← 返回 Skills 市场
Argus Lite — Code Scanner (Free)
作者
OccupyTheMilkyWay
· GitHub ↗
· v1.0.0
· MIT-0
21
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install argus-lite
功能描述
Argus Lite â Code Scanner (Free). Scan a single Python file for the top 10 most critical security and bug patterns. A free preview of what Argus Pro does f...
使用说明 (SKILL.md)
Argus Lite â Free Code Scanner
Scan one Python file against the top 10 critical security and bug rules.
Free vs Pro
| Feature | Argus Lite (Free) | Argus Pro |
|---|---|---|
| Files | 1 file only | Full directory recursion |
| Rules | 10 (critical/high) | 40+ incl. performance |
| Languages | Python only | Python + JavaScript |
| JSON output | â | â CI-ready |
| CI exit codes | â | â FAIL_ON_CRITICAL |
| Ignore paths | â | â |
| Deduplication | Basic | Smart cross-file |
ð Upgrade: openclaw skills install argus-pro â key at ko-fi.com/occupythemilkyway
Step 1 â Install
pip3 install rich --break-system-packages --quiet
Step 2 â Quick security scan (Lite)
import os, re
from pathlib import Path
from rich.console import Console
from rich.table import Table
from rich.panel import Panel
from rich import box
console = Console()
SRC_PATH = os.environ.get("SOURCE_PATH",".").strip()
src = Path(SRC_PATH)
# Find a single Python file to scan
if src.is_dir():
py_files = list(src.rglob("*.py"))
if not py_files:
console.print(f"[yellow]No .py files found in {SRC_PATH}[/yellow]")
raise SystemExit(0)
target = py_files[0]
if len(py_files) > 1:
console.print(f"[yellow]â¹ï¸ Lite scans 1 file at a time. Scanning: {target}\
(Upgrade to Pro to scan all {len(py_files)} files)[/yellow]\
")
elif src.is_file():
target = src
else:
console.print(f"[red]â Not found: {SRC_PATH}[/red]")
raise SystemExit(1)
# Top 10 critical/high rules only (Lite)
RULES = [
("PY001","critical","security", r"\beval\s*\(", "eval() executes arbitrary code â critical risk.", "Use ast.literal_eval() for safe evaluation."),
("PY002","critical","security", r"\bexec\s*\(", "exec() executes arbitrary strings as Python code.", "Refactor to eliminate dynamic execution."),
("PY003","critical","security", r"\bpickle\.loads?\s*\(", "pickle.load() with untrusted data â code execution.", "Use json.loads() instead."),
("PY004","high","security", r"(?i)(password|secret|api_key|token)\s*=\s*['\"].+['\"]","Hardcoded credential detected.", "Move to environment variables."),
("PY005","high","security", r"shell\s*=\s*True", "shell=True in subprocess â command injection risk.", "Use list arguments: subprocess.run(['cmd','arg'])"),
("PY006","high","security", r"\.execute\s*\(.*(%|\.format\(|f['\"])", "Potential SQL injection via string formatting.", "Use parameterised queries: cursor.execute(sql,(val,))"),
("PY009","medium","bug", r"except\s*:", "Bare except catches SystemExit and KeyboardInterrupt.", "Use: except Exception: or catch specific types."),
("PY016","medium","security", r"hashlib\.(md5|sha1)\s*\(", "MD5/SHA1 are cryptographically broken.", "Use hashlib.sha256() or bcrypt for passwords."),
("PY007","medium","bug", r"def\s+\w+\s*\([^)]*=\s*\[\s*\]", "Mutable default argument [] â shared across all calls.", "Use None as default; init list inside function."),
("PY017","high","security", r"\brandom\.(random|randint|choice)\s*\(","random module is not cryptographically secure.", "Use secrets module for security-sensitive values."),
]
console.print(Panel.fit(
f"[bold red]ð Argus Lite â Quick Scan[/bold red]\
"
f"File: [yellow]{target}[/yellow]\
"
f"[dim]Lite: 1 file, 10 rules â upgrade to Pro for full codebase scanning[/dim]",
border_style="red"
))
findings = []
try:
source = target.read_text(encoding="utf-8", errors="replace")
for lineno, line in enumerate(source.splitlines(), 1):
for rule_id, sev, category, pattern, message, fix in RULES:
if re.search(pattern, line):
findings.append({"id":rule_id,"severity":sev,"category":category,
"line":lineno,"code":line.strip()[:80],"message":message,"fix":fix})
except Exception as e:
console.print(f"[red]Error reading file: {e}[/red]")
raise SystemExit(1)
# Deduplicate
seen, unique = set(), []
for f in findings:
key = (f["id"],f["line"])
if key not in seen:
seen.add(key)
unique.append(f)
SEV_COLOUR = {"critical":"red","high":"orange3","medium":"yellow","low":"dim"}
if not unique:
console.print(Panel(
f"[green]â
No issues in {RULES.__len__()} rule scan![/green]\
"
f"[dim]Pro scans 40+ rules including performance patterns â upgrade for full coverage.[/dim]",
border_style="green"
))
else:
tbl = Table(title=f"ð {len(unique)} Finding(s) in {target.name}", box=box.ROUNDED, border_style="red")
tbl.add_column("ID", width=7, style="dim")
tbl.add_column("Sev", width=9)
tbl.add_column("Line", width=6, justify="right", style="yellow")
tbl.add_column("Issue", width=50)
for fi in unique:
sc = SEV_COLOUR.get(fi["severity"],"white")
tbl.add_row(fi["id"],f"[{sc}]{fi['severity'].upper()}[/{sc}]",str(fi["line"]),fi["message"][:48])
console.print(tbl)
for fi in [f for f in unique if f["severity"] in ("critical","high")]:
sc = SEV_COLOUR.get(fi["severity"],"white")
console.print(Panel(
f"[dim]Line {fi['line']}:[/dim] [italic]{fi['code']}[/italic]\
\
"
f"[white]{fi['message']}[/white]\
\
"
f"[green]Fix:[/green] {fi['fix']}",
title=f"[{sc}]{fi['severity'].upper()}[/{sc}] â {fi['id']}",
border_style=sc
))
console.print()
console.print(Panel(
f"[bold yellow]ð Want more?[/bold yellow]\
\
"
f"Argus Pro scans [bold]your entire codebase[/bold] with [bold]40+ rules[/bold] across Python and JavaScript â "
f"including performance issues, memory leaks, and N+1 query patterns. "
f"Plus CI-ready JSON output and FAIL_ON_CRITICAL exit codes.\
\
"
f"[bold cyan]openclaw skills install argus-pro[/bold cyan]\
"
f"Get your key â [bold]ko-fi.com/occupythemilkyway[/bold]",
title="Upgrade to Argus Pro",
border_style="cyan"
))
安全使用建议
This skill appears safe for local use if you trust the pip package installation step. Prefer running it in a Python virtual environment, set SOURCE_PATH to the exact Python file you want scanned, and be careful sharing results because they may include snippets of your code or secrets.
能力标签
能力评估
Purpose & Capability
The stated purpose is to scan one Python file for common security and bug patterns, and the shown instructions implement a local regex-based Python scan.
Instruction Scope
The scanner defaults SOURCE_PATH to '.', and if given a directory it recursively finds Python files but scans only the first one. Users should set SOURCE_PATH to the exact file they intend to scan.
Install Mechanism
The setup asks the user to install the 'rich' package from pip without pinning a version and with '--break-system-packages'. This is user-directed and purpose-aligned, but a virtual environment would be safer.
Credentials
The requested python3/pip3 environment and local file path access are proportionate for a Python code scanner, but scanned source may contain sensitive code or secrets.
Persistence & Privilege
No background service, account credential use, privilege escalation, or ongoing persistence is shown beyond the optional local package installation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install argus-lite - 安装完成后,直接呼叫该 Skill 的名称或使用
/argus-lite触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial Lite release: 1 file, 10 critical rules, Python only, Pro upsell
元数据
常见问题
Argus Lite — Code Scanner (Free) 是什么?
Argus Lite â Code Scanner (Free). Scan a single Python file for the top 10 most critical security and bug patterns. A free preview of what Argus Pro does f... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 21 次。
如何安装 Argus Lite — Code Scanner (Free)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install argus-lite」即可一键安装,无需额外配置。
Argus Lite — Code Scanner (Free) 是免费的吗?
是的,Argus Lite — Code Scanner (Free) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Argus Lite — Code Scanner (Free) 支持哪些平台?
Argus Lite — Code Scanner (Free) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Argus Lite — Code Scanner (Free)?
由 OccupyTheMilkyWay(@occupythemilkyway)开发并维护,当前版本 v1.0.0。
推荐 Skills