← 返回 Skills 市场

AgentShield Scanner

Name: AgentShield Scanner
Author: elliotllliu

作者 Elliot Liu · GitHub ↗ · v0.5.1 · MIT-0

cross-platform ⚠ suspicious

304

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agentshield-scanner

功能描述

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

使用说明 (SKILL.md)

AgentShield — Security Scanner

Scan any directory for security issues in AI agent skills, MCP servers, and plugins.

Usage

# Basic scan
npx @elliotllliu/agent-shield scan ./path/to/skill/

# Pre-install check (GitHub URL, npm package, or local path)
npx @elliotllliu/agent-shield install-check https://github.com/user/repo

# JSON output for programmatic use
npx @elliotllliu/agent-shield scan ./path/to/skill/ --json

# Fail if score is below threshold
npx @elliotllliu/agent-shield scan ./path/to/skill/ --fail-under 70

# Scan .difypkg plugin archives
npx @elliotllliu/agent-shield scan ./plugin.difypkg

What It Detects (30 rules)

High Risk:

data-exfil — reads sensitive files + sends HTTP requests
backdoor — eval(), exec(), dynamic code execution
reverse-shell — outbound socket to shell
crypto-mining — mining pool connections
credential-hardcode — hardcoded API keys/tokens
obfuscation — base64+eval, hex strings
prompt-injection — 55+ patterns, 12 categories, 8 languages
tool-shadowing — tool name/description manipulation
attack-chain — multi-step kill chain (5 stages)
cross-file — cross-file data flow and code injection
ast-* — Python AST taint tracking (eval, pickle, SQL injection, SSTI)
multilang-injection — 8-language prompt injection
description-integrity — semantic mismatch between description and code
mcp-runtime — MCP server runtime security issues

Medium Risk:

env-leak — process.env exfiltration
network-ssrf — user-controlled URLs, SSRF
privilege — SKILL.md permission vs code mismatch
supply-chain — known CVEs in dependencies
sensitive-read — SSH keys, AWS creds access
phone-home — periodic beacon/heartbeat pattern
python-security — 35 Python-specific patterns

Low Risk:

excessive-perms — too many permissions declared
hidden-files — .env with secrets committed
typosquatting — suspicious npm package names

Interpreting Results

Score 90-100: Low risk ✅
Score 70-89: Moderate risk — review warnings
Score 40-69: High risk — investigate before using
Score 0-39: Critical risk — do not install

When to Use

Before installing a third-party skill: npx @elliotllliu/agent-shield install-check \x3Curl>
Auditing your own skills before publishing
CI/CD pipeline gate: --fail-under 70
Reviewing skills from untrusted sources

安全使用建议

This SKILL.md simply tells the agent to run an external npm package via `npx` to perform scans. Before running: (1) verify the npm package origin and author (@elliotllliu) and inspect its source (GitHub repo, package contents) — do not run it blindly; (2) ensure you have npx/node and understand npx will fetch code from the registry at runtime; (3) run the scanner in an isolated environment (container or VM) and against copies of sensitive data when possible; (4) prefer pinned versions or checksums and verify package integrity/signatures; (5) if you cannot inspect the package, treat it as untrusted code and avoid scanning live systems or secrets until you confirm its safety.

功能分析

Type: OpenClaw Skill Name: agentshield-scanner Version: 0.5.1 The skill bundle describes a security tool called 'AgentShield' designed to scan AI agent skills and plugins for vulnerabilities like data exfiltration and backdoors. It operates by instructing the agent to run a specific npm package (`@elliotllliu/agent-shield`) via `npx`. The documentation in SKILL.md is transparent, aligns with the stated security purpose, and contains no evidence of malicious intent, obfuscation, or prompt injection attacks.

能力评估

ℹ Purpose & Capability

The SKILL.md describes an AI-skill/plugin scanner which matches the name and description. However the runtime examples all use `npx @elliotllliu/agent-shield ...` yet the skill metadata declares no required binaries or install steps — this is an inconsistency (the agent needs npx/node/npm to run the scanner).

✓ Instruction Scope

Instructions are narrowly scoped to invoking the scanner on local paths, archives, or repository URLs. Scanning necessarily reads files (including secrets) to detect leaks, which is expected behavior for this purpose; the instructions do not direct data to external endpoints themselves, but they do invoke an external package that will run with whatever network/file permissions the runtime grants.

⚠ Install Mechanism

No install spec or bundled code is included; the SKILL.md instructs using `npx` to fetch and run `@elliotllliu/agent-shield` at runtime. Fetching and executing an external npm package is a moderate-to-high supply-chain risk. The skill does not include provenance, a homepage, or packaged code to inspect locally, increasing the risk.

ℹ Credentials

The skill requests no environment variables or credentials in metadata, which is appropriate. Be aware that a scanner will need access to local files and may read secrets to detect leaks — this is proportional to its stated task but is sensitive, so running it requires trust in the scanner implementation.

✓ Persistence & Privilege

The skill does not request persistent/always-on privileges and does not modify other skills. It is user-invocable and does not claim autonomous always-inclusion, which is appropriate.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agentshield-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /agentshield-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.5.1

30 security rules, Python AST taint tracking, cross-file analysis, 8-language prompt injection detection, platform integration guide

v1.0.0

Initial release — 30-rule security scanner for AI agent skills, MCP servers, and plugins

元数据

Slug agentshield-scanner

版本 0.5.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题