← Back to Skills Marketplace
224
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install clawscan-vigil
Description
安装前扫描 OpenClaw Skill 安全风险,静态+动态双重检测,识别恶意代码
README (SKILL.md)
Skill: clawscan-vigil
🔍 OpenClaw Skill 安全扫描器
安装前扫描任意 Skill 的安全风险,静态 + 动态双重检测。
为什么需要 ClawScan?
- 341 个恶意 Skill 已被发现可窃取 API Key、加密货币钱包
- ClawHub 审核机制薄弱,12% Skill 存在恶意行为
- 安装前无法判断代码安全性
版本对比
| 功能 | 免费版 | Premium |
|---|---|---|
| 静态代码分析 | ✅ | ✅ |
| 动态行为检测 | ✅ | ✅ |
| 扫描次数 | 5次/月 | 无限 |
| 依赖风险分析 | ❌ | ✅ |
| 批量扫描 | ❌ | ✅ |
| 优先支持 | ❌ | ✅ |
| 价格 | 免费 | ¥49/年 |
快速开始
# 安装
clawhub install clawscan
# 查看配额状态
clawscan status
# 扫描本地 Skill(消耗1次配额)
clawscan scan /path/to/skill
# 扫描已安装的 ClawHub Skill
clawscan check mcp-server-prompts
# 详细报告
clawscan scan /path/to/skill --verbose
# JSON 输出(用于脚本集成)
clawscan scan /path/to/skill --json
激活 Premium
# 获取 License: https://clawscan.dev
clawscan activate CLAW-XXXX-XXXX-XXXX
# 确认激活
clawscan status
风险分级
| 等级 | 图标 | 描述 |
|---|---|---|
| 🔴 高危 | HIGH | 网络请求、文件写入、命令执行 |
| 🟡 中危 | MEDIUM | 子进程导入、API Key 处理 |
| 🟢 低危 | LOW | 纯计算逻辑 |
示例输出
╭────────────────────────── Scan Summary ──────────────────────────╮
│ 🔴 malicious-skill │
│ │
│ Overall Risk: HIGH │
│ Files Scanned: 3 │
│ Scan Duration: 15ms │
│ │
│ Findings: 8 total │
│ 🔴 High: 4 │
│ 🟡 Medium: 3 │
│ 🟢 Low: 1 │
╰──────────────────────────────────────────────────────────────────╯
🔴 HIGH RISK (4)
==================================================
network
Network module imported: requests
/skill/malicious.py:7
📦 Dependency Analysis (Premium)
==================================================
🔴 pyautogui (Potential keylogger/screenshot capability)
🟡 psutil (System access capabilities)
📋 Recommendations
==================================================
🚨 This Skill can execute system commands...
退出码
| Code | 含义 |
|---|---|
| 0 | 低危 |
| 1 | 高危风险 |
| 2 | 中危风险 |
| 3 | 扫描错误 |
| 4 | 配额已用完 |
技术细节
静态分析:
- AST 解析识别危险函数
- 7 类风险模式匹配(网络、文件、子进程、加密等)
动态分析:
- RestrictedPython 沙箱执行
- 监控运行时导入和调用
依赖分析 (Premium):
- 扫描 requirements.txt / pyproject.toml
- 识别已知风险包(pyautogui, browser-cookie3 等)
隐私说明
- 扫描完全本地执行,代码不会上传
- License 验证可选离线模式
- 不收集 Skill 内容或扫描结果
支持与反馈
- 问题反馈:https://github.com/yourname/clawscan/issues
- 获取 License:https://clawscan.dev
- 邮件:[email protected]
License: MIT (Tool) + Commercial (Premium Features)
Usage Guidance
This package appears to implement a local scanner and does not attempt network exfiltration in the included code, but there are notable red flags you should address before installing:
- Dependencies: The code imports click, rich, RestrictedPython, and other libraries, but the registry only lists python3 and pip and provides no install script. Expect to manually install required Python packages or packaging to fail. Prefer installing in an isolated virtualenv and inspect the packages you install.
- RestrictedPython & dynamic analysis limits: Dynamic tracing runs code in a mock sandbox and purposely refuses to execute code containing constructs like eval/exec or __import__. Malicious code that obfuscates behavior or uses native extensions may evade detection—do not assume a clean scan guarantees safety.
- Metadata inconsistencies: SKILL.md/README include placeholder or mismatched links (e.g., github.com/yourname, clawscan.dev). That could be a sign the project is incomplete or not from a well-maintained upstream. Verify the project homepage and repository history before trusting or paying for 'Premium' features.
- Local writes: The tool will create ~/.clawscan and write license/usage files and can export JSON reports. If you need strict privacy, run scans in an isolated environment and review exported files.
What would raise confidence: an explicit install spec (or pyproject/pip wheel) that lists and installs required Python packages from known sources; consistent, verifiable upstream repository and release artifacts (GitHub releases or PyPI); and clearer handling of RestrictedPython availability and tomllib fallback for Python <3.11.
Capability Analysis
Type: OpenClaw Skill
Name: clawscan-vigil
Version: 0.2.0
The bundle is a security utility designed to perform static and dynamic analysis on other OpenClaw skills to detect malware. It utilizes AST parsing and regex signatures in 'core/static_analyzer.py' to identify risky patterns (e.g., network calls, subprocesses, and crypto-wallet access) and employs a 'RestrictedPython' sandbox in 'core/dynamic_tracer.py' to safely monitor runtime behavior. While the tool includes a license management system ('core/license_manager.py') for a 'Premium' tier, all operations, including scanning and license validation, appear to be performed locally without unauthorized data exfiltration or malicious intent.
Capability Assessment
Purpose & Capability
The skill's name and description (local pre-install scanner) align with the code: static_analysis + restricted dynamic execution + a CLI. However the registry metadata only requires 'python3' and 'pip' while the code imports many third-party Python packages (click, rich, RestrictedPython, tomllib (3.11+), etc.). There is no install spec to ensure those dependencies are installed. This mismatch (declaring only binaries but not Python package deps or an install step) is disproportionate and will cause runtime failures or require manual installation by the user.
Instruction Scope
SKILL.md instructs running scans against local Skill directories and claims scans run fully locally with no uploads. The implementation appears consistent: the dynamic tracer uses RestrictedPython and a mock __import__ to avoid executing real network/file operations. Still, dynamic analysis intentionally skips code containing dangerous constructs (eval/exec, __import__, long loops), so it may produce false negatives for obfuscated or highly dynamic malicious code. The scanner also exposes JSON export and batch scanning features (Premium) that will write output files locally—contradicting any absolute claim that 'no results are collected' if the user requests exports.
Install Mechanism
There is no install spec in the registry. The package includes code that depends on multiple Python libraries (click, rich, RestrictedPython, tomllib (py3.11), etc.), but the registry only lists python3 and pip as required binaries. Because the skill doesn't provide an automated install step to install its Python dependencies, installation as-is may fail. Absence of a controlled install step increases friction and the chance users will run ad-hoc pip installs themselves, which expands the attack surface if they use untrusted package sources.
Credentials
The skill does not request environment variables or external credentials. It stores license and usage files under a user directory (~/.clawscan), which is expected for a tool with a local license/quota model. No code paths were found that attempt to exfiltrate code or scanning results externally. Still, the presence of license activation/URLs and multiple placeholder links (e.g., github.com/yourname) is a trust concern: verify the upstream project and URLs before trusting license keys or following external links.
Persistence & Privilege
always:false and normal autonomous invocation are used. The skill creates (and will write) a local config directory (~/.clawscan) and license/usage JSON files, which is reasonable for quota/license bookkeeping. There is no code that modifies other skills or global agent settings. No 'always: true' or elevated system-wide privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawscan-vigil - After installation, invoke the skill by name or use
/clawscan-vigil - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
clawscan-vigil 0.2.0
- Major update introducing new CLI and core modules for scanning.
- Added advanced analyzer, batch scanner, dynamic tracer, and risk engine for improved security detection.
- Introduced license management and support for Premium features.
- Added comprehensive documentation and usage guides.
- Improved code structure and maintainability by splitting logic into multiple core components.
v0.1.1
Initial release with Vigil Soul
v0.1.0
Initial release
Metadata
Frequently Asked Questions
What is Clawscan Vigil?
安装前扫描 OpenClaw Skill 安全风险,静态+动态双重检测,识别恶意代码. It is an AI Agent Skill for Claude Code / OpenClaw, with 224 downloads so far.
How do I install Clawscan Vigil?
Run "/install clawscan-vigil" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Clawscan Vigil free?
Yes, Clawscan Vigil is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Clawscan Vigil support?
Clawscan Vigil is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, macos, windows).
Who created Clawscan Vigil?
It is built and maintained by jjj09090 (@jjj09090); the current version is v0.2.0.
More Skills