This is a pre-installation reputation gate that sits on top of clawsec-suite and queries ClawHub for metadata before letting you install a skill. It pulls inspect data, checks scanner results including VirusTotal summaries when available, scores based on age, update frequency, author history, and download counts, then blocks anything below threshold (default 70) unless you pass confirm-reputation. Exit code 43 means sketchy reputation, 42 means advisory hit. The verification workflow is thorough, maybe overkill for most users, but if you're running Claude skills in production and want an extra heuristic layer before code touches disk, this gives you a structured checkpoint. Manual hook wiring required if you want reputation warnings surfaced in advisory alerts.
npx skills add https://github.com/prompt-security/clawsec --skill clawsec-clawhub-checker