← Back to Skills Marketplace

skill scan and detect risk

Name: skill scan and detect risk
Author: jayhe

by jayhe · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

275

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-shield-007

Description

OpenClaw扩展安全管理系统。扫描已安装扩展的安全风险，提供allowlist策略控制，在使用高风险扩展前进行风险提示。适用于安全管理、风险评估、权限控制场景。

Usage Guidance

This skill appears to implement a legitimate local scanner, but there are two things to check before installing: 1) Inspect and control the hook: hook/shield-scan.js runs a local Python startup script and appends its output to the agent's system prompt. That behavior can change agent behavior broadly (prompt injection). If you install, either remove or disable the hook, or ensure the referenced startup script is present, simple, and cannot be modified by untrusted parties. 2) Fix the inconsistency: SKILL.md claims hook/auto-check is 'planned', but a hook file exists and it references scripts/tui-startup.py which is missing. Ask the author why the hook is present and what the startup script should do. If you can't verify the startup script's content, do not enable the hook. Other precautions: review config.json allowlist entries (ensure you trust the listed skills), run the scanner in a sandbox first, and limit write permissions to ~/.openclaw/workspace/skills so attackers cannot replace the startup script or other scanner files. If you need a short recommendation: keep the scanner code (scripts/shield.py) but remove/disable the JS hook until its behavior is audited.

Capability Analysis

Type: OpenClaw Skill Name: skill-shield-007 Version: 1.0.0 Skill Shield is a security utility designed to scan OpenClaw extensions for risky patterns such as command execution, network calls, and credential access. The core logic in `scripts/shield.py` performs local static analysis via keyword matching, while `hook/shield-scan.js` integrates scanning into the session startup. Although the tool requires broad read access to the extensions directory and modifies the system prompt to display alerts, its operations are transparent, documented, and lack any indicators of data exfiltration, obfuscation, or malicious intent.

Capability Assessment

✓ Purpose & Capability

Name/description match the code: the Python scanner scans ~/.openclaw/workspace/skills for keywords, builds a risk DB, and offers allowlist/blocked behavior. Required binary (python3) is appropriate and no unrelated credentials or external binaries are requested.

⚠ Instruction Scope

SKILL.md and scripts describe scanning skills directory, reading SKILL.md and scripts/, saving a local JSON DB — this is within scope. However, SKILL.md states 'Hook机制/自动检查' is planned/not implemented, yet a hook file (hook/shield-scan.js) exists and is registered for 'session-start'. The hook executes a startup Python script and appends its output to context.systemPrompt, which can influence the agent globally. That hook references scripts/tui-startup.py which is not present in the package (missing file) — an incoherence that could cause runtime errors or be abused if that file is later added/modified.

✓ Install Mechanism

No install spec (instruction-only install) and only a python script + small JS hook included. Nothing is downloaded from external URLs, no extract steps, and required binaries are minimal (python3).

✓ Credentials

No environment variables, no credentials, and no config paths beyond normal per-skill config (config.json under the skill and a memory JSON under ~/.openclaw). The scanner reads files under the skills directory as expected; it does not contain explicit network or credential exfiltration code in the provided files.

⚠ Persistence & Privilege

The hook modifies context.systemPrompt by appending scan output. While the skill is not marked always:true, this hook will run at session-start (if the platform loads hooks), giving it an effective injection channel into agent prompts. Appending arbitrary script output into the system prompt is a potential prompt-injection vector and is disproportionate unless the startup script output is strictly controlled and sanitized. Also the code references a startup script that is missing, an inconsistency that should be resolved.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-shield-007
After installation, invoke the skill by name or use /skill-shield-007
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Skill-shield 1.0.0 – 全新OpenClaw安全管理和风险控制 - 全面重写：由ClawHub技能单目录扫描与安全评分工具，升级为OpenClaw扩展统一安全管理系统，聚焦已装扩展风险识别、allowlist/blacklist控制与用户交互提示。 - 新增持久化风险数据库、风险历史记录与管理命令，支持风险快速检索与审计。 - 通过config.json集中管理信任列表、阻止名单和风险交互策略，实现精细化权限与提示控制。 - 支持10大常见风险类型自动识别，按严重度进行分级处理。 - 集成实用命令：一键扫描、单扩展检查、allowlist与blacklist管理、风险报告查看、风险记录清除。 - 功能示例与故障排除指引全面更新，适配OpenClaw场景。

Metadata

Slug skill-shield-007

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is skill scan and detect risk?

OpenClaw扩展安全管理系统。扫描已安装扩展的安全风险，提供allowlist策略控制，在使用高风险扩展前进行风险提示。适用于安全管理、风险评估、权限控制场景。 It is an AI Agent Skill for Claude Code / OpenClaw, with 275 downloads so far.

How do I install skill scan and detect risk?

Run "/install skill-shield-007" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is skill scan and detect risk free?

Yes, skill scan and detect risk is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does skill scan and detect risk support?

skill scan and detect risk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created skill scan and detect risk?

It is built and maintained by jayhe (@jayhe); the current version is v1.0.0.

More Skills