← 返回 Skills 市场

Byted Security SkillsScanner

Name: Byted Security SkillsScanner
Author: volcengine-skills

作者 volcengine-skills · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

142

总下载

当前安装

版本数

在 OpenClaw 中安装

/install byted-security-skillsscanner

功能描述

审计和扫描技能的安全性。当用户希望对工作区中的其他技能进行安全扫描时使用。

使用说明 (SKILL.md)

Volcengine技能安全扫描器 (Volcengine Skills Scanner)

通过将技能目录打包并上传火山引擎安全扫描服务进行扫描，审计工作区中的其他技能是否存在潜在的安全风险。

何时使用

审计：定期扫描所有技能以确保符合安全策略。
开发：在开发过程中检查自己的技能。
要求：必须确保目标技能包含 SKILL.md 文件，因为它是扫描的主要输入。

用法

使用 scripts/scan.py 脚本执行扫描。必须使用绝对路径，不要使用~，因为运行目录不是 skill 目录。

脚本会自动打包目录（如果提供的是目录）并上传，始终输出包含扫描结果的 JSON 数组。解析此JSON并以易读的格式（中文）向用户展示结果（风险等级、详细信息、建议）。

扫描技能（目录或压缩包）

脚本通过环境变量读取配置(推荐)

python3 ~/.openclaw/workspace/skills/byted-security-skillsscanner/scripts/scan.py --name "bad_skills1" --path "/root/.openclaw/workspace/skills/bad_skills1"

重要：

脚本路径必须是绝对路径
目标路径也必须是绝对路径
确保已设置必要的环境变量（VOLCENGINE_ACCESS_KEY、VOLCENGINE_SECRET_KEY、VOLCENGINE_REGION）

报告格式

向用户展示结果时，必须使用以下格式（中文）：

🛡️ 安全扫描报告：[SkillName]

扫描时间: [将 ScanEndTime 时间戳转换为可读日期格式] 整体状态: [✅ 通过 / ❌ 发现风险]

风险等级	规则名称	风险详情
[High/Medium/Low]	[RuleName]	[RiskDetail]

发现的风险列表： （仅列出 High 和 Medium 级别的风险）

[RuleName] (ID: [RuleID])
- 等级: [RiskLevel]
- 文件: [FileName]
- 详情: [RiskDetail]
- 建议: 请检查上述文件中的代码，移除可疑的网络请求或敏感操作。

环境变量配置

获取火山引擎访问凭证：参考用户指南获取 AK/SK
配置以下环境变量:

export VOLC_ACCESS_KEY="your-access-key"
export VOLC_SECRET_KEY="your-secret-key"
export VOLC_REGION="cn-north-1"  # 可选，默认 cn-north-1

安全使用建议

Before installing or running this skill: 1) Treat it as a remote-upload scanner — it will package and send the entire target skill directory to a remote service, so do NOT scan directories that contain secrets, API keys, or sensitive data. 2) Do not trust the registry metadata alone: the skill requires Volcengine AK/SK but the package metadata says none; verify which environment variable names the installed script actually reads before providing credentials. 3) Prefer using a throwaway/non-sensitive skill directory when testing; verify the upload endpoint (defaults point at open.volcengineapi.com but code also containsDEFAULT_BASE_URL pointing to localhost) and confirm you trust that endpoint. 4) Avoid storing real AK/SK in a global config until you confirm env var names and storage format — prefer ephemeral credentials or a least-privilege account scoped to scanning only. 5) If you need higher assurance, inspect the full script (scripts/scan.py) to confirm where it posts data and how it signs requests, or run it in an isolated environment (air-gapped or with network blocked) to observe behavior without exfiltration.

功能分析

Type: OpenClaw Skill Name: byted-security-skillsscanner Version: 1.0.1 The skill is designed to audit other skills by zipping their source code and uploading it to the Volcengine security scanning service (open.volcengineapi.com). While this aligns with its stated purpose, the act of exfiltrating local workspace content to a remote third-party API is a high-risk behavior. Additionally, the script `scripts/scan.py` uses `shutil.unpack_archive` on user-provided paths without sanitization, which is a known vulnerability (ZipSlip) that could allow for unauthorized file overwrites if the tool is used to process a malicious archive.

能力评估

⚠ Purpose & Capability

The skill's declared purpose—scanning other skills by packaging and uploading them to a Volcengine scanning service—matches the included script and dependencies. However registry metadata declares no required environment variables or primary credential while the runtime instructions and code clearly require cloud credentials (AK/SK) and an upload endpoint. The mismatch between the registry metadata and runtime requirements is incoherent and should be resolved before trusting the skill.

⚠ Instruction Scope

SKILL.md and README instruct the agent to zip a user-specified skill directory and upload it to an external scanning API, which will transmit the entire archive (potentially containing secrets) off-host. That behavior is expected for a remote scanner, but the instructions do not emphasize the privacy/exposure implications. There are also inconsistencies in required environment variable names (see below). Overall the instructions stay within the stated scanning purpose but permit broad disclosure of the scanned skill's contents.

✓ Install Mechanism

There is no external download/install step in the registry spec; the package is instruction+script-only with a requirements.txt listing requests and volcengine SDK. No remote arbitrary code download or extraction from unknown URLs is present in the manifest. Running the script will require Python and the listed dependencies, but the install mechanism itself is low risk.

⚠ Credentials

The runtime requires cloud credentials (AK/SK) to sign and upload scan payloads to Volcengine. That is proportionate to the stated purpose, but the skill shows inconsistent env var names across SKILL.md, README, and examples (e.g., VOLCENGINE_ACCESS_KEY / VOLC_ACCESSKEY / VOLC_ACCESSKEY / VOLC_ENGINE names). The registry metadata incorrectly claims no required env vars. The README also suggests storing keys in a global openclaw.json config, which increases exposure if the format/keys are unclear. These inconsistencies create a real risk of misconfiguration and accidental credential leakage.

✓ Persistence & Privilege

The skill does not request 'always: true' and does not appear to modify other skills or system-wide agent settings. It only contains an executable script the user runs; there are no indicators of privileged persistent behavior in the manifest.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install byted-security-skillsscanner
安装完成后，直接呼叫该 Skill 的名称或使用 /byted-security-skillsscanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- No changes in code or documentation detected for this version. - Version incremented with no modifications to files.

v1.0.0

byted-security-llmscanner v1.0.0 - 首发上线，提供大模型安全测评全流程管理工具。 - 支持创建与更新模型及智能体测评资产。 - 实现合规与安全测评任务的发起和测评结果分析。 - 提供资源查询、平台变量查询、剧本查询等辅助功能。 - 清晰说明易混淆参数与脚本使用注意事项。 - 包含任务及资产状态码等常用枚举，方便快速查阅。

元数据

Slug byted-security-skillsscanner

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题