security-skill-scanner

# Security Skill Scanner

Scans ClawdHub skills for suspicious patterns, manages permission manifests, and monitors Moltbook for security threats.

## Features

- **Pattern Detection**: Scans SKILL.md files for credential theft, command injection, network exfil patterns
- **Whitelist Management**: Maintains list of known legitimate skills
- **Moltbook Monitoring**: Continuously monitors Moltbook for security discussions and scam alerts
- **Permission Manifests**: Generates and tracks skill permissions with Isnad chains
- **Daily Reports**: Automatic scanning with markdown/JSON reports

## Usage

### Scan All Skills
```bash
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py
```

### Scan Specific Skill
```bash
python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-pro
```

### Add to Whitelist
```bash
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist"
```

### Check Whitelist
```bash
python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py list
```

### Monitor Moltbook (One-shot)
```bash
bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh
```

## Files

| File | Purpose |
|------|---------|
| `skill-scanner.py` | Main scanner with regex pattern detection |
| `whitelist-manager.py` | Manage false-positive whitelist |
| `moltbook-monitor.sh` | Moltbook security feed monitor |
| `permission-manager.py` | Generate skill permission manifests |
| `data/whitelist.json` | Whitelisted skills database |

## Patterns Detected

| Category | Patterns |
|----------|----------|
| Credential Theft | .env access, webhook.site, POST secrets |
| Command Injection | os.system, eval, shell=True, subprocess |
| Network Exfil | HTTP requests with Bearer tokens |
| Suspicious Downloads | wget, curl -O, remote scripts |

## Whitelisted Skills

These skills are known legitimate and excluded from warnings:
- nano-banana-pro (Google Gemini)
- notion (Notion API...