← Back to Skills Marketplace

Li Python Sec Check

Name: Li Python Sec Check
Author: 43622283

by Terry S Fisher · GitHub ↗ · v0.0.2 · MIT-0

cross-platform ⚠ suspicious

132

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install li-python-sec-check

Description

Python 安全规范检查工具 - 基于 CloudBase 规范 + 腾讯安全指南 + LLM 智能分析（LLM 功能默认禁用，本地执行优先）

Usage Guidance

This skill is coherent with its purpose, but follow these precautions before use: 1) Do not enable --llm when scanning sensitive or private code unless you trust and control the configured API endpoint. 2) If you must use LLM analysis in an enterprise, set LLM_API_BASE to an internal/private LLM and provide a dedicated key. 3) Inspect scripts/python_sec_check.py and scripts/llm_analyzer.py to confirm LLM calls are only made when the CLI flag is used (and that no API key is picked up silently from environment). 4) Run scans in an isolated environment (container/VM) when first evaluating the tool, and ensure no accidental LLM_API_KEY is present in CI environment variables. 5) If you allow autonomous agents to invoke skills, be cautious about enabling the LLM feature because it will transmit code snippets to the configured endpoint.

Capability Analysis

Type: OpenClaw Skill Name: li-python-sec-check Version: 0.0.2 The bundle is a legitimate Python static analysis tool designed to scan projects for security vulnerabilities and compliance issues based on CloudBase and Tencent standards. The core logic in `scripts/python_sec_check.py` uses regex-based patterns to detect risks like SQL injection, command injection, and hardcoded secrets, while `scripts/llm_analyzer.py` provides an optional feature to send code snippets to an external LLM API (defaulting to Alibaba DashScope at https://dashscope.aliyuncs.com) for remediation advice. This network behavior is transparently documented in `SECURITY_AND_PRIVACY.md`, is disabled by default, requires explicit user activation via the `--llm` flag, and triggers runtime warnings, indicating no malicious intent or stealthy data exfiltration.

Capability Assessment

✓ Purpose & Capability

Name/description (Python security checks + optional LLM) matches the included code and docs. The code implements static checks, privacy/data checks, and an optional LLM analyzer. No unrelated credentials or binaries are required.

ℹ Instruction Scope

SKILL.md and SECURITY_AND_PRIVACY.md clearly state core checks run locally and that LLM analysis is opt-in via --llm. The LLM module will send code snippets and scan results to the configured API only when an API key is present / LLM is enabled. You should still inspect scripts/python_sec_check.py to confirm LLM calls are gated by the CLI flag before enabling networked analysis.

✓ Install Mechanism

No install spec; package is shipped as code files (no remote downloads at install time). This is low-risk. The only network use is in the optional LLM analyzer which uses requests when an API key is provided.

✓ Credentials

No required environment variables. Optional env vars (LLM_API_KEY, LLM_API_BASE) are reasonable and documented for the LLM feature. The skill does not request unrelated secrets or system config paths.

ℹ Persistence & Privilege

always:false and no special privileges are requested. Autonomous invocation is allowed by default (platform standard). If you enable LLM/networking and the agent is allowed to call the skill autonomously, that combination increases blast radius because code snippets can be sent to the configured endpoint — but the skill itself documents and requires explicit LLM usage.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install li-python-sec-check
After installation, invoke the skill by name or use /li-python-sec-check
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.0.2

- 增加多份安全与合规文档，包括 SECURITY_AND_PRIVACY.md 及安全报告模板 - 更新描述，明确 LLM 智能分析默认禁用，本地检查为主 - 文档与合规性增强，提升企业/云原生环境适配性 - 适配项目元信息与依赖配置，便于长期维护 - 小幅度优化 skill 文件结构和说明

v0.0.1

Initial release of li-python-sec-check, a Python security compliance inspection tool. - Implements 12 comprehensive security checks based on CloudBase and Tencent security standards. - Detects unsafe encryption, SQL/command injection, hardcoded secrets, debug mode, and more. - Supports static code analysis, dependency vulnerability scanning, and code quality checks using external tools (flake8, bandit, pip-audit). - Flexible usage: command-line arguments, .env configuration, and customizable report output formats (Markdown/JSON/HTML). - Suitable for post-development review, SAST, CI/CD automation, and code audit workflows.

Metadata

Slug li-python-sec-check

Version 0.0.2

License MIT-0

All-time Installs 1

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Li Python Sec Check?

Python 安全规范检查工具 - 基于 CloudBase 规范 + 腾讯安全指南 + LLM 智能分析（LLM 功能默认禁用，本地执行优先）. It is an AI Agent Skill for Claude Code / OpenClaw, with 132 downloads so far.

How do I install Li Python Sec Check?

Run "/install li-python-sec-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Li Python Sec Check free?

Yes, Li Python Sec Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Li Python Sec Check support?

Li Python Sec Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Li Python Sec Check?

It is built and maintained by Terry S Fisher (@43622283); the current version is v0.0.2.

More Skills