← Back to Skills Marketplace
Agent Security Skill Scanner Gitee
by
caidongyun
· GitHub ↗
· v4.1.6
· MIT-0
77
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agent-security-scanner
Description
AI Agent 安全扫描器 - 多语言检测 + AST 分析 + 意图识别 + LLM 验证
README (SKILL.md)
Agent Security Scanner v4.1.0
企业级 AI Agent 安全扫描器,支持多语言检测、AST 静态分析、意图识别和 LLM 二次判定。
🎯 核心能力
| 能力 | 说明 | 状态 |
|---|---|---|
| 多语言检测 | Python/JavaScript/YAML/Go/Shell | ✅ |
| AST 静态分析 | Python 深度语法分析 | ✅ |
| 智能评分 | 多特征加权评分系统 | ✅ |
| 意图识别 | 二层检测,识别恶意意图 | ✅ |
| LLM 验证 | 边界样本深度分析 | ✅ |
| 白名单机制 | 降低误报率 | ✅ |
| 灵顺监控 | 持续自动化优化 | ✅ |
📊 性能指标
| 指标 | 值 | 行业平均 | 优势 |
|---|---|---|---|
| 检测率 (DR) | 100% | 85-92% | +8-15% |
| 误报率 (FPR) | 7.77% | 15-25% | -50-70% |
| 扫描速度 | 5019/s | 2000-3000/s | +60-140% |
| 支持语言 | 5 种 | 2-3 种 | +70% |
🏗️ 三层检测架构
[一层] 白名单/黑名单 → 快速筛查
[二层] 智能评分 + 意图分析 → 边界样本判定
[三层] LLM 深度分析 → 不确定样本
🚀 快速开始
安装
# 从 npm 安装 (待发布)
npm install [email protected]
# 从源码安装
git clone https://github.com/agent-security/scanner.git
cd scanner/release/v4.1
pip install -r requirements.txt
基本使用
# 扫描单个文件
python3 src/multi_language_scanner_v4.py /path/to/sample.py
# 批量扫描目录
python3 src/fast_batch_scan.py
# 扫描指定目录
python3 src/fast_batch_scan.py --samples /path/to/samples
# 启用 LLM 分析
export ENABLE_LLM_ANALYSIS=true
export LLM_API_KEY=your_api_key
python3 src/fast_batch_scan.py
灵顺自动化
# 启动守护进程
nohup python3 lingshun_scanner_daemon.py > logs/daemon.log 2>&1 &
# 手动触发优化
bash lingshun_optimize.sh
# 查看状态
ps aux | grep lingshun_scanner_daemon
📁 目录结构
agent-security-scanner/
├── src/
│ ├── multi_language_scanner_v4.py # 主扫描器
│ ├── fast_batch_scan.py # 批量扫描入口
│ ├── intent_detector_v2.py # 意图分析器
│ ├── llm_analyzer.py # LLM 分析器
│ └── benchmark_full_scan.py # 性能测试
├── config/
│ └── quality_gate.yaml # 质量门禁配置
├── docs/
│ ├── USER_GUIDE.md # 用户指南
│ └── DELIVERY_REPORT.md # 交付报告
├── examples/ # 示例代码
├── tests/ # 测试用例
├── lingshun_optimize.sh # 灵顺优化脚本
├── lingshun_scanner_daemon.py # 灵顺监控守护进程
├── package.json # npm 包配置
├── SKILL.md # 技能规范
├── requirements.txt # 依赖列表
└── LICENSE # 许可证
🔧 配置说明
环境变量
# LLM 分析配置
export ENABLE_LLM_ANALYSIS=true
export LLM_API_KEY=your_api_key
export LLM_API_URL=https://api.example.com/v1/chat
# 灵顺监控配置
export FEISHU_WEBHOOK=your_webhook_url
export [email protected]
质量门禁
# config/quality_gate.yaml
metrics:
detection_rate:
min: 99.0
false_positive_rate:
max: 10.0
throughput:
min: 4000
📈 检测能力
支持攻击类型
| 攻击类型 | 检测率 | 说明 |
|---|---|---|
| tool_poisoning | 100% | 工具投毒 |
| data_exfiltration | 100% | 数据外泄 |
| credential_theft | 100% | 凭证窃取 |
| evasion | 100% | 绕过检测 |
| persistence | 100% | 持久化 |
| supply_chain_attack | 100% | 供应链攻击 |
| resource_exhaustion | 100% | 资源耗尽 |
| remote_load | 100% | 远程加载 |
| prompt_injection | 100% | 提示注入 |
| memory_pollution | 100% | 记忆污染 |
支持编程语言
| 语言 | 检测方式 | 覆盖率 |
|---|---|---|
| Python | AST + 规则 + 智能评分 | 100% |
| JavaScript | JS Analyzer + 智能评分 | 100% |
| YAML | 规则检测 + 智能评分 | 100% |
| Go | 规则检测 + 智能评分 | 100% |
| Shell | 规则检测 + 智能评分 | 100% |
🛡️ 安全特性
白名单机制
# 仅包含明确可信的良性标识
whitelist_patterns = [
'# BEN-NOR-', # 正常样本
'# BEN-COP-', # 常见模式
'# BEN-EVA-', # Evasion 测试
'print("Hello")', # Hello World
]
三层检测
- 快速筛查: 白名单/黑名单匹配
- 智能评分 + 意图分析: 边界样本 (risk 15-35)
- LLM 验证: 意图不明确样本
🤖 灵顺自动化
# 启动守护进程
nohup python3 lingshun_scanner_daemon.py > logs/daemon.log 2>&1 &
# 手动触发优化
bash lingshun_optimize.sh
# 任务编排
bash lingshun_task_orchestration.sh
📋 API 参考
扫描器接口
from multi_language_scanner_v4 import MultiLanguageScanner
scanner = MultiLanguageScanner()
result = scanner.scan_file('/path/to/sample.py')
print(f"is_malicious: {result.is_malicious}")
print(f"risk_score: {result.risk_score}")
print(f"risk_level: {result.risk_level}")
print(f"behaviors: {result.behaviors}")
意图分析接口
from intent_detector_v2 import EnhancedIntentDetector
detector = EnhancedIntentDetector()
result = detector.analyze(code, 'sample.py')
print(f"intent: {result.intent}")
print(f"confidence: {result.confidence}")
LLM 分析接口
from llm_analyzer import LLMAnalyzer
analyzer = LLMAnalyzer()
result = analyzer.analyze(code, {
'risk_score': 25,
'behaviors': ['subprocess', 'base64']
})
print(f"is_malicious: {result.is_malicious}")
🧪 测试
# 运行测试
python3 -m pytest tests/
# 性能基准测试
python3 src/benchmark_full_scan.py
# 质量门禁验证
python3 -c "from src.multi_language_scanner_v4 import MultiLanguageScanner; print('✅ OK')"
📝 更新日志
v4.1.0 (2026-04-04)
- ✅ 三层检测架构 (白名单 + 智能评分 + 意图 + LLM)
- ✅ 回退到安全配置 (FPR 7.77%)
- ✅ 灵顺 V5 自动化监控
- ✅ 完整文档和示例
- ✅ 30 个测试样本 (AST/意图/LLM)
v4.0.0 (2026-04-03)
- ✅ 多语言融合检测
- ✅ AST 静态分析集成
- ✅ 白名单/黑名单机制
🤝 贡献
# Fork 仓库
git fork https://github.com/agent-security/scanner.git
# 创建分支
git checkout -b feature/your-feature
# 提交更改
git commit -m "feat: add your feature"
# 推送并创建 PR
git push origin feature/your-feature
📄 许可证
MIT License - 详见 LICENSE
📞 联系方式
- GitHub: https://github.com/agent-security/scanner
- Email: [email protected]
- Discord: https://discord.gg/agent-security
版本: 4.1.0
发布日期: 2026-04-04
状态: ✅ 生产就绪
Benchmark: DR 100% | FPR 7.77% | Speed 5019/s
Usage Guidance
What to do before installing or running this skill:
- Treat the LLM/API instructions as optional but sensitive. Do NOT provide a high-privilege LLM_API_KEY (or reuse an org-wide key) until you've code-reviewed llm_analyzer.py and any code that sends data externally. Prefer a low-privilege or rate-limited test key.
- Inspect SKILL.md and the repository for hidden/control characters and ensure text hasn't been tampered with (the pre-scan flagged unicode-control-chars). Open the file in a hex-aware editor or run a script to reveal non-printable characters.
- Review the included scripts that the docs tell you to run (lingshun_scanner_daemon.py, lingshun_optimize.sh, lingshun_task_orchestration.sh). Run them only in an isolated sandbox (VM/container) first — they start daemons and may make network calls or write logs.
- Check any network endpoints the code calls (LLM_API_URL, webhooks, Redis URLs). Replace placeholder endpoints (api.example.com) with your own trusted endpoints if you intend to enable LLM analysis, or disable LLM_ANALYSIS entirely.
- Verify there are no unexpected hardcoded endpoints, credentials, or file paths in the source (search for 'http', 'ftp', 'api', 'token', 'password', '~/', '/etc', redis.from_url, requests.post, urllib, etc.). The docs reference a samples directory on a home path — confirm the release package does not include or exfiltrate local sample data.
- Because the skill may start persistent background processes, plan how to stop them (systemd unit or kill scripts) and inspect logs after a test run.
- If you lack capacity to audit the code yourself, run the skill only in a tightly isolated environment with no sensitive credentials, no access to production secrets, and network egress blocked (or routed through a proxy you control) until you are satisfied.
Low-level reason for 'suspicious': the project is coherent for its stated purpose, but the mismatch between declared metadata and runtime instructions, presence of hidden control characters in SKILL.md, and the instructions to run background processes and external LLM/webhook integrations create opportunities for misuse or unintended data exposure. Manual review or sandbox testing is recommended before granting it access to real credentials or production systems.
Capability Analysis
Type: OpenClaw Skill
Name: agent-security-scanner
Version: 4.1.6
The bundle is a comprehensive security scanning tool designed to detect malicious patterns, data exfiltration, and prompt injection in AI Agent skills. It utilizes a multi-layered approach including AST static analysis, keyword-based risk scoring (found in `smart_pattern_detector.py`), regex-based intent recognition (`intent_detector_v2.py`), and optional LLM-based verification (`llm_analyzer.py`). While the codebase contains numerous high-risk strings and patterns associated with malware, these are used exclusively as detection signatures. The orchestration logic in `scanner_cli.py` and the background monitoring features described in the documentation are consistent with its stated purpose as a security analysis and benchmarking utility.
Capability Assessment
Purpose & Capability
Name/description (AI Agent security scanner) match included code (AST/static analysis, intent detector, LLM analyzer). However the SKILL metadata/registry lists no required environment variables while the runtime docs repeatedly instruct setting LLM_API_KEY, ENABLE_LLM_ANALYSIS, LLM_API_URL, FEISHU_WEBHOOK and ALERT_EMAIL — a mismatch between declared requirements and what the skill asks the user to provide. The code and docs also reference optional services (Redis message bus, Docker sandbox, external sample libraries) that are not declared in registry metadata; these are plausible for a scanner but should be clearly declared.
Instruction Scope
SKILL.md instructs running background daemons (nohup python3 lingshun_scanner_daemon.py ...), running shell scripts (lingshun_optimize.sh, orchestration scripts) and enabling LLM analysis via env vars. It also references scanning arbitrary filesystem paths and running dynamic/sandbox analyses. Those instructions allow long-running processes, network calls, and arbitrary system interactions — appropriate for a scanner, but they broaden runtime scope (daemon persistence, filesystem and network access). The document also contains unicode-control-chars (prompt-injection signal) embedded in SKILL.md which could attempt to manipulate downstream processing or display; this should be investigated.
Install Mechanism
There is no network download/install spec in registry (no install section). The package is delivered with Python source files included. That lowers supply-chain risk compared to an installer that fetches arbitrary archives. The repository contains many scripts and sample tooling; running them still executes local code (so standard code-review/sandbox precautions apply).
Credentials
The registry metadata declares no required env vars or credentials, but SKILL.md instructs use of LLM_API_KEY/LLM_API_URL, ENABLE_LLM_ANALYSIS, FEISHU_WEBHOOK and ALERT_EMAIL. Requesting an LLM API key and webhook is plausible for an optional LLM-analysis + alerting feature, but the absence of these in the declared requires.env is an inconsistency. Additionally, docs/code reference other services (redis URL, local sample libraries) and optional dependencies (openai, requests) that imply network/secret access not enumerated in metadata. If you enable LLM analysis you must provide an API key — treat that as sensitive and do not reuse high-privilege keys without review.
Persistence & Privilege
The skill metadata does not request always:true and autonomous invocation is default. However SKILL.md encourages starting a background daemon (nohup ... &), which would create persistent processes on the host. That persistence is not enforced by the platform but is part of runtime instructions — users should be aware that installing/running the skill per its docs may create long-lived processes and log files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agent-security-scanner - After installation, invoke the skill by name or use
/agent-security-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.1.6
v4.1.6: 统一名称为 Agent Security Scanner
Metadata
Frequently Asked Questions
What is Agent Security Skill Scanner Gitee?
AI Agent 安全扫描器 - 多语言检测 + AST 分析 + 意图识别 + LLM 验证. It is an AI Agent Skill for Claude Code / OpenClaw, with 77 downloads so far.
How do I install Agent Security Skill Scanner Gitee?
Run "/install agent-security-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Security Skill Scanner Gitee free?
Yes, Agent Security Skill Scanner Gitee is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Agent Security Skill Scanner Gitee support?
Agent Security Skill Scanner Gitee is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Security Skill Scanner Gitee?
It is built and maintained by caidongyun (@caidongyun); the current version is v4.1.6.
More Skills