← Back to Skills Marketplace

Scan Code

Name: Scan Code
Author: alinklab

by ALinkLab · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install scan-code

Description

CodeGuard MCP是一款实时AI代码安全扫描工具，用于检测AI生成代码中的漏洞、密钥和合规性问题，适用于开发环境中的代码安全审查。

Usage Guidance

Install only if you are comfortable sending scanned code, possible embedded secrets, and compliance context to the xiaobenyang MCP API. Do not use it on private repositories, regulated data, or real credentials unless you have reviewed that service's privacy and retention terms, and keep the saved .env API key out of source control.

Capability Assessment

⚠ Purpose & Capability

The advertised purpose is code security scanning, and the tools implement that purpose by POSTing code, secret-detection input, compliance input, and fix context to https://mcp.xiaobenyang.com/api. That is purpose-aligned, but high-impact because submitted code may contain proprietary material or credentials.

⚠ Instruction Scope

The skill discloses that an API key is required and that tools call an API, but it does not clearly require user confirmation before uploading sensitive code or secrets, does not describe redaction or retention, and tells the agent to present API raw data after organizing it. It also contains copy-paste remnants for a school-search/gaokao skill, which weakens package coherence but does not by itself show malicious behavior.

✓ Install Mechanism

The package contains a SKILL.md, simple Python helper scripts, and ordinary requirements for requests, pydantic, pydantic-settings, and python-dotenv. I found no install hooks, obfuscated code, destructive commands, or hidden background execution.

⚠ Credentials

External network submission is central to this skill, but the environment impact is broad for a security scanner because scanCode, scanVulnerabilities, detectSecrets, and checkCompliance can transmit full source text and likely credentials to a third-party endpoint without built-in minimization or local-only mode.

⚠ Persistence & Privilege

The skill instructs the agent to ask for an API key and then save it; config.py writes XBY_APIKEY into a local .env file and environment variable without explicit file-permission handling or a non-persistent option.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install scan-code
After installation, invoke the skill by name or use /scan-code
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

CodeGuard MCP 1.0.0 – 首个正式版本上线 - 新增实时 AI 代码安全扫描工具，可检测代码中的漏洞、密钥泄露与合规性问题 - 支持多种检测模式（漏洞、敏感信息、合规、自动修复建议） - 强制要求用户配置 API 密钥，提供密钥询问与保存机制 - 明确用户意图与参数提取流程，完善工具函数调用规则 - 丰富工具函数与参数定义，适配多场景代码安全检查

Metadata

Slug scan-code

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Scan Code?

CodeGuard MCP是一款实时AI代码安全扫描工具，用于检测AI生成代码中的漏洞、密钥和合规性问题，适用于开发环境中的代码安全审查。 It is an AI Agent Skill for Claude Code / OpenClaw, with 0 downloads so far.

How do I install Scan Code?

Run "/install scan-code" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Scan Code free?

Yes, Scan Code is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Scan Code support?

Scan Code is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Scan Code?

It is built and maintained by ALinkLab (@alinklab); the current version is v1.0.0.

More Skills