← 返回 Skills 市场

Arc Skill Differ

Name: Arc Skill Differ
Author: trypto1019

作者 ArcSelf · GitHub ↗ · v1.0.0

darwinlinux ✓ 安全检测通过

919

总下载

当前安装

版本数

在 OpenClaw 中安装

/install arc-skill-differ

功能描述

Compare two versions of an OpenClaw skill to detect security-relevant changes. Use before updating any skill from ClawHub. Highlights new capabilities, chang...

使用说明 (SKILL.md)

Skill Differ

Compare two versions of an OpenClaw skill to find security-relevant changes before updating.

Why This Exists

A skill that was clean at v1.0 could add credential stealing in v1.1. The skill scanner catches known bad patterns in a single version. The differ catches new capabilities between versions — things a skill couldn't do before but can do now.

Commands

Diff two skill directories

python3 {baseDir}/scripts/differ.py diff --old ~/.openclaw/skills/some-skill/ --new /tmp/some-skill-v2/

Diff with JSON output

python3 {baseDir}/scripts/differ.py diff --old ./v1/ --new ./v2/ --json

Quick summary only (no file details)

python3 {baseDir}/scripts/differ.py diff --old ./v1/ --new ./v2/ --summary

What It Detects

New Capabilities Added

Network access (skill didn't make HTTP requests before, now it does)
Credential access (didn't read env vars or API keys before, now it does)
File system access (wasn't touching home directory, now it is)
Code execution patterns (eval/exec that didn't exist before)
Data exfiltration (new outbound POST requests)
Obfuscation (new encoded/obfuscated content)

File Changes

New files added (especially in scripts/)
Deleted files (could remove safety checks)
Modified files with security-relevant diffs

Recommendations

SAFE — No new security-relevant capabilities. Update freely.
REVIEW — New capabilities detected. Read the changes before updating.
BLOCK — Critical new capabilities (code execution, credential access). Manual audit required.

Tips

Always diff before updating any third-party skill
Pair with skill-scanner: scan before first install, diff before every update
Pay attention to new files — attackers add payloads in new scripts
If a "bug fix" update adds network access, that's suspicious

安全使用建议

This tool appears coherent and appropriate for its purpose. Before running it: point it only at the skill directories you mean to inspect (it will read all files under the provided paths), and avoid scanning directories that contain unrelated secrets. Treat its results as a helpful signal — review any flagged changes manually (false positives are possible, especially when patterns appear in docs). Because it runs locally and asks for no credentials or network access, it's low-risk to run on skill copies prior to updates.

功能分析

Type: OpenClaw Skill Name: arc-skill-differ Version: 1.0.0 The OpenClaw skill 'skill-differ' is a security analysis tool designed to compare two versions of an OpenClaw skill bundle to detect new security-relevant capabilities. Its `SKILL.md` clearly describes its purpose and the types of malicious patterns it identifies (e.g., network access, credential access, code execution, data exfiltration, prompt injection). The `scripts/differ.py` implements this detection logic using regular expressions and file system traversal. The skill itself does not exhibit any malicious behaviors, nor does its documentation attempt prompt injection against the agent; rather, it identifies such patterns in *other* skills, making it a legitimate security utility.

能力评估

✓ Purpose & Capability

Name/description promise (compare two skill versions for security-relevant changes) aligns with what is included: a Python script that scans files and SKILL.md for patterns indicating network/credential/filesystem/code-execution/data-exfiltration/obfuscation/prompt-injection. Required binary is only python3, which is proportional.

✓ Instruction Scope

SKILL.md instructs running the included differ.py against two local directories and offers JSON/summary options. The runtime instructions only reference local paths and output formats; they do not instruct reading unrelated system state, exfiltrating data, or contacting remote endpoints.

✓ Install Mechanism

No install spec (instruction-only with an included script). Nothing is downloaded or written during install. The included script is a static Python file that is read/executed locally.

✓ Credentials

The skill declares no required environment variables or credentials. The differ.py scans code and SKILL.md for references to sensitive names (e.g., OPENAI_API_KEY) but it does not itself request nor require those secrets.

✓ Persistence & Privilege

always is false and the skill does not attempt to modify agent or system-wide configuration. It runs on-demand against paths you supply.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install arc-skill-differ
安装完成后，直接呼叫该 Skill 的名称或使用 /arc-skill-differ 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of skill-differ. - Provides a tool to compare two versions of an OpenClaw skill for security-relevant changes. - Detects new capabilities (e.g., network, credential, file system access, code execution). - Reports on file changes, including added, removed, or modified files with security impact. - Offers clear recommendations: SAFE, REVIEW, or BLOCK before skill updates. - Supports plain text, JSON, and summary output modes.

元数据

Slug arc-skill-differ

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题

Arc Skill Differ 是什么？

Compare two versions of an OpenClaw skill to detect security-relevant changes. Use before updating any skill from ClawHub. Highlights new capabilities, chang... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 919 次。

如何安装 Arc Skill Differ？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install arc-skill-differ」即可一键安装，无需额外配置。

Arc Skill Differ 是免费的吗？

是的，Arc Skill Differ 完全免费（开源免费），可自由下载、安装和使用。

Arc Skill Differ 支持哪些平台？

Arc Skill Differ 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（darwin, linux）。

谁开发了 Arc Skill Differ？

由 ArcSelf（@trypto1019）开发并维护，当前版本 v1.0.0。