← 返回 Skills 市场
trypto1019

Skill Scanner

作者 ArcSelf · GitHub ↗ · v1.4.0
darwinlinux ✓ 安全检测通过
933
总下载
0
收藏
2
当前安装
5
版本数
在 OpenClaw 中安装
/install arc-skill-scanner
功能描述
Scan OpenClaw skills for security vulnerabilities before installing them. Use when evaluating a new skill from ClawHub or any third-party source. Detects cre...
使用说明 (SKILL.md)

Skill Scanner

Scan OpenClaw skills for security issues before you install them. 341 malicious skills were found on ClawHub — don't be the next victim.

Why This Exists

The ClawHub marketplace had 22-26% of skills flagged as containing vulnerabilities. Common attacks include:

  • Credential stealers disguised as benign plugins
  • Typosquatting (fake names similar to popular skills)
  • Data exfiltration via hidden HTTP requests
  • Obfuscated code hiding malicious payloads
  • Prompt injection via SKILL.md content

Commands

Scan a local skill directory

python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/

Scan a SKILL.md file directly

python3 {baseDir}/scripts/scanner.py scan --file ./SKILL.md

Scan with verbose output

python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/ --verbose

Scan all installed skills

python3 {baseDir}/scripts/scanner.py scan-all

Scan with binary checksum verification

python3 {baseDir}/scripts/scanner.py scan --path ~/.openclaw/skills/some-skill/ --checksum checksums.json

Generate checksums for binary assets

python3 {baseDir}/scripts/scanner.py checksum --path ~/.openclaw/skills/some-skill/ -o checksums.json

Verify checksums against a manifest

python3 {baseDir}/scripts/scanner.py checksum --path ~/.openclaw/skills/some-skill/ --verify checksums.json

Output as JSON

python3 {baseDir}/scripts/scanner.py scan --path ./skill-dir/ --json

What It Checks

SKILL.md Analysis

  • Suspicious URLs (non-HTTPS, IP addresses, URL shorteners)
  • Prompt injection patterns (hidden instructions, override attempts)
  • Requests for credentials, API keys, or tokens
  • Obfuscated or encoded content (base64, hex, unicode escapes)

Script Analysis

  • Network calls (curl, wget, requests, urllib, fetch)
  • File system writes outside expected paths
  • Environment variable access (credential harvesting)
  • Shell command execution (os.system, subprocess, exec)
  • Obfuscated strings (base64 decode, eval, exec)
  • Data exfiltration patterns (POSTing to external URLs)
  • Cryptocurrency wallet patterns
  • Known malicious domains
  • Dynamic instruction fetching (remote .md/.yaml/.json downloads)
  • Fetch-and-execute patterns (remote code execution)
  • Telemetry leaks (printenv, logging env vars/configs/secrets to stdout)
  • Binary/asset risks (prebuilt executables, compiled code, library injection)
  • Shell=True in subprocess calls (RCE risk)
  • Path traversal patterns (directory escape via ../ sequences)

Name Analysis

  • Typosquatting detection (compares against known popular skills)
  • Edit distance calculation to catch misspellings and character swaps

Binary/Asset Checksum Verification

  • SHA-256 checksums for all binary files (.exe, .dll, .so, .wasm, .pyc, etc.)
  • Generate checksum manifests for trusted skill versions
  • Verify binaries against expected checksums on update
  • Flags unverified binaries and checksum mismatches (tampering detection)

Metadata Analysis

  • Excessive permission requirements
  • Suspicious install scripts
  • Env requirements that seem unnecessary

Risk Levels

  • CRITICAL — Almost certainly malicious. Do NOT install.
  • HIGH — Likely malicious or extremely risky. Manual review required.
  • MEDIUM — Suspicious patterns found. Review before installing.
  • LOW — Minor concerns. Probably safe but worth checking.
  • CLEAN — No issues detected. Safe to install.

Tips

  • Always scan before installing ANY third-party skill
  • Even "CLEAN" results aren't a guarantee — this catches known patterns
  • If a skill needs network access, verify the domains it contacts
  • Cross-reference skill names with known typosquats
  • When in doubt, read the source code yourself
安全使用建议
This skill appears coherent and appropriate for scanning OpenClaw skills. Before running it: 1) only point the scanner at directories you control or intend to audit (it will read files under the given path), 2) treat results as heuristics—false positives and false negatives are possible (obfuscated or polymorphic malware can evade detection), 3) do not blindly execute any binaries the scanner flags; instead inspect or run them in a sandbox, and 4) if you rely on checksum verification, store and manage checksum manifests from trusted sources.
功能分析
Type: OpenClaw Skill Name: arc-skill-scanner Version: 1.4.0 This skill bundle is a security scanner designed to detect vulnerabilities and malicious patterns in other OpenClaw skills. The `SKILL.md` clearly outlines its purpose and the types of threats it identifies (e.g., credential stealers, data exfiltration, prompt injection). The `scripts/scanner.py` code implements these detection mechanisms, defining extensive patterns for malicious activities but using them solely for analysis, not for self-exploitation. The scanner also incorporates defensive measures, such as preventing path traversal and symlink following, to protect itself from potentially malicious skills it scans. There is no evidence of intentional harmful behavior, data exfiltration, or unauthorized actions within this skill itself.
能力评估
Purpose & Capability
Name/description, included scanner.py, and the runtime instructions all align: the tool is a local static/heuristic scanner for skill packages and does not request unrelated resources or credentials.
Instruction Scope
SKILL.md tells the agent/user to run the scanner against skill directories or SKILL.md files. The scanner will open and analyze any path the user supplies (including arbitrary filesystem paths if given), which is expected for a scanner but means you should only point it at skill directories you intend to analyze.
Install Mechanism
No install spec; it's instruction-only with a bundled Python script. Requiring python3 is proportional for a Python scanner and there are no external download/install steps.
Credentials
No environment variables, credentials, or config paths are requested. The scanner only contains detection patterns for common secrets and does not itself require those secrets.
Persistence & Privilege
always is false and there is no indication the skill attempts to persist, enable itself system-wide, or modify other skills. It runs on demand.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install arc-skill-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /arc-skill-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.0
- No user-facing changes. - Internal update: modified scripts/scanner.py.
v1.3.0
- Adds binary/asset checksum verification with SHA-256 to detect tampering or untrusted changes. - New commands for generating and verifying checksum manifests for binaries and assets. - Flags unverified binaries and checksum mismatches during scans. - Documentation updated with new checksum-related options and usage examples.
v1.2.0
- Added detection for use of shell=True in subprocess calls (identifies remote code execution risks). - Added checks for path traversal patterns (e.g., directory escapes using ../). - Updated documentation in SKILL.md to reflect new security checks.
v1.1.0
arc-skill-scanner 1.1.0 - Added detection of telemetry leaks (such as logging environment variables or secrets to stdout). - Added new checks for binary/asset risks (including prebuilt executables, compiled code, and library injection).
v1.0.0
- Initial release of skill-scanner. - Scan OpenClaw skills for security vulnerabilities before installing. - Detects threats like credential stealers, data exfiltration, malicious URLs, obfuscated code, and supply chain attacks. - Supports scanning local directories, individual SKILL.md files, or all installed skills with optional JSON and verbose output. - Analyzes skill scripts, metadata, and names for suspicious patterns and typosquatting. - Assigns risk levels (CRITICAL, HIGH, MEDIUM, LOW, CLEAN) based on findings to guide safe installation decisions.
元数据
Slug arc-skill-scanner
版本 1.4.0
许可证
累计安装 2
当前安装数 2
历史版本数 5
常见问题

Skill Scanner 是什么?

Scan OpenClaw skills for security vulnerabilities before installing them. Use when evaluating a new skill from ClawHub or any third-party source. Detects cre... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 933 次。

如何安装 Skill Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install arc-skill-scanner」即可一键安装,无需额外配置。

Skill Scanner 是免费的吗?

是的,Skill Scanner 完全免费(开源免费),可自由下载、安装和使用。

Skill Scanner 支持哪些平台?

Skill Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。

谁开发了 Skill Scanner?

由 ArcSelf(@trypto1019)开发并维护,当前版本 v1.4.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论