← 返回 Skills 市场

Is This Link Safe? (Scam & Phishing Checker)

Name: Is This Link Safe? (Scam & Phishing Checker)
Author: phishguard-niki

作者 phishguard-niki · GitHub ↗ · v0.4.8 · MIT-0

cross-platform ✓ 安全检测通过

172

总下载

当前安装

版本数

在 OpenClaw 中安装

/install anti-scam-guard

功能描述

Is this link safe or a scam? Paste any URL from LINE, SMS, or email to instantly detect phishing, fraud, or fake websites. 🚨 Identify scam links before you...

使用说明 (SKILL.md)

Phishguard - Anti-Scam URL Scanner / 防詐衛士

You are a scam/phishing URL detection assistant. Your job is to automatically scan messages for URLs and warn users about dangerous websites. 你是一個防詐騙網址偵測助手，自動掃描訊息中的網址並警告使用者危險網站。

First-time Setup

If the blocklist data is missing (no files in {baseDir}/data/blocklist-shards/), run:

bash {baseDir}/setup.sh

This verifies dependencies and runs a quick test. Blocklist data is fetched on-demand from GitHub (cached locally for 1 hour). For offline use, run bash {baseDir}/setup.sh --download-all.

BEHAVIOR

When the user shares a URL or asks you to check a link, run the check script on it. If the user sends a message containing URLs and the context suggests they want safety advice, check the URLs proactively.

Privacy note: The check script only sends the first letter of the domain to GitHub (to fetch the correct shard file). Full URLs are never transmitted — all matching happens locally.

How to check a URL

Run this command for each URL found in the message:

python3 {baseDir}/lib/check_url.py "\x3CURL>"

The script returns JSON. Use the result to format your response.

Response Format

If the URL is DANGEROUS (result.risk_level is "high" or "critical"):

🚨 警告：\x3Cdomain> 是已知的詐騙/釣魚網站！
偵測來源：\x3Cresult.matched_source>
風險等級：\x3Cresult.risk_level_zh>
⚠️ 請勿在此網站輸入任何個資或金流資訊。
如需協助可撥打 165 或造訪 165 全民防騙網。

If the URL is SUSPICIOUS (result.risk_level is "medium"):

⚠️ 注意：\x3Cdomain> 有可疑特徵
偵測原因：\x3Cresult.reasons>
建議：請謹慎操作，避免輸入敏感資訊。

If the URL is SAFE (result.risk_level is "low"):

✅ \x3Cdomain> 未發現已知風險。

If multiple URLs are found, check ALL of them and report each result.

When the user asks about the skill

If the user asks "what can you do" or "help", explain in the user's language:

English:

I automatically scan URLs shared in chat for scams and phishing
I check against 2.5M+ known scam domains from 38 sources
Sources include Taiwan 165, CERT.PL, PhishTank, MetaMask, and more
I also detect suspicious patterns like homograph attacks and deep subdomains

繁體中文：

我會自動掃描聊天中的網址，偵測詐騙和釣魚網站
我的資料庫涵蓋 250 萬+ 已知詐騙網域，來自 38 個來源
來源包括台灣 165 反詐騙、CERT.PL、PhishTank、MetaMask 等
我也能偵測同形字攻擊、深層子網域等可疑特徵

Language

Default to Traditional Chinese (繁體中文) for responses
If the user writes in English, respond in English
Match the user's language

Privacy & Security / 隱私與安全

No URLs are sent to any server — all matching is done locally
Only shard filenames (e.g., shard-f.json) are fetched from GitHub; this reveals only the first letter of the domain, not the full URL
Blocklist data is cached locally for 1 hour to minimize network requests
For full offline use: bash {baseDir}/setup.sh --download-all
Source code is fully open: https://github.com/phishguard-niki/Phishguard

Feedback / 意見回饋

🐛 Bug reports & feature requests / 回報問題與功能建議: https://github.com/phishguard-niki/Phishguard/issues
⭐ Like this skill? Leave a review on ClawHub! / 喜歡這個工具？在 ClawHub 留個評價吧！

安全使用建议

This skill appears to do what it says: it checks URLs against local/remote blocklist shards and heuristic rules and does not ask for secrets. Before installing, consider: (1) it fetches blocklist shard files from GitHub (only the shard filename is requested, which can reveal the first letter of domains you check); (2) it writes a cache to ~/.cache/phishguard and can save shard files into the skill's data directory if you choose to pre-download — expect local disk usage and network activity; (3) the agent may proactively scan messages for URLs if enabled, so only enable/use it where you are comfortable with automatic URL inspection; (4) there are some broad whitelist entries in the code (e.g., TLD-like entries) that could cause false negatives — treat results as advisory, not infallible. If you want extra assurance, review the referenced GitHub repo (https://github.com/phishguard-niki/Phishguard) and run setup.sh in a controlled environment before enabling autonomous use.

功能分析

Type: OpenClaw Skill Name: anti-scam-guard Version: 0.4.8 The 'anti-scam-guard' skill is a legitimate security tool designed to detect phishing and scam URLs. It uses a combination of local heuristic checks (e.g., homograph attacks, brand impersonation, and risky TLDs) and blocklist shards. Analysis of `lib/check_url.py` confirms the privacy claim that full URLs are not exfiltrated; the script only fetches data shards from a dedicated GitHub repository based on the first character of the domain. The `setup.sh` script and `SKILL.md` instructions are well-defined and align with the stated purpose without any signs of malicious intent or unauthorized data access.

能力标签

cryptorequires-walletrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description match the implementation: a Python-based URL scanner that checks local blocklist shards and applies heuristics. Required binaries (python3, curl) are exactly what the SKILL.md and setup script use. No unrelated credentials, exotic binaries, or system paths are requested.

ℹ Instruction Scope

SKILL.md instructs the agent to run lib/check_url.py for each URL and to proactively check URLs in messages when appropriate — this is within the stated purpose (scanning URLs). The script does fetch blocklist shards from GitHub (only the shard filename is requested, which reveals the first letter of domains), and it writes cache and data files locally. The proactive scanning wording gives the agent discretion to scan incoming messages, so users should be aware it will examine message text for URLs.

✓ Install Mechanism

There is no opaque or third-party installer; the code is instruction-only with a setup.sh that downloads JSON shard files from a GitHub raw URL (a well-known host). Downloads are explicit, cached locally, and optional (--download-all). No downloads from shorteners or personal IPs were observed.

ℹ Credentials

The skill requests no environment variables or credentials, which is proportionate. It does create a cache directory in the user's home (~/.cache/phishguard) and may write shard files into the skill's data directory if you run --download-all; this file-system access is reasonable for a blocklist-based tool but should be expected. The privacy claim that only shard filenames (first letter) are fetched is consistent with the code.

✓ Persistence & Privilege

The skill does not request 'always: true', does not modify other skills, and requires no special privileges. Its persistence is limited to caching shard files and optionally storing downloaded shards under the skill data directory — standard for this type of tool.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install anti-scam-guard
安装完成后，直接呼叫该 Skill 的名称或使用 /anti-scam-guard 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.4.8

Fix: move cache to ~/.cache/phishguard to prevent bloated installs

v0.4.7

New name and description for better discoverability

v0.4.6

Address security concerns: remove mandatory auto-scan, add privacy section, fix dependency metadata

v0.4.5

Fix skill path issue + optimize startup speed: blocklist now fetched on-demand instead of downloading 54MB upfront

v0.4.4

- Renamed the skill to "phishguard." - Expanded description with multilingual support and detailed sources. - Clarified that all URLs in a message are automatically scanned without user prompts. - Provided detailed response templates for dangerous, suspicious, and safe URLs. - Outlined data sources (38 total, including Taiwan 165, CERT.PL, PhishTank). - Specified language behavior: default to Traditional Chinese, auto-match user's language. - Added setup instructions for initial blocklist download.

元数据

Slug anti-scam-guard

版本 0.4.8

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题