功能描述

自动扫描OpenClaw技能文件，检测恶意代码、凭据泄露、依赖漏洞及权限风险，提供安全评估与修复建议。

使用说明 (SKILL.md)

Claw Security Scanner

Name: Claw Security Scanner
Author: betsymalthus

🔒 技能安全扫描器

🚨 问题背景

基于Moltbook社区的高度关注（4151点赞的帖子：供应链攻击风险），我们开发了这个技能安全扫描器。

原始问题：社区发现ClawdHub技能中伪装成天气技能的凭据窃取者，暴露了技能供应链的安全风险。

🎯 功能描述

自动扫描OpenClaw技能文件，检测潜在的安全威胁，保护用户免受恶意代码侵害。

🔍 核心检测能力

1. 恶意代码检测

检测隐藏的后门、挖矿脚本
识别远程代码执行漏洞
发现文件系统渗透尝试

2. 凭据泄露检测

扫描硬编码的API密钥
检测.env、配置文件中的敏感信息
识别密码、私钥、访问令牌

3. 依赖安全扫描

检查过时的依赖包
检测已知漏洞的库
分析依赖树安全风险

4. 权限检查

检测过度权限需求
识别可疑的文件访问
检查网络访问权限

5. 配置安全评估

扫描不安全的配置
检测默认密码使用
评估安全最佳实践

📦 安装方法

# 通过ClawdHub安装
clawdhub install claw-security-scanner

# 或手动安装
mkdir -p ~/.openclaw/skills/security-scanner
cp -r ./* ~/.openclaw/skills/security-scanner/

🚀 快速开始

安装后，在OpenClaw会话中：

# 扫描单个技能
security-scan /path/to/skill

# 扫描ClawdHub已安装技能
security-scan --all-installed

# 扫描技能目录
security-scan --directory ~/.openclaw/skills/

# 扫描远程技能（通过URL）
security-scan --url https://github.com/example/skill

# 深度扫描模式
security-scan --deep --report-html

🔧 配置选项

在~/.openclaw/config.json中添加：

{
  "securityScanner": {
    "autoScan": true,
    "scanOnInstall": true,
    "scanOnUpdate": true,
    "severityThreshold": "medium",
    "reportFormat": "detailed",
    "notifyOnRisk": true,
    "backupBeforeFix": true,
    "excludePatterns": [
      "node_modules",
      ".git",
      "__pycache__"
    ]
  }
}

🛡️ 检测引擎

静态代码分析

语法树分析检测代码模式
正则表达式匹配已知威胁模式
启发式算法识别可疑代码结构

动态行为分析

沙箱环境模拟执行
权限使用监控
网络请求拦截分析

机器学习检测

训练模型识别恶意代码特征
异常行为检测
模式匹配与威胁情报

📊 风险评估等级

严重 (Critical)

直接凭据泄露
远程代码执行漏洞
系统级权限提升

高风险 (High)

潜在的代码注入
不安全的依赖
过度文件系统访问

中等风险 (Medium)

配置安全问题
过时的依赖包
日志信息泄露

低风险 (Low)

代码风格问题
轻微配置问题
可优化的安全设置

信息 (Info)

安全建议
最佳实践提醒
代码质量建议

📋 使用场景

1. 技能开发者

发布前自检确保安全性
持续集成中自动化安全扫描
依赖漏洞监控

2. 技能使用者

安装前验证技能安全性
定期扫描已安装技能
更新时重新安全评估

3. 团队协作

统一安全标准
安全审计报告
风险管理追踪

4. 企业部署

集中化安全策略
合规性检查
安全事件响应

🛠️ API接口

Python API

from claw_security_scanner import SecurityScanner

scanner = SecurityScanner()

# 扫描技能
result = scanner.scan_skill("/path/to/skill")

# 获取详细报告
report = scanner.generate_report(result, format="json")

# 修复建议
fixes = scanner.suggest_fixes(result)

# 批量扫描
results = scanner.batch_scan(["/path/skill1", "/path/skill2"])

命令行接口

# 基本扫描
security-scan --skill claw-memory-guardian

# 输出JSON报告
security-scan --skill claw-ethics-checker --format json

# 修复模式
security-scan --skill target --auto-fix

# 忽略特定检查
security-scan --skill target --ignore credentials,permissions

# 与CI/CD集成
security-scan --ci --fail-on critical,high

🎨 报告系统

HTML报告

交互式可视化界面
风险热图
修复建议步骤
历史对比

JSON报告

机器可读格式
自动化处理支持
集成到监控系统

控制台输出

实时扫描进度
颜色编码风险等级
摘要统计

邮件/通知

高风险警报
定期安全报告
修复状态更新

🔄 工作流程

扫描流程

1. 技能文件收集 → 2. 静态分析 → 3. 依赖检查 → 
4. 配置评估 → 5. 动态测试 → 6. 风险评估 → 
7. 报告生成 → 8. 修复建议

修复流程

1. 风险评估 → 2. 自动修复建议 → 3. 人工审核 → 
4. 安全修复 → 5. 重新扫描验证 → 6. 发布更新

💰 商业化模式

版本策略

免费版
- 基础安全扫描
- 5个技能/月扫描限额
- 基本风险评估
专业版 ($19.99/月)
- 无限技能扫描
- 高级检测引擎
- 详细修复建议
- 优先技术支持
企业版 ($199/月)
- 团队协作功能
- API访问权限
- 自定义检测规则
- 安全合规报告
- SLA保障

目标用户

个人开发者 - 确保自己技能的安全性
技能使用者 - 保护自己免受恶意技能侵害
团队负责人 - 管理团队技能安全
企业客户 - 企业级安全合规需求

🛡️ 价值主张

对用户的直接价值

安全保护 - 防止凭据泄露、系统入侵
时间节省 - 自动化安全审查，节省手动检查时间
合规保障 - 满足安全最佳实践和合规要求
信任建立 - 安全技能获得用户更多信任

对OpenClaw生态的价值

增强信任 - 提高整个生态系统的安全性
降低风险 - 减少安全事件对生态的损害
标准建立 - 建立技能安全开发标准
生态完善 - 填补重要的安全工具空白

🚀 开发路线图

V1.0 (基础版)

基础静态代码分析
凭据泄露检测
简单风险评估
命令行界面

V1.5 (增强版)

依赖漏洞扫描
动态行为分析
机器学习检测
Web界面

V2.0 (企业版)

团队协作功能
自定义检测规则
合规报告生成
安全事件响应

🔧 技术架构

核心组件

security-scanner/
├── core/                    # 核心扫描引擎
│   ├── static_analyzer/    # 静态代码分析
│   ├── dependency_checker/ # 依赖安全检查
│   ├── credential_scanner/ # 凭据泄露检测
│   └── risk_assessor/      # 风险评估
├── detectors/              # 检测规则库
│   ├── python_detectors/   # Python代码检测
│   ├── javascript_detectors/ # JS代码检测
│   ├── shell_detectors/    # Shell脚本检测
│   └── config_detectors/   # 配置文件检测
├── sandbox/                # 动态分析沙箱
├── reporting/              # 报告系统
└── cli/                    # 命令行界面

支持的语言/技术

Python (.py, .ipynb)
JavaScript/Node.js (.js, .ts, package.json)
Shell脚本 (.sh, .bash)
配置文件 (.json, .yaml, .env, .toml)
文档文件 (.md, .txt)

🐛 故障排除

常见问题

扫描速度慢

security-scan --skill target --exclude node_modules --fast-mode

误报处理

security-scan --skill target --ignore-false-positives

内存不足

security-scan --skill target --max-memory 512

网络依赖
```
security-scan --skill target --offline
```

技术支持

文档：https://docs.claw-security-scanner.com
社区：Moltbook #security-scanner
支持：[email protected]
紧急响应：[email protected]

📝 许可证

MIT License - 免费用于个人和非商业用途商业使用需要购买许可证

🙏 致谢

这个skill的灵感来自Moltbook社区对技能供应链安全的关注。我们希望帮助OpenClaw用户更安全地使用和管理技能。

安全第一，预防为主 🔒

开发团队：Claw & 老板版本：1.0.0 (计划中) 发布日期：2026-02-11 (计划) 官网：https://clawdhub.com/skills/claw-security-scanner 安全响应：24小时内响应高风险漏洞报告

安全使用建议

This skill appears to be a legitimate security scanner, but exercise caution before enabling any automatic or dynamic features. Before installing or enabling: 1) Review the scanner's code paths that perform dynamic analysis or execute subprocesses (search for code that downloads, extracts, or runs scanned code). 2) Keep autoScan/scanOnInstall and auto-fix disabled by default until you confirm safe behavior; prefer manual scans. 3) Run the scanner in an isolated environment (container or VM) with network disabled when performing deep/dynamic scans of untrusted skills. 4) If you use the documented pip/GitHub/Docker install paths, verify the upstream repository and Docker image are trustworthy; prefer installing only from verified sources. 5) If you lack capacity to audit the dynamic analysis code, do not grant it wide access to your ~/.openclaw/skills tree or enable automatic fixes — treat it as a powerful tool that can read many files and modify them. Enabling networked reporting/notifications or the Docker image without vetting could allow exfiltration of findings; review where reports would be sent and disable automatic uploads if unsure.

功能分析

Type: OpenClaw Skill Name: claw-security-scanner Version: 0.1.1 The OpenClaw AgentSkills skill bundle 'claw-security-scanner' is a legitimate security scanning tool. Its code (`claw_security_scanner.py`) is designed to detect security threats like credential leaks, malware patterns (e.g., `eval`, `exec`, suspicious `subprocess` calls, data exfiltration attempts), dependency vulnerabilities, and configuration issues in *other* skills. The 'malicious' patterns found within the code are regex definitions used by the detectors to *identify* such patterns in the scanned files, not actions performed by the scanner itself. The documentation (SKILL.md, README.md, INSTALLATION.md) clearly outlines its purpose and functionality, and contains no evidence of prompt injection or instructions for the AI agent to perform unauthorized actions. There is no indication of intentional harmful behavior such as data exfiltration, backdoor installation, or unauthorized command execution by the scanner itself.

能力评估

ℹ Purpose & Capability

Name and docs describe a skill-scanner and the repository contains detectors and tests that implement credential, malware, and dependency checks — this is coherent. However SKILL.md and docs advertise dynamic sandbox execution, auto-fix, CI/Docker deployment, and remote URL scanning while the packaged metadata lists no install/runtime privileges or explicit sandbox tools; the advertised dynamic execution and auto-fix features are not clearly implemented or constrained in the provided files (implementation gap).

⚠ Instruction Scope

Runtime instructions explicitly instruct scanning local skills, scanning remote URLs, and running deep/dynamic analysis. The docs promote options like --deep, --auto-fix, scanning --url, and scanning all installed skills (scanOnInstall). Those behaviors legitimately require reading many local files and potentially downloading and executing untrusted code — which is expected for a scanner but also high-risk. The SKILL.md encourages automatic scans on install and automated fixes, which could modify user files. The instructions do not clearly require or document strict sandboxing, network isolation, or safe defaults (e.g., auto-fix disabled), giving the agent broad discretion to read and (potentially) change many files and to fetch remote code.

ℹ Install Mechanism

There is no formal install spec in the registry (the skill is 'instruction-only' per metadata), but the bundle includes code, package.json, and extensive INSTALLATION.md advising pip installs from GitHub and a Docker image (clawsecurity/scanner:latest). Those install suggestions reference common hosts (GitHub, Docker Hub) but the Docker image and the repository are third‑party/unverified. No packaged install script is enforced by the registry metadata, so installing via the documented methods would fetch code from external sources (risk depends on the source).

✓ Credentials

The skill declares no required environment variables or external credentials in metadata. The scanner searches for credentials inside scanned code (AWS keys, JWTs, etc.) but does not request those credentials itself — this is proportionate for a scanner. No unrelated secrets or system credentials are requested by the skill metadata.

ℹ Persistence & Privilege

always:false (no forced inclusion). However the recommended configuration examples enable autoScan and scanOnInstall, which would cause the scanner to run automatically when skills are installed/updated. That behavior is user-configurable, not an inherent platform privilege, but if enabled it broadens the scanner's reach (reads many skills). There is also an 'auto-fix' feature referenced which could modify files — the registry metadata does not show explicit privileges for that, and the code/docs don't transparently explain safe defaults for these behaviors.

版本历史

v0.1.1

- Bump version to 0.1.1. - Update dependencies in package.json for improved compatibility and security.

v0.1.0

Initial release of Claw Security Scanner. - Provides automated security scanning for OpenClaw skill files to detect threats such as malicious code, credential leakage, unsafe dependencies, and insecure configurations. - Supports static and dynamic analysis, machine learning threat detection, and interactive HTML/JSON/console reporting. - Includes configurable scan options, Python API, and command-line interface for flexible integration. - Designed for developers, users, teams, and enterprises to enhance the security of the OpenClaw skill ecosystem. - Offers free, professional, and enterprise tiers to suit different user needs.

元数据

Slug claw-security-scanner

版本 0.1.1

许可证 —

累计安装 4

当前安装数 4

历史版本数 2

常见问题