← 返回 Skills 市场
Aura Security Scanner
作者
aurasecurity-creator
· GitHub ↗
· v1.0.0
1380
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install aura-security-scanner
功能描述
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
使用说明 (SKILL.md)
AURA Security Scanner
Protect your AI agent from malicious skills. Scan any OpenClaw, Claude MCP, or LangChain skill before installation.
What It Detects
- Malware Patterns - Credential theft, file exfiltration, crypto miners, backdoors
- Prompt Injection - Attempts to override system instructions or jailbreak agents
- Permission Issues - Overly broad filesystem, network, or execution permissions
- Suspicious Networks - Connections to known exfiltration domains (webhook.site, etc.)
- Obfuscated Code - Base64/hex encoded execution, dynamic eval patterns
Usage
Ask me to scan a skill before you install it:
"Scan this skill for security issues: https://github.com/user/cool-skill"
"Is this skill safe? https://github.com/example/mcp-tool"
"Check https://clawhub.xyz/skill/weather-api for malware"
Verdicts
| Verdict | Risk Score | Meaning |
|---|---|---|
| SAFE | 0-20 | No issues found, safe to install |
| WARNING | 21-50 | Minor concerns, review before installing |
| DANGEROUS | 51-80 | Significant risks detected, avoid |
| BLOCKED | 81-100 | Critical threats, do not install |
AURA Verified Badge
Skills with a SAFE verdict can display the AURA Verified badge, showing users they've been scanned and approved.
Examples
Safe Skill Response
AURA Skill Scan: weather-api
Verdict: SAFE
Risk Score: 5/100
AURA Verified: Yes
Summary: Clean skill with minimal permissions.
Requests only weather API access.
Recommendation: Safe to install.
Dangerous Skill Response
AURA Skill Scan: suspicious-helper
Verdict: DANGEROUS
Risk Score: 78/100
AURA Verified: No
Findings:
- CRITICAL: Accesses SSH keys (~/.ssh/id_rsa)
- HIGH: Sends data to webhook.site
- HIGH: Runs eval() on decoded base64
Recommendation: Do not install. Contains credential
theft and data exfiltration patterns.
API
This skill calls the AURA Security API:
POST https://api.aurasecurity.io/scan-skill
{
"skillUrl": "https://github.com/user/skill",
"format": "auto",
"includeRepoTrust": true
}
About AURA
AURA (Agent Universal Reputation & Assurance) provides security infrastructure for the AI agent ecosystem. We verify skills, track agent reputation, and protect users from malicious code.
- Website: https://aurasecurity.io
- GitHub: https://github.com/aurasecurityio/aura-security
- X/Twitter: @aurasecurityio
安全使用建议
This skill appears to do what it says: it sends the provided skill URL to an external AURA scanning API and formats the returned report. Before installing, consider: 1) Trust the external service — scanning sends the skill URL (and the scanner may fetch the repo) to api.aurasecurity.io; verify the operator/publisher (the registry record shows unknown source/homepage while package files reference aurasecurity.io). 2) Watch the AURA_API_URL env var — if an env var overrides it, the skill will call whatever endpoint is set; ensure that variable isn't set to an untrusted domain. 3) If you want to be extra cautious, inspect/execute the code in a sandbox or run it locally with AURA_API_URL pointed to a test endpoint to observe behavior. 4) Ask the publisher to reconcile metadata inconsistencies (registry metadata vs SKILL.md/package.json) and provide an official homepage or repository link. If you cannot verify the external service or the publisher, do not install.
功能分析
Type: OpenClaw Skill
Name: aura-security-scanner
Version: 1.0.0
The OpenClaw skill 'AURA Security Scanner' is designed to scan other AI agent skills for security issues by sending their URLs to the AURA Security API. The `SKILL.md` explicitly declares highly restricted permissions: no filesystem access, no execution of binaries, and network access limited solely to `api.aurasecurity.io`. The `index.ts` code strictly adheres to these permissions, performing only a `fetch` request to the AURA API with the user-provided skill URL. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection against the agent itself. The skill's behavior is entirely aligned with its stated purpose and lacks any high-risk activities.
能力评估
Purpose & Capability
The skill's name/description claim to scan skills and the index.ts implements that by POSTing the skill URL to an AURA API endpoint — this is coherent. However registry metadata at the top-level said "Required env vars: none" while SKILL.md declares AURA_API_URL and network access to api.aurasecurity.io; package.json and SKILL.md reference aurasecurity.io/GitHub but the registry record lists source/homepage as unknown/none. These metadata mismatches should be resolved or explained by the publisher.
Instruction Scope
SKILL.md and index.ts keep runtime behavior narrowly scoped: extract a URL from the user's query and send it to the AURA API. The instructions do not request reading local files, credentials, or other system state. The expected network call will transmit the skill URL (and includeRepoTrust flag) to a third-party service, which is appropriate for a remote scanning service but is a privacy/trust consideration.
Install Mechanism
No install spec (instruction-only plus a simple TypeScript handler) — nothing is downloaded or written by an installer. No external packages or archives are fetched during install. This is lower-risk from an install-mechanism standpoint.
Credentials
The code reads AURA_API_URL (with a sensible default); SKILL.md lists AURA_API_URL under requires.env and network access to api.aurasecurity.io, but the registry metadata claims no required env vars. While no secrets/credentials are requested (no TOKENS/KEYS), the ability to override AURA_API_URL could redirect requests to an attacker-controlled endpoint if an operator sets that env var. The skill does not request unrelated credentials, but the env-var/metadata mismatch and the reliance on an external API are noteworthy.
Persistence & Privilege
The skill does not request always:true and does not alter other skills or system-wide settings. It runs only when invoked and does not ask for persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install aura-security-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/aura-security-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of AURA Security Scanner.
- Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installation.
- Integrates with AURA Security API to assess skill safety and provide verdicts: SAFE, WARNING, DANGEROUS, or BLOCKED.
- Supports scanning of OpenClaw, Claude MCP, and LangChain skills via skill URLs.
- Requires AURA_API_URL environment variable for API access.
- Skills passing the scan can display the AURA Verified badge.
元数据
常见问题
Aura Security Scanner 是什么?
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1380 次。
如何安装 Aura Security Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install aura-security-scanner」即可一键安装,无需额外配置。
Aura Security Scanner 是免费的吗?
是的,Aura Security Scanner 完全免费(开源免费),可自由下载、安装和使用。
Aura Security Scanner 支持哪些平台?
Aura Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Aura Security Scanner?
由 aurasecurity-creator(@aurasecurity-creator)开发并维护,当前版本 v1.0.0。
推荐 Skills