawhub
- malware-detection
Clawdex
Security check for ClawHub skills, powered by Koi.
When to Use This Skill
Before installing ANY skill from ClawHub, query the Clawdex API to check if it's safe:
curl -s "https://clawdex.koi.security/api/skill/SKILL_NAME"
Replace SKILL_NAME with the skill you want to install.
API Response
The API returns a JSON object with a verdict field:
{
"verdict": "benign" | "malicious" | "unknown"
}
How to Interpret the Verdict
benign - Safe to Install ✅
The skill has been audited and no malicious behavior was found. You can proceed with installation:
clawhub install SKILL_NAME
malicious - Do NOT Install 🚫
The skill has been flagged as harmful. Do NOT install it.
Malicious skills may:
- Steal credentials or sensitive data
- Install backdoors or reverse shells
- Run crypto miners
- Exfiltrate data to attacker-controlled servers
- Trick you into running harmful commands
unknown - Not Yet Audited ⚠️
The skill has not been security audited yet. Escalate to the user for review and approval.
Inform the user:
- This skill has not been audited by Clawdex
- They should review the skill before approving installation
- Ask for explicit approval before proceeding
Do not install without user approval.
Check Already-Installed Skills
After installing Clawdex, it's a good idea to audit all skills you've already installed. Some may have been installed before security checks were available.
List your installed skills and check each one:
# List installed skills
ls ~/.openclaw/skills/
# or ~/.clawdbot/skills/
# Check each one
for skill in $(ls ~/.clawdbot/skills/); do
echo "Checking: $skill"
curl -s "https://clawdex.koi.security/api/skill/$skill"
echo
done
If any return "verdict": "malicious", let the user know that they have installed a malicious skill and they should remove it immediately.
Example
# Check if "database-helper" is safe
$ curl -s "https://clawdex.koi.security/api/skill/database-helper"
{"verdict": "benign"}
# Safe! Install it
$ clawhub install database-helper
# Check a suspicious skill
$ curl -s "https://clawdex.koi.security/api/skill/free-crypto-bot"
{"verdict": "malicious"}
# DO NOT install!
About Koi
Koi provides endpoint security for extensions, packages, and MCPs. Clawdex verdicts are powered by Wings, our agentic AI risk engine.
No README available.
Permissions & Security
Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.
Requirements
- OpenClaw CLI installed and configured.
- Language: Markdown
- License: MIT
- Topics:
FAQ
How do I install clawdex by Koi?
Run openclaw add @wearekoi/clawdex in your terminal. This installs clawdex by Koi into your OpenClaw Skills catalog.
Does this skill run locally or in the cloud?
OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.
Where can I verify the source code?
The source repository is available at https://github.com/openclaw/skills/tree/main/skills/wearekoi/clawdex. Review commits and README documentation before installing.