← 返回 Skills 市场
Agent Security Skill Scanner Gitee
作者
caidongyun
· GitHub ↗
· v4.1.6
· MIT-0
77
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install agent-security-scanner
功能描述
AI Agent 安全扫描器 - 多语言检测 + AST 分析 + 意图识别 + LLM 验证
使用说明 (SKILL.md)
Agent Security Scanner v4.1.0
企业级 AI Agent 安全扫描器,支持多语言检测、AST 静态分析、意图识别和 LLM 二次判定。
🎯 核心能力
| 能力 | 说明 | 状态 |
|---|---|---|
| 多语言检测 | Python/JavaScript/YAML/Go/Shell | ✅ |
| AST 静态分析 | Python 深度语法分析 | ✅ |
| 智能评分 | 多特征加权评分系统 | ✅ |
| 意图识别 | 二层检测,识别恶意意图 | ✅ |
| LLM 验证 | 边界样本深度分析 | ✅ |
| 白名单机制 | 降低误报率 | ✅ |
| 灵顺监控 | 持续自动化优化 | ✅ |
📊 性能指标
| 指标 | 值 | 行业平均 | 优势 |
|---|---|---|---|
| 检测率 (DR) | 100% | 85-92% | +8-15% |
| 误报率 (FPR) | 7.77% | 15-25% | -50-70% |
| 扫描速度 | 5019/s | 2000-3000/s | +60-140% |
| 支持语言 | 5 种 | 2-3 种 | +70% |
🏗️ 三层检测架构
[一层] 白名单/黑名单 → 快速筛查
[二层] 智能评分 + 意图分析 → 边界样本判定
[三层] LLM 深度分析 → 不确定样本
🚀 快速开始
安装
# 从 npm 安装 (待发布)
npm install [email protected]
# 从源码安装
git clone https://github.com/agent-security/scanner.git
cd scanner/release/v4.1
pip install -r requirements.txt
基本使用
# 扫描单个文件
python3 src/multi_language_scanner_v4.py /path/to/sample.py
# 批量扫描目录
python3 src/fast_batch_scan.py
# 扫描指定目录
python3 src/fast_batch_scan.py --samples /path/to/samples
# 启用 LLM 分析
export ENABLE_LLM_ANALYSIS=true
export LLM_API_KEY=your_api_key
python3 src/fast_batch_scan.py
灵顺自动化
# 启动守护进程
nohup python3 lingshun_scanner_daemon.py > logs/daemon.log 2>&1 &
# 手动触发优化
bash lingshun_optimize.sh
# 查看状态
ps aux | grep lingshun_scanner_daemon
📁 目录结构
agent-security-scanner/
├── src/
│ ├── multi_language_scanner_v4.py # 主扫描器
│ ├── fast_batch_scan.py # 批量扫描入口
│ ├── intent_detector_v2.py # 意图分析器
│ ├── llm_analyzer.py # LLM 分析器
│ └── benchmark_full_scan.py # 性能测试
├── config/
│ └── quality_gate.yaml # 质量门禁配置
├── docs/
│ ├── USER_GUIDE.md # 用户指南
│ └── DELIVERY_REPORT.md # 交付报告
├── examples/ # 示例代码
├── tests/ # 测试用例
├── lingshun_optimize.sh # 灵顺优化脚本
├── lingshun_scanner_daemon.py # 灵顺监控守护进程
├── package.json # npm 包配置
├── SKILL.md # 技能规范
├── requirements.txt # 依赖列表
└── LICENSE # 许可证
🔧 配置说明
环境变量
# LLM 分析配置
export ENABLE_LLM_ANALYSIS=true
export LLM_API_KEY=your_api_key
export LLM_API_URL=https://api.example.com/v1/chat
# 灵顺监控配置
export FEISHU_WEBHOOK=your_webhook_url
export [email protected]
质量门禁
# config/quality_gate.yaml
metrics:
detection_rate:
min: 99.0
false_positive_rate:
max: 10.0
throughput:
min: 4000
📈 检测能力
支持攻击类型
| 攻击类型 | 检测率 | 说明 |
|---|---|---|
| tool_poisoning | 100% | 工具投毒 |
| data_exfiltration | 100% | 数据外泄 |
| credential_theft | 100% | 凭证窃取 |
| evasion | 100% | 绕过检测 |
| persistence | 100% | 持久化 |
| supply_chain_attack | 100% | 供应链攻击 |
| resource_exhaustion | 100% | 资源耗尽 |
| remote_load | 100% | 远程加载 |
| prompt_injection | 100% | 提示注入 |
| memory_pollution | 100% | 记忆污染 |
支持编程语言
| 语言 | 检测方式 | 覆盖率 |
|---|---|---|
| Python | AST + 规则 + 智能评分 | 100% |
| JavaScript | JS Analyzer + 智能评分 | 100% |
| YAML | 规则检测 + 智能评分 | 100% |
| Go | 规则检测 + 智能评分 | 100% |
| Shell | 规则检测 + 智能评分 | 100% |
🛡️ 安全特性
白名单机制
# 仅包含明确可信的良性标识
whitelist_patterns = [
'# BEN-NOR-', # 正常样本
'# BEN-COP-', # 常见模式
'# BEN-EVA-', # Evasion 测试
'print("Hello")', # Hello World
]
三层检测
- 快速筛查: 白名单/黑名单匹配
- 智能评分 + 意图分析: 边界样本 (risk 15-35)
- LLM 验证: 意图不明确样本
🤖 灵顺自动化
# 启动守护进程
nohup python3 lingshun_scanner_daemon.py > logs/daemon.log 2>&1 &
# 手动触发优化
bash lingshun_optimize.sh
# 任务编排
bash lingshun_task_orchestration.sh
📋 API 参考
扫描器接口
from multi_language_scanner_v4 import MultiLanguageScanner
scanner = MultiLanguageScanner()
result = scanner.scan_file('/path/to/sample.py')
print(f"is_malicious: {result.is_malicious}")
print(f"risk_score: {result.risk_score}")
print(f"risk_level: {result.risk_level}")
print(f"behaviors: {result.behaviors}")
意图分析接口
from intent_detector_v2 import EnhancedIntentDetector
detector = EnhancedIntentDetector()
result = detector.analyze(code, 'sample.py')
print(f"intent: {result.intent}")
print(f"confidence: {result.confidence}")
LLM 分析接口
from llm_analyzer import LLMAnalyzer
analyzer = LLMAnalyzer()
result = analyzer.analyze(code, {
'risk_score': 25,
'behaviors': ['subprocess', 'base64']
})
print(f"is_malicious: {result.is_malicious}")
🧪 测试
# 运行测试
python3 -m pytest tests/
# 性能基准测试
python3 src/benchmark_full_scan.py
# 质量门禁验证
python3 -c "from src.multi_language_scanner_v4 import MultiLanguageScanner; print('✅ OK')"
📝 更新日志
v4.1.0 (2026-04-04)
- ✅ 三层检测架构 (白名单 + 智能评分 + 意图 + LLM)
- ✅ 回退到安全配置 (FPR 7.77%)
- ✅ 灵顺 V5 自动化监控
- ✅ 完整文档和示例
- ✅ 30 个测试样本 (AST/意图/LLM)
v4.0.0 (2026-04-03)
- ✅ 多语言融合检测
- ✅ AST 静态分析集成
- ✅ 白名单/黑名单机制
🤝 贡献
# Fork 仓库
git fork https://github.com/agent-security/scanner.git
# 创建分支
git checkout -b feature/your-feature
# 提交更改
git commit -m "feat: add your feature"
# 推送并创建 PR
git push origin feature/your-feature
📄 许可证
MIT License - 详见 LICENSE
📞 联系方式
- GitHub: https://github.com/agent-security/scanner
- Email: [email protected]
- Discord: https://discord.gg/agent-security
版本: 4.1.0
发布日期: 2026-04-04
状态: ✅ 生产就绪
Benchmark: DR 100% | FPR 7.77% | Speed 5019/s
安全使用建议
What to do before installing or running this skill:
- Treat the LLM/API instructions as optional but sensitive. Do NOT provide a high-privilege LLM_API_KEY (or reuse an org-wide key) until you've code-reviewed llm_analyzer.py and any code that sends data externally. Prefer a low-privilege or rate-limited test key.
- Inspect SKILL.md and the repository for hidden/control characters and ensure text hasn't been tampered with (the pre-scan flagged unicode-control-chars). Open the file in a hex-aware editor or run a script to reveal non-printable characters.
- Review the included scripts that the docs tell you to run (lingshun_scanner_daemon.py, lingshun_optimize.sh, lingshun_task_orchestration.sh). Run them only in an isolated sandbox (VM/container) first — they start daemons and may make network calls or write logs.
- Check any network endpoints the code calls (LLM_API_URL, webhooks, Redis URLs). Replace placeholder endpoints (api.example.com) with your own trusted endpoints if you intend to enable LLM analysis, or disable LLM_ANALYSIS entirely.
- Verify there are no unexpected hardcoded endpoints, credentials, or file paths in the source (search for 'http', 'ftp', 'api', 'token', 'password', '~/', '/etc', redis.from_url, requests.post, urllib, etc.). The docs reference a samples directory on a home path — confirm the release package does not include or exfiltrate local sample data.
- Because the skill may start persistent background processes, plan how to stop them (systemd unit or kill scripts) and inspect logs after a test run.
- If you lack capacity to audit the code yourself, run the skill only in a tightly isolated environment with no sensitive credentials, no access to production secrets, and network egress blocked (or routed through a proxy you control) until you are satisfied.
Low-level reason for 'suspicious': the project is coherent for its stated purpose, but the mismatch between declared metadata and runtime instructions, presence of hidden control characters in SKILL.md, and the instructions to run background processes and external LLM/webhook integrations create opportunities for misuse or unintended data exposure. Manual review or sandbox testing is recommended before granting it access to real credentials or production systems.
功能分析
Type: OpenClaw Skill
Name: agent-security-scanner
Version: 4.1.6
The bundle is a comprehensive security scanning tool designed to detect malicious patterns, data exfiltration, and prompt injection in AI Agent skills. It utilizes a multi-layered approach including AST static analysis, keyword-based risk scoring (found in `smart_pattern_detector.py`), regex-based intent recognition (`intent_detector_v2.py`), and optional LLM-based verification (`llm_analyzer.py`). While the codebase contains numerous high-risk strings and patterns associated with malware, these are used exclusively as detection signatures. The orchestration logic in `scanner_cli.py` and the background monitoring features described in the documentation are consistent with its stated purpose as a security analysis and benchmarking utility.
能力评估
Purpose & Capability
Name/description (AI Agent security scanner) match included code (AST/static analysis, intent detector, LLM analyzer). However the SKILL metadata/registry lists no required environment variables while the runtime docs repeatedly instruct setting LLM_API_KEY, ENABLE_LLM_ANALYSIS, LLM_API_URL, FEISHU_WEBHOOK and ALERT_EMAIL — a mismatch between declared requirements and what the skill asks the user to provide. The code and docs also reference optional services (Redis message bus, Docker sandbox, external sample libraries) that are not declared in registry metadata; these are plausible for a scanner but should be clearly declared.
Instruction Scope
SKILL.md instructs running background daemons (nohup python3 lingshun_scanner_daemon.py ...), running shell scripts (lingshun_optimize.sh, orchestration scripts) and enabling LLM analysis via env vars. It also references scanning arbitrary filesystem paths and running dynamic/sandbox analyses. Those instructions allow long-running processes, network calls, and arbitrary system interactions — appropriate for a scanner, but they broaden runtime scope (daemon persistence, filesystem and network access). The document also contains unicode-control-chars (prompt-injection signal) embedded in SKILL.md which could attempt to manipulate downstream processing or display; this should be investigated.
Install Mechanism
There is no network download/install spec in registry (no install section). The package is delivered with Python source files included. That lowers supply-chain risk compared to an installer that fetches arbitrary archives. The repository contains many scripts and sample tooling; running them still executes local code (so standard code-review/sandbox precautions apply).
Credentials
The registry metadata declares no required env vars or credentials, but SKILL.md instructs use of LLM_API_KEY/LLM_API_URL, ENABLE_LLM_ANALYSIS, FEISHU_WEBHOOK and ALERT_EMAIL. Requesting an LLM API key and webhook is plausible for an optional LLM-analysis + alerting feature, but the absence of these in the declared requires.env is an inconsistency. Additionally, docs/code reference other services (redis URL, local sample libraries) and optional dependencies (openai, requests) that imply network/secret access not enumerated in metadata. If you enable LLM analysis you must provide an API key — treat that as sensitive and do not reuse high-privilege keys without review.
Persistence & Privilege
The skill metadata does not request always:true and autonomous invocation is default. However SKILL.md encourages starting a background daemon (nohup ... &), which would create persistent processes on the host. That persistence is not enforced by the platform but is part of runtime instructions — users should be aware that installing/running the skill per its docs may create long-lived processes and log files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agent-security-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/agent-security-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.1.6
v4.1.6: 统一名称为 Agent Security Scanner
元数据
常见问题
Agent Security Skill Scanner Gitee 是什么?
AI Agent 安全扫描器 - 多语言检测 + AST 分析 + 意图识别 + LLM 验证. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 77 次。
如何安装 Agent Security Skill Scanner Gitee?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-security-scanner」即可一键安装,无需额外配置。
Agent Security Skill Scanner Gitee 是免费的吗?
是的,Agent Security Skill Scanner Gitee 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Agent Security Skill Scanner Gitee 支持哪些平台?
Agent Security Skill Scanner Gitee 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Agent Security Skill Scanner Gitee?
由 caidongyun(@caidongyun)开发并维护,当前版本 v4.1.6。
推荐 Skills