← Back to Skills Marketplace

SkillGuard - OWASP ASI Agent安全扫描器

Name: SkillGuard - OWASP ASI Agent安全扫描器
Author: thebuddha5566

by thebuddha5566 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skillguard-asi

Description

Agent技能安全扫描器 — 上传Skill包自动检测安全漏洞（prompt注入/凭证泄露/代码执行/依赖审计等8维检测）。三平台首发，零依赖Python标准库。

README (SKILL.md)

SkillGuard — Agent技能安全扫描器

让Agent安装Skill前先做安全检查。 覆盖OWASP ASI Top 10，8大检测器。

快速开始

python cli.py scan my-skill.zip           # 全量扫描
python cli.py scan my-skill.zip --format md  # Markdown报告
python cli.py list                        # 列出检测器

8大检测器

检测器	OWASP ASI	检测内容
prompt_injection	ASI-01,04	Prompt注入/越狱/中文话术
secret_exposure	ASI-02	API Key/Token/密码泄露
code_execution	ASI-03	eval/exec/subprocess危险调用
dependency_audit	ASI-06	依赖包安全审计
permission_analysis	ASI-05	权限声明vs实际行为交叉验证
sensitive_file_access	ASI-08	敏感文件+数据外泄
network_whitelist	ASI-07	URL白名单网络请求审计
memory_pollution	ASI-09,10	记忆投毒/认知攻击

TRACE五维安全评分

输出Trust(信任)/Reliability(可靠)/Authenticity(真实)/Compliance(合规)/Exposure(暴露)安全评分。

许可证

MIT — 免费使用、修改、分发。

Usage Guidance

Install only if you want a local command-line scanner for skill packages. It appears benign, but run it on untrusted archives in a constrained workspace or sandbox because it extracts and reads ZIP contents during scanning, and note that the marketplace capability tags overstate credential-related needs compared with the code.

Capability Tags

cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

The artifacts match the stated purpose: a Python standard-library CLI that extracts a user-supplied skill ZIP, scans text/Python files for security patterns, and emits JSON or Markdown reports.

✓ Instruction Scope

Runtime instructions are limited to user-invoked commands such as scan and list; there are no prompt overrides, hidden agent-control instructions, or automatic execution hooks.

ℹ Install Mechanism

The package declares zero external dependencies and has no installer script, though metadata capability tags mention wallet/OAuth/sensitive credentials despite the artifacts not requesting or using those capabilities.

ℹ Credentials

Local file reads, temporary ZIP extraction, and optional report writes are expected for a scanner, but users should treat untrusted ZIPs cautiously because the extractor has no explicit archive size or file-count limits.

✓ Persistence & Privilege

No background service, startup modification, credential storage, broad indexing, privilege escalation, or durable persistence was found; output files are written only when the user supplies an output path.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skillguard-asi
After installation, invoke the skill by name or use /skillguard-asi
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

首发：8检测器×OWASP ASI Top 10全覆盖。TRACE五维评分。零依赖Python标准库。

Metadata

Slug skillguard-asi

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is SkillGuard - OWASP ASI Agent安全扫描器?

Agent技能安全扫描器 — 上传Skill包自动检测安全漏洞（prompt注入/凭证泄露/代码执行/依赖审计等8维检测）。三平台首发，零依赖Python标准库。 It is an AI Agent Skill for Claude Code / OpenClaw, with 34 downloads so far.

How do I install SkillGuard - OWASP ASI Agent安全扫描器?

Run "/install skillguard-asi" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SkillGuard - OWASP ASI Agent安全扫描器 free?

Yes, SkillGuard - OWASP ASI Agent安全扫描器 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SkillGuard - OWASP ASI Agent安全扫描器 support?

SkillGuard - OWASP ASI Agent安全扫描器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SkillGuard - OWASP ASI Agent安全扫描器?

It is built and maintained by thebuddha5566 (@thebuddha5566); the current version is v1.0.0.

More Skills