功能描述

AI Agent 安全扫描器 - 通用恶意代码检测 + 多语言支持 + CLI 工具

使用说明 (SKILL.md)

Agent Security Scanner v5.5.1

Name: Agent Security Skill Scanner Gitee
Author: caidongyun

通用 AI Agent 安全扫描器 - 支持多语言检测、CLI 工具、恶意代码识别

🎯 核心能力

能力	说明	状态
CLI 工具	asc-scan 命令行扫描器	✅ v5.5
多语言检测	Python/JavaScript/YAML/Go/Shell	✅
183+ 检测规则	覆盖 10+ 攻击类型	✅
智能识别	自动识别 Skill/文件/NPM/GitHub	✅
分层输出	默认/高级/JSON	✅
白名单机制	降低误报率	✅

📊 性能指标

指标	值	说明
检测率	99%+	基于基准测试
误报率	\x3C1%	白名单机制优化
扫描速度	>100 文件/分钟	单文件\x3C100ms
支持语言	5 种	Python/JS/YAML/Go/Shell

🚀 快速开始

安装方式 1: 从 Gitee (中国大陆推荐)

# 克隆仓库
git clone https://gitee.com/caidongyun/agent-security-skill-scanner.git
cd agent-security-skill-scanner/release/v5.1.0

# 安装 CLI 工具
chmod +x asc-scan
sudo ln -sf $(pwd)/asc-scan /usr/local/bin/asc-scan

# 或使用安装脚本
./install.sh

安装方式 2: 从 GitHub (海外推荐)

# 克隆仓库
git clone https://github.com/caidongyun/agent-security-skill-scanner.git
cd agent-security-skill-scanner/release/v5.1.0

# 安装 CLI 工具
chmod +x asc-scan
sudo ln -sf $(pwd)/asc-scan /usr/local/bin/asc-scan

安装方式 3: 从 npm (待发布)

npm install -g asc-scan

🔧 基本使用

扫描 Skill

# ClawHub 技能
asc-scan agent-reach

# 本地 Skill
asc-scan ./local-skill

扫描文件

# Python 文件
asc-scan ./suspicious.py

# JavaScript 文件
asc-scan ./malicious.js

# YAML 配置
asc-scan ./deployment.yaml

详细输出

asc-scan \x3C目标> --verbose
# 或
asc-scan \x3C目标> --json

📋 环境变量说明

可选环境变量

名称	说明	必需	安全提示
`LLM_API_KEY`	LLM API 密钥	否	建议使用隔离的 API 密钥，不要使用主密钥
`LLM_API_URL`	LLM API 地址	否	优先使用本地/离线模型端点
`FEISHU_WEBHOOK`	飞书告警 Webhook	否	仅用于告警通知
`ALERT_EMAIL`	告警邮箱	否	仅用于邮件告警
`ENABLE_LLM_ANALYSIS`	启用 LLM 分析	否	默认 false，建议先在隔离环境测试

使用示例

# 启用 LLM 分析 (可选)
export ENABLE_LLM_ANALYSIS=true
export LLM_API_KEY=your_api_key  # 建议使用测试密钥
export LLM_API_URL=https://api.example.com/v1

# 运行扫描
asc-scan ./suspicious.py --verbose

安全提示:

⚠️ 不要使用生产环境的 API 密钥
⚠️ 优先使用本地/离线模型
⚠️ 在隔离环境测试后再启用

⚠️ 持久化行为声明

后台守护进程 (可选)

本技能提供可选的后台扫描守护进程：

# 启动守护进程 (可选，默认不启用)
nohup python3 lingshun_scanner_daemon.py > logs/daemon.log 2>&1 &

# 停止守护进程
pkill -f lingshun_scanner_daemon.py

注意:

⚠️ 守护进程会持续运行
⚠️ 可能发起网络调用 (LLM API/告警通知)
⚠️ 默认不启用，需手动启动
⚠️ 可通过 kill 命令停止

定时任务 (可选)

本技能提供可选的定时扫描任务：

# 添加 cron 任务 (可选，默认不启用)
crontab -e
# 每小时扫描一次
0 * * * * python3 /path/to/scanner.py

注意:

⚠️ 定时任务会定期执行
⚠️ 默认不启用，需手动配置
⚠️ 可通过 crontab -r 删除

网络调用 (可选)

本技能可能发起网络调用：

调用类型	目的地	用途	是否必需
LLM API	用户配置的 LLM_API_URL	LLM 深度分析	否
告警通知	用户配置的 FEISHU_WEBHOOK	告警通知	否
告警通知	用户配置的 ALERT_EMAIL	邮件告警	否

注意:

⚠️ 所有网络调用都是可选的
⚠️ 目的地由用户配置
⚠️ 可在代码中审查网络调用逻辑

🏗️ 仓库源说明

双仓库源策略

为确保全球用户都能正常访问，本技能提供双仓库源：

仓库	URL	适用地区	状态
Gitee (主)	https://gitee.com/caidongyun/agent-security-skill-scanner	中国大陆	✅ 推荐
GitHub (镜像)	https://github.com/caidongyun/agent-security-skill-scanner	海外	✅ 备用

选择建议:

🇨🇳 中国大陆用户：优先使用 Gitee (访问速度更快)
🌏 海外用户：优先使用 GitHub (访问更稳定)
🔄 如遇网络问题：切换到另一仓库源

验证官方仓库:

# 验证 Gitee 仓库
git remote -v
# 应显示：https://gitee.com/caidongyun/agent-security-skill-scanner

# 验证 GitHub 仓库
git remote -v
# 应显示：https://github.com/caidongyun/agent-security-skill-scanner

📊 风险等级说明

等级	分数范围	建议
🟢 低风险	0-19 分	可以安装/执行
🟡 中等风险	20-49 分	谨慎使用，审查代码
🔴 高风险	50-100 分	建议拒绝/删除

⚠️ 安全提示

安装前

验证官方仓库
- 检查仓库 URL 是否匹配
- 查看提交历史和作者
- 验证 Release 标签
审查代码
- 检查网络调用代码
- 检查敏感数据处理
- 移除 Unicode 控制字符
隔离测试
- 在 VM/容器中测试
- 限制网络访问
- 监控日志

使用时

环境变量安全
- 使用隔离的 API 密钥
- 不要使用生产密钥
- 定期轮换密钥
持久化行为
- 默认不启用守护进程
- 谨慎配置定时任务
- 定期审查运行状态
网络调用
- 审查网络调用目的地
- 使用防火墙限制
- 监控网络流量

📝 更新日志

v5.5.1 (2026-04-10)

修复:

✅ 添加环境变量声明
✅ 添加持久化行为声明
✅ 添加双仓库源声明
✅ 清理 Unicode 控制字符
✅ 统一仓库 URL

新增:

✅ asc-scan CLI 工具
✅ 智能目标识别
✅ 分层输出 (默认/高级/JSON)

v5.5.0 (2026-04-10)

新增:

✅ 通用 CLI 扫描器
✅ 支持 Skill/文件/NPM/GitHub
✅ 183+ 检测规则

📞 反馈与支持

报告问题

Gitee Issues: https://gitee.com/caidongyun/agent-security-skill-scanner/issues
GitHub Issues: https://github.com/caidongyun/agent-security-skill-scanner/issues

贡献代码

欢迎提交 Pull Request！

安全审计

如需第三方安全审计，请联系：[email protected]

版本: v5.5.1
更新日期: 2026-04-10
许可: MIT
作者: Agent Security Team

安全使用建议

Before installing or running this skill: 1) Verify the repository owner and commit history on both Gitee/GitHub; don't run install.sh or any scripts until you inspect them. 2) Check that the referenced binaries/scripts actually exist in the release you downloaded (asc-scan, install.sh, lingshun_scanner_daemon.py); if they are missing, do not follow the install steps that assume them. 3) Never export production LLM_API_KEY values; if you enable LLM analysis, use an isolated/test key or an on-prem/local model endpoint. 4) Review network-call code paths (LLM callers, webhook/email logic, redis/message-bus usage) to confirm where data would be sent. 5) Treat the daemon/cron suggestions as manual and optional — run scans in a VM/container or with network disabled until you audit the code. 6) Resolve the unicode-control character finding in SKILL.md (or get a clean upstream release) before trusting automated evaluation of the instructions. If you are not comfortable auditing the code yourself, do not install system-wide (avoid sudo ln -sf) and consider running the scanner only in an isolated environment.

功能分析

Type: OpenClaw Skill Name: agent-security-skill-scanner-gitee Version: 1.0.0 The bundle describes a comprehensive security scanner for AI Agents that includes high-risk capabilities such as optional persistence (daemon and cron tasks), network communication via LLM APIs and webhooks, and instructions for global binary installation requiring elevated privileges (sudo). While the extensive list of malicious patterns found in 'src/engine/smart_pattern_detector.py' and 'src/intent_detector_v2.py' is consistent with its stated purpose as a detection engine, the tool's ability to 'collect real samples' and its request for persistence in an automated agent environment are high-risk behaviors. There is no clear evidence of intentional self-exploitation, but the broad permissions and system-level access requested in 'SKILL.md' and 'scanner_cli.py' warrant caution.

能力评估

ℹ Purpose & Capability

Name/description match the code: the repository and included Python scanner modules (multi_language_scanner_v4.py, llm_analyzer.py, intent_detector_v2.py, etc.) are consistent with a security scanning tool. However SKILL.md and other docs reference additional artifacts (asc-scan binary, install.sh, lingshun_scanner_daemon.py, various shell helpers) and large sample directories that are not present in the provided manifest; that mismatch is unexpected and reduces confidence that the declared installation/runtime steps are accurate.

⚠ Instruction Scope

SKILL.md instructs the agent/user to clone remote repos, run install scripts, symlink a local 'asc-scan' to /usr/local/bin (sudo), start an optional background daemon (nohup python3 lingshun_scanner_daemon.py) and add cron tasks — all of which are powerful system actions. The documentation also encourages enabling an LLM API key and optional network notifications. Those runtime instructions go beyond read-only scanning (they perform network installs and persistent background execution). Additionally, the SKILL.md contains a detected 'unicode-control-chars' prompt-injection signal despite claiming the characters were cleaned, which suggests a possible attempt to hide or manipulate text.

⚠ Install Mechanism

There is no formal install spec in the skill metadata (instruction-only), which is lowest platform risk, but SKILL.md tells users to git clone remote repositories and run install scripts / symlink binaries with sudo. Downloading and executing scripts from an external repo and creating root-owned symlinks is a higher-risk install flow — acceptable for a CLI tool if you trust the source, but disproportionate if the repository/owner is unverified. The manifest also does not include the referenced asc-scan binary or some scripts, creating an ambiguous install story.

⚠ Credentials

The declared environment variables are optional and appropriate for an LLM-enabled scanner (LLM_API_KEY, LLM_API_URL, FEISHU_WEBHOOK, ALERT_EMAIL, ENABLE_LLM_ANALYSIS). That is reasonable. However other repository files/docs mention services (Redis message bus via redis.from_url, possible network endpoints) and configuration paths that are not declared as required env vars. Also enabling LLM analysis requires providing an API key and endpoint; if provided, scanner code may send samples to that external endpoint — a legitimate feature but a sensitive operation that must be limited to test/isolated keys. Overall the requested env access is plausible but the docs/code reference additional runtime dependencies/config not declared explicitly, which is a concern.

ℹ Persistence & Privilege

always:false and model invocation allowed (normal). SKILL.md clearly marks daemon/cron/network as optional and requires manual enabling. This is acceptable, but optional persistence (daemon + cron) combined with network capability increases blast radius if the user enables them without review. The skill does not declare it will modify other skills or system-wide agent settings.

版本历史

v1.0.0

Initial release of agent-security-skill-scanner. - Provides a universal AI Agent security scanner with CLI tool (asc-scan) and multi-language support (Python, JavaScript, YAML, Go, Shell) - Includes 183+ detection rules, risk scoring, and layered output (default/advanced/JSON) - Offers optional environment variables (LLM/Feishu/email support) and intelligent target detection (Skill, file, NPM, GitHub) - Transparent optional persistence: daemon, cron, and network calls with detailed security notes - Dual repository sources (Gitee primary, GitHub mirror) for global availability - Detailed security tips and documentation in SKILL.md

元数据

Slug agent-security-skill-scanner-gitee

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 0

历史版本数 1

常见问题

Agent Security Skill Scanner Gitee 是什么？

AI Agent 安全扫描器 - 通用恶意代码检测 + 多语言支持 + CLI 工具. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 70 次。

如何安装 Agent Security Skill Scanner Gitee？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-security-skill-scanner-gitee」即可一键安装，无需额外配置。

Agent Security Skill Scanner Gitee 是免费的吗？

是的，Agent Security Skill Scanner Gitee 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Agent Security Skill Scanner Gitee 支持哪些平台？

Agent Security Skill Scanner Gitee 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agent Security Skill Scanner Gitee？

由 caidongyun（@caidongyun）开发并维护，当前版本 v1.0.0。

Agent Security Skill Scanner Gitee