OpenSkillIndex← back to search
claude-codeopenclawsecurity

Skills yeeth-claw

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/bkojusner/yeeth-claw" ~/.claude/skills/openclaw-skills-yeeth-claw && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/bkojusner/yeeth-claw" ~/.openclaw/skills/openclaw-skills-yeeth-claw && rm -rf "$T"
manifest: skills/bkojusner/yeeth-claw/SKILL.md
tags
#supply-chain#security#package-management#risk-assessment#code-analysis#vulnerability-scanning
source content

yeeth-claw

Claude Code hooks for supply chain security. Intercepts package installation commands and flags suspicious packages before Claude executes them.

Hooks

OpenClaw

PreToolUse hook that watches 

npm install
, 
pip install
, 
yarn add
, 
pnpm add
, and 
cargo add
commands. For each package it checks:

  1. Package age — packages published < 30 days ago are flagged; < 7 days triggers a block
  2. Typosquat detection — Levenshtein distance against ~100 high-value targets per ecosystem (npm, PyPI, crates.io)
  3. Install scripts — postinstall hooks on flagged packages are noted as an additional risk signal

Risk tiers:

TierConditionExit code
WARNAge < 30d or typosquat score ≥ 0.651 (non-blocking)
BLOCKAge < 7d and typosquat hit, or score ≥ 0.852 (blocks install)
ARGUSAny BLOCK + Argus API configured2 + submits for full analysis

Installation

git clone https://github.com/yeeth-security/yeeth-claw.git
cd yeeth-claw/hooks/openclaw
bash install.sh

The install script copies the hook to 

~/.claude/hooks/openclaw/
and merges the Claude Code settings if 
jq
is available.

Restart Claude Code after installation for the hook to take effect.

Argus Integration

To enable full package analysis via the Argus API:

export OPENCLAW_ARGUS_URL=https://app.yeethsecurity.com
export OPENCLAW_ARGUS_KEY=<your-api-key>

When both are set, any BLOCK-tier package is submitted to Argus for full static analysis and the job URL is included in the block message.

Requirements

  • Python 3.8+
  • No third-party dependencies (stdlib only)

Claude Code settings snippet

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "python3 ~/.claude/hooks/openclaw/hook.py"
          }
        ]
      }
    ]
  }
}