mohuclaw 1.0.1

package/scripts/check/supply_chain.sh

@@ -0,0 +1,553 @@
+# shellcheck shell=bash
+
+# ------------------------------------------------------------
+# Shared helpers
+# ------------------------------------------------------------
+
+sha256_file() {
+    # Cross-platform SHA-256 for a file
+    local target="$1"
+    [ -f "$target" ] || return 1
+
+    if command -v sha256sum >/dev/null 2>&1; then
+        sha256sum "$target" 2>/dev/null | awk '{print tolower($1)}'
+    elif command -v shasum >/dev/null 2>&1; then
+        shasum -a 256 "$target" 2>/dev/null | awk '{print tolower($1)}'
+    elif command -v openssl >/dev/null 2>&1; then
+        openssl dgst -sha256 "$target" 2>/dev/null | sed -E 's/^.*= //' | tr '[:upper:]' '[:lower:]'
+    else
+        return 1
+    fi
+}
+
+load_hash_iocs() {
+    # Expected format: <sha256>|<campaign>
+    # Similar to c2-ips.txt storage style
+    if [ -f "$IOC_DIR/malicious-hashes.txt" ]; then
+        grep -v '^#' "$IOC_DIR/malicious-hashes.txt" | grep -v '^$' || true
+    fi
+}
+
+lookup_malicious_hash_campaign() {
+    # Usage: lookup_malicious_hash_campaign <sha256>
+    local needle
+    needle="$(printf "%s" "${1:-}" | tr '[:upper:]' '[:lower:]')"
+    [ -n "$needle" ] || return 1
+
+    load_hash_iocs | while IFS='|' read -r hash_val campaign rest; do
+        hash_val="$(printf "%s" "$hash_val" | tr '[:upper:]' '[:lower:]')"
+        if [ "$hash_val" = "$needle" ]; then
+            printf "%s\n" "${campaign:-unknown}"
+            return 0
+        fi
+    done
+}
+
+extract_github_account_age_days() {
+    # Best-effort local metadata extraction only.
+    # We cannot reliably infer GitHub account age from filesystem alone unless
+    # the skill metadata explicitly records it.
+    local skill_dir="$1"
+    local val=""
+
+    for meta in "$skill_dir/package.json" "$skill_dir/config.json" "$skill_dir/SKILL.md"; do
+        [ -f "$meta" ] || continue
+
+        # JSON-ish keys
+        val="$(grep -iEo '"(githubAccountAge|github_account_age|accountAgeDays|githubAccountAgeDays)"[[:space:]]*:[[:space:]]*[0-9]+' "$meta" 2>/dev/null | head -1 | grep -oE '[0-9]+' || true)"
+        if [ -n "$val" ]; then
+            printf "%s\n" "$val"
+            return 0
+        fi
+
+        # YAML / markdown frontmatter-ish keys
+        val="$(grep -iE '^(githubAccountAge|github_account_age|accountAgeDays|githubAccountAgeDays)[[:space:]]*:[[:space:]]*[0-9]+' "$meta" 2>/dev/null | head -1 | grep -oE '[0-9]+' || true)"
+        if [ -n "$val" ]; then
+            printf "%s\n" "$val"
+            return 0
+        fi
+    done
+
+    return 1
+}
+
+# ============================================================
+# CHECK 1 (origin 1): Known C2 Infrastructure
+# ============================================================
+header 1 "Scanning for known C2 infrastructure..."
+
+log "DEBUG: SKILLS_DIR=$SKILLS_DIR"
+
+if [ -d "$SKILLS_DIR" ]; then
+    C2_PATTERN="$(load_ips | tr '\n' '|' | sed 's/|$//' | sed 's/\./\\./g')"
+    if [ -n "$C2_PATTERN" ]; then
+        C2_HITS="$(grep -rlE --exclude-dir="$SELF_DIR_NAME" "$C2_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+        if [ -n "$C2_HITS" ]; then
+            result_critical "Known C2 IP found in:"
+            log "$C2_HITS"
+        else
+            result_clean "No C2 IPs detected"
+        fi
+    else
+        result_clean "No C2 IPs detected"
+    fi
+else
+    result_clean "Skills directory not found; skipped C2 scan"
+fi
+
+# ============================================================
+# CHECK 2 (origin 2): AMOS Stealer / AuthTool Markers
+# ============================================================
+header 2 "Scanning for AMOS stealer / AuthTool markers..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    AMOS_PATTERN='authtool|atomic\.stealer|AMOS|NovaStealer|nova\.stealer|osascript.*password|osascript.*dialog|osascript.*keychain|Security\.framework.*Auth|openclaw-agent\.exe|openclaw-agent\.zip|openclawcli\.zip|AuthTool|Installer-Package'
+    AMOS_HITS="$(grep -rliE --exclude-dir="$SELF_DIR_NAME" "$AMOS_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+    if [ -n "$AMOS_HITS" ]; then
+        result_critical "AMOS/stealer markers found in:"
+        log "$AMOS_HITS"
+    else
+        result_clean "No stealer markers"
+    fi
+else
+    result_clean "Skills directory not found; skipped stealer marker scan"
+fi
+
+# ============================================================
+# CHECK 3 (origin 3): Reverse Shells & Backdoors
+# ============================================================
+header 3 "Scanning for reverse shells & backdoors..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    SHELL_PATTERN='nc -e|/dev/tcp/|mkfifo.*nc|bash -i >|socat.*exec|python.*socket.*connect|nohup.*bash.*tcp|perl.*socket.*INET|ruby.*TCPSocket|php.*fsockopen|lua.*socket\.tcp|xattr -[cr]|com\.apple\.quarantine'
+    SHELL_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "$SHELL_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+    if [ -n "$SHELL_HITS" ]; then
+        result_critical "Reverse shell patterns found in:"
+        log "$SHELL_HITS"
+    else
+        result_clean "No reverse shells"
+    fi
+else
+    result_clean "Skills directory not found; skipped reverse shell scan"
+fi
+
+# ============================================================
+# CHECK 4 (origin 4): Credential Exfiltration Endpoints
+# ============================================================
+header 4 "Scanning for credential exfiltration endpoints..."
+
+DOMAIN_PATTERN="$(load_domains | tr '\n' '|' | sed 's/|$//' | sed 's/\./\\./g')"
+if [ -d "$SKILLS_DIR" ] && [ -n "$DOMAIN_PATTERN" ]; then
+    EXFIL_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "$DOMAIN_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+    if [ -n "$EXFIL_HITS" ]; then
+        result_critical "Exfiltration endpoints found in:"
+        log "$EXFIL_HITS"
+    else
+        result_clean "No exfiltration endpoints"
+    fi
+else
+    result_clean "Skills directory not found or domain IOC empty; skipped exfiltration scan"
+fi
+
+# ============================================================
+# CHECK 5 (origin 15): Known Malicious Publisher Detection
+# ============================================================
+header 5 "Checking installed skills against known malicious publishers..."
+
+if [ -f "$IOC_DIR/malicious-publishers.txt" ] && [ -d "$SKILLS_DIR" ]; then
+    PUBLISHERS="$(grep -v '^#' "$IOC_DIR/malicious-publishers.txt" | grep -v '^$' | cut -d'|' -f1)"
+    PUB_FOUND=0
+    while IFS= read -r pub; do
+        [ -z "$pub" ] && continue
+        FOUND="$(grep -rlF --exclude-dir="$SELF_DIR_NAME" "$pub" "$SKILLS_DIR" 2>/dev/null || true)"
+        if [ -n "$FOUND" ]; then
+            if [ "$PUB_FOUND" -eq 0 ]; then
+                result_critical "Known malicious publisher references found"
+                PUB_FOUND=1
+            fi
+            log "Publisher '$pub' referenced in:"
+            log "$FOUND"
+        fi
+    done <<EOF
+$PUBLISHERS
+EOF
+    if [ "$PUB_FOUND" -eq 0 ]; then
+        result_clean "No known malicious publishers"
+    fi
+else
+    result_clean "Publisher database not available or skills directory missing (skipped)"
+fi
+
+# ============================================================
+# CHECK 6 (origin 23): Plugin/Extension Security
+# ============================================================
+header 6 "Auditing installed plugins and extensions..."
+
+EXT_DIR="$OPENCLAW_DIR/extensions"
+EXT_ISSUES=0
+
+if [ -d "$EXT_DIR" ]; then
+    EXT_COUNT="$(find "$EXT_DIR" -mindepth 1 -maxdepth 1 -type d 2>/dev/null | wc -l | tr -d ' ')"
+    log "Installed extensions: $EXT_COUNT"
+
+    if [ "$EXT_COUNT" -gt 0 ]; then
+        while IFS= read -r ext; do
+            [ -z "$ext" ] && continue
+            EXT_NAME="$(basename "$ext")"
+
+            EXT_SUS="$(grep -rlE 'eval\(|exec\(|child_process|\.exec\(|net\.connect|http\.request|fetch\(' "$ext" 2>/dev/null | head -3 || true)"
+            if [ -n "$EXT_SUS" ]; then
+                result_warn "Extension '$EXT_NAME' has code-execution/network patterns"
+                log "$EXT_SUS"
+                EXT_ISSUES=$((EXT_ISSUES + 1))
+            fi
+
+            if [ -n "$DOMAIN_PATTERN" ]; then
+                EXT_MAL="$(grep -rlE "$DOMAIN_PATTERN" "$ext" 2>/dev/null || true)"
+                if [ -n "$EXT_MAL" ]; then
+                    result_critical "Extension '$EXT_NAME' references known malicious domains"
+                    log "$EXT_MAL"
+                    EXT_ISSUES=$((EXT_ISSUES + 1))
+                fi
+            fi
+        done < <(find "$EXT_DIR" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+    fi
+fi
+
+if [ "$EXT_ISSUES" -eq 0 ]; then
+    result_clean "No suspicious plugins/extensions"
+fi
+
+# ============================================================
+# CHECK 7 (origin 30): VS Code Extension Trojan Detection
+# ============================================================
+header 7 "Checking for fake ClawdBot/OpenClaw VS Code extensions..."
+
+VSCODE_ISSUES=0
+VSCODE_EXT_DIR="$HOME/.vscode/extensions"
+if [ -d "$VSCODE_EXT_DIR" ]; then
+    FAKE_EXT="$(find "$VSCODE_EXT_DIR" -maxdepth 1 -type d \( -iname "*clawdbot*" -o -iname "*moltbot*" -o -iname "*openclaw*" \) 2>/dev/null || true)"
+    if [ -n "$FAKE_EXT" ]; then
+        result_critical "Suspicious VS Code extension found (OpenClaw has no official VS Code extension)"
+        log "$FAKE_EXT"
+        VSCODE_ISSUES=$((VSCODE_ISSUES + 1))
+    fi
+fi
+
+VSCODE_INS_DIR="$HOME/.vscode-insiders/extensions"
+if [ -d "$VSCODE_INS_DIR" ]; then
+    FAKE_INS="$(find "$VSCODE_INS_DIR" -maxdepth 1 -type d \( -iname "*clawdbot*" -o -iname "*moltbot*" -o -iname "*openclaw*" \) 2>/dev/null || true)"
+    if [ -n "$FAKE_INS" ]; then
+        result_critical "Suspicious VS Code Insiders extension found"
+        log "$FAKE_INS"
+        VSCODE_ISSUES=$((VSCODE_ISSUES + 1))
+    fi
+fi
+
+if [ "$VSCODE_ISSUES" -eq 0 ]; then
+    result_clean "No fake VS Code extensions"
+fi
+
+# ============================================================
+# CHECK 8 (origin 16): Sensitive Environment Leakage
+# ============================================================
+header 8 "Scanning for sensitive environment/credential leakage..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    ENV_PATTERN='\.env|\.bashrc|\.zshrc|\.ssh/|id_rsa|id_ed25519|\.aws/credentials|\.kube/config|\.docker/config|keychain|login\.keychain|Cookies\.binarycookies|\.clawdbot/\.env|\.openclaw/openclaw\.json|auth-profiles\.json|\.git-credentials|\.netrc|moltbook.*token|moltbook.*api|MOLTBOOK_TOKEN|OPENAI_API_KEY|ANTHROPIC_API_KEY|sk-[a-zA-Z0-9]'
+    ENV_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "cat.*(${ENV_PATTERN})|read.*(${ENV_PATTERN})|open.*(${ENV_PATTERN})|fs\.read.*(${ENV_PATTERN})|source.*(${ENV_PATTERN})" "$SKILLS_DIR" 2>/dev/null || true)"
+    API_KEY_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "sk-[a-zA-Z0-9]{20,}|OPENAI_API_KEY\s*=\s*['\"][^$]|ANTHROPIC_API_KEY\s*=\s*['\"][^$]|moltbook.*token\s*=\s*['\"]" "$SKILLS_DIR" 2>/dev/null || true)"
+
+    if [ -n "$API_KEY_HITS" ]; then
+        result_critical "Hardcoded API keys or Moltbook tokens found in:"
+        log "$API_KEY_HITS"
+    fi
+
+    if [ -n "$ENV_HITS" ]; then
+        result_warn "Skills accessing sensitive env/credential files:"
+        log "$ENV_HITS"
+    fi
+
+    if [ -z "$API_KEY_HITS" ] && [ -z "$ENV_HITS" ]; then
+        result_clean "No sensitive environment leakage"
+    fi
+else
+    result_clean "Skills directory not found; skipped sensitive env leakage scan"
+fi
+
+# ============================================================
+# CHECK 9 (origin 10): Skill Poisoning / Memory File Modification
+# ============================================================
+header 9 "Checking skills for attempts to modify memory files..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    MEM_WRITE_HITS="$(
+        grep -rliE --exclude-dir="$SELF_DIR_NAME" 'SOUL\.md|MEMORY\.md|IDENTITY\.md' "$SKILLS_DIR" 2>/dev/null | while IFS= read -r f; do
+            if grep -qiE 'write.*SOUL|write.*MEMORY|write.*IDENTITY|modify.*SOUL|modify.*MEMORY|modify.*IDENTITY|echo.*>>.*SOUL|echo.*>>.*MEMORY|echo.*>>.*IDENTITY|cat.*>.*SOUL|cat.*>.*MEMORY|cat.*>.*IDENTITY|append.*SOUL|append.*MEMORY|append.*IDENTITY' "$f" 2>/dev/null; then
+                echo "$f"
+            fi
+        done
+    )"
+
+    if [ -n "$MEM_WRITE_HITS" ]; then
+        result_critical "Skills attempting to modify memory files:"
+        log "$MEM_WRITE_HITS"
+    else
+        result_clean "No skills attempting to modify memory files"
+    fi
+else
+    result_clean "Skills directory not found; skipped memory file poisoning scan"
+fi
+
+# ============================================================
+# CHECK 10 (origin 32): MCP Server Security
+# ============================================================
+header 10 "Auditing MCP server configuration..."
+
+MCP_ISSUES=0
+if command -v openclaw >/dev/null 2>&1; then
+    MCP_ALL="$(run_with_timeout 10 openclaw config get "mcp.enableAllProjectMcpServers" 2>/dev/null || echo "")"
+    if [ "$MCP_ALL" = "true" ]; then
+        result_warn "All project MCP servers enabled (prefer explicit allowlist)"
+        MCP_ISSUES=$((MCP_ISSUES + 1))
+    fi
+fi
+
+MCP_CONFIG="$OPENCLAW_DIR/mcp.json"
+if [ -f "$MCP_CONFIG" ]; then
+    MCP_INJECT="$(grep -iE 'ignore previous|system prompt|override instruction|execute command|run this' "$MCP_CONFIG" 2>/dev/null || true)"
+    if [ -n "$MCP_INJECT" ]; then
+        result_critical "Prompt-injection patterns in MCP server config:"
+        log "$MCP_INJECT"
+        MCP_ISSUES=$((MCP_ISSUES + 1))
+    fi
+fi
+
+if [ "$MCP_ISSUES" -eq 0 ]; then
+    result_clean "MCP server configuration acceptable"
+fi
+
+# ============================================================
+# CHECK 11 (origin 5): Crypto Wallet Targeting
+# ============================================================
+header 11 "Scanning for crypto wallet targeting..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    CRYPTO_PATTERN='wallet.*private.*key|seed\.phrase|mnemonic|keystore.*decrypt|phantom.*wallet|metamask.*vault|exchange.*api.*key|solana.*keypair|ethereum.*keyfile'
+    CRYPTO_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "$CRYPTO_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+    if [ -n "$CRYPTO_HITS" ]; then
+        result_warn "Crypto wallet patterns found in:"
+        log "$CRYPTO_HITS"
+    else
+        result_clean "No crypto targeting"
+    fi
+else
+    result_clean "Skills directory not found; skipped crypto wallet targeting scan"
+fi
+
+# ============================================================
+# CHECK 12 (origin 6): Curl-Pipe / Download Attacks
+# ============================================================
+header 12 "Scanning for curl-pipe and download attacks..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    CURL_PATTERN='curl.*\|.*sh|curl.*\|.*bash|wget.*\|.*sh|curl -fsSL.*\||wget -q.*\||curl.*-o.*/tmp/'
+    CURL_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "$CURL_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+    if [ -n "$CURL_HITS" ]; then
+        result_warn "Curl-pipe patterns found in:"
+        log "$CURL_HITS"
+    else
+        result_clean "No curl-pipe attacks"
+    fi
+else
+    result_clean "Skills directory not found; skipped curl-pipe scan"
+fi
+
+# ============================================================
+# CHECK 13 (origin 8): Skill Integrity Hashes
+# ============================================================
+header 13 "Computing skill integrity hashes..."
+
+HASH_FILE="$LOG_DIR/skill-hashes.sha256"
+HASH_FILE_PREV="$LOG_DIR/skill-hashes.sha256.prev"
+
+if [ -f "$HASH_FILE" ]; then
+    cp "$HASH_FILE" "$HASH_FILE_PREV"
+fi
+
+if [ -d "$SKILLS_DIR" ]; then
+    find "$SKILLS_DIR" -name "SKILL.md" -type f -exec shasum -a 256 {} \; > "$HASH_FILE" 2>/dev/null || true
+
+    if [ -f "$HASH_FILE_PREV" ]; then
+        DIFF="$(diff "$HASH_FILE_PREV" "$HASH_FILE" 2>/dev/null || true)"
+        if [ -n "$DIFF" ]; then
+            result_warn "Skill files changed since last scan:"
+            log "$DIFF"
+        else
+            result_clean "No skill file modifications"
+        fi
+    else
+        log "INFO: Baseline hashes created (first scan)"
+        result_clean "Baseline hashes created"
+    fi
+else
+    result_clean "Skills directory not found; skipped integrity hash scan"
+fi
+
+# ============================================================
+# CHECK 14 (origin 9): SKILL.md Shell Injection Patterns
+# ============================================================
+header 14 "Scanning SKILL.md files for shell injection patterns..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    INJECTION_PATTERN='Prerequisites.*install|Prerequisites.*download|Prerequisites.*curl|Prerequisites.*wget|run this command.*terminal|paste.*terminal|copy.*terminal|base64 -d|base64 --decode|eval \$\(|exec \$\(|`curl|`wget|bypass.*safety.*guideline|execute.*without.*asking|ignore.*safety|override.*instruction|without.*user.*awareness'
+    INJECT_HITS=""
+
+    while IFS= read -r skillmd; do
+        [ -z "$skillmd" ] && continue
+        if grep -qiE "$INJECTION_PATTERN" "$skillmd" 2>/dev/null; then
+            if [ -z "$INJECT_HITS" ]; then
+                INJECT_HITS="$skillmd"
+            else
+                INJECT_HITS="${INJECT_HITS}
+$skillmd"
+            fi
+        fi
+    done < <(find "$SKILLS_DIR" -name "SKILL.md" -type f -not -path "*/$SELF_DIR_NAME/*" 2>/dev/null)
+
+    if [ -n "$INJECT_HITS" ]; then
+        result_warn "SKILL.md files with suspicious install/injection instructions:"
+        log "$INJECT_HITS"
+    else
+        result_clean "No SKILL.md shell injection patterns"
+    fi
+else
+    result_clean "Skills directory not found; skipped SKILL.md injection scan"
+fi
+
+# ============================================================
+# CHECK 15 (origin 11): Base64 Obfuscation Detection
+# ============================================================
+header 15 "Scanning for base64-obfuscated payloads..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    B64_PATTERN='base64 -[dD]|base64 --decode|atob\(|Buffer\.from\(.*base64|echo.*\|.*base64.*\|.*bash|echo.*\|.*base64.*\|.*sh|python.*b64decode|import base64'
+    B64_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "$B64_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+    if [ -n "$B64_HITS" ]; then
+        result_warn "Base64 decode patterns found in:"
+        log "$B64_HITS"
+    else
+        result_clean "No base64 obfuscation detected"
+    fi
+else
+    result_clean "Skills directory not found; skipped base64 obfuscation scan"
+fi
+
+# ============================================================
+# CHECK 16 (origin 12): External Binary Downloads
+# ============================================================
+header 16 "Scanning for external binary downloads..."
+
+if [ -d "$SKILLS_DIR" ]; then
+    BIN_PATTERN='\.exe|\.dmg|\.pkg|\.msi|\.app\.zip|releases/download|github\.com/.*/releases|\.zip.*password|password.*\.zip|openclawcli\.zip|openclaw-agent|AuthTool.*download|download.*AuthTool'
+    BIN_HITS="$(grep -rlinE --exclude-dir="$SELF_DIR_NAME" "$BIN_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)"
+    if [ -n "$BIN_HITS" ]; then
+        result_warn "External binary download references found in:"
+        log "$BIN_HITS"
+    else
+        result_clean "No external binary downloads"
+    fi
+else
+    result_clean "Skills directory not found; skipped external binary download scan"
+fi
+
+# ============================================================
+# CHECK 17 (origin 38): Skill Env Override Host Injection
+# ============================================================
+header 17 "Checking skill env override host injection (GHSA-82g8)..."
+
+ENV_OVERRIDE_ISSUES=0
+
+if [ -d "$SKILLS_DIR" ]; then
+    while IFS= read -r SKILL_DIR; do
+        [ -z "$SKILL_DIR" ] && continue
+        SKILL_NAME="$(basename "$SKILL_DIR")"
+
+        if [ "$SKILL_NAME" = "$SELF_DIR_NAME" ]; then
+            continue
+        fi
+
+        SKILL_MD="$SKILL_DIR/SKILL.md"
+        if [ -f "$SKILL_MD" ]; then
+            if grep -qiE '^\s*"?(HOST|PORT|OPENCLAW_|API_URL|BASE_URL|GATEWAY_URL|SERVER_URL)"?\s*:' "$SKILL_MD" 2>/dev/null; then
+                result_warn "Skill '$SKILL_NAME' declares HOST/PORT/URL env override (GHSA-82g8)"
+                ENV_OVERRIDE_ISSUES=$((ENV_OVERRIDE_ISSUES + 1))
+            fi
+        fi
+
+        for CFG in "$SKILL_DIR/package.json" "$SKILL_DIR/config.json" "$SKILL_DIR/.env"; do
+            if [ -f "$CFG" ]; then
+                if grep -qiE '(OPENCLAW_HOME|OPENCLAW_DIR|GATEWAY_URL|API_BASE|HOST=|PORT=)' "$CFG" 2>/dev/null; then
+                    result_warn "Skill '$SKILL_NAME' overrides OpenClaw-related env in $(basename "$CFG") (GHSA-82g8)"
+                    ENV_OVERRIDE_ISSUES=$((ENV_OVERRIDE_ISSUES + 1))
+                fi
+            fi
+        done
+    done < <(find "$SKILLS_DIR" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+fi
+
+if [ "$ENV_OVERRIDE_ISSUES" -eq 0 ]; then
+    result_clean "No suspicious skill env overrides found"
+fi
+
+# ============================================================
+# CHECK 18 (new / SC-SKILL-003): Known malicious file hash IOC scan
+# ============================================================
+header 18 "Scanning skills for known malicious file hashes..."
+
+HASH_IOC_ISSUES=0
+HASH_IOCS_PRESENT=0
+
+if [ -d "$SKILLS_DIR" ]; then
+    if [ -f "$IOC_DIR/malicious-hashes.txt" ]; then
+        HASH_IOCS_PRESENT=1
+    fi
+
+    if [ "$HASH_IOCS_PRESENT" -eq 1 ]; then
+        while IFS= read -r skill_dir; do
+            [ -z "$skill_dir" ] && continue
+            skill_name="$(basename "$skill_dir")"
+
+            if [ "$skill_name" = "$SELF_DIR_NAME" ]; then
+                continue
+            fi
+
+            while IFS= read -r f; do
+                [ -z "$f" ] && continue
+
+                file_hash="$(sha256_file "$f" || true)"
+                [ -n "$file_hash" ] || continue
+
+                campaign="$(lookup_malicious_hash_campaign "$file_hash" || true)"
+                if [ -n "$campaign" ]; then
+                    result_critical "Known malicious file in skill '$skill_name' matches IOC campaign '$campaign'"
+                    log "  Evidence: $f"
+                    log "  SHA-256: $file_hash"
+                    HASH_IOC_ISSUES=$((HASH_IOC_ISSUES + 1))
+                fi
+            done < <(find "$skill_dir" -type f 2>/dev/null)
+        done < <(find "$SKILLS_DIR" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+    else
+        log "  malicious-hashes.txt not found under $IOC_DIR"
+    fi
+else
+    result_clean "Skills directory not found; skipped malicious hash IOC scan"
+fi
+
+if [ -d "$SKILLS_DIR" ] && [ "$HASH_IOC_ISSUES" -eq 0 ]; then
+    if [ "$HASH_IOCS_PRESENT" -eq 1 ]; then
+        result_clean "No known malicious file hashes detected"
+    else
+        result_clean "Hash IOC database not found; malicious hash scan skipped"
+    fi
+fi