← 返回 Skills 市场

ClawHub Security Scan

Name: ClawHub Security Scan
Author: yuyiyuleyuli-cloud

作者 yuyiyuleyuli-cloud · GitHub ↗ · v1.1.2 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawhub-security-scan

功能描述

Pre-publish security scan for ClawHub skills - Scans code for patterns that might get flagged as suspicious and gives fixing suggestions.

使用说明 (SKILL.md)

ClawHub Security Scan

Pre-publish security scan for ClawHub skills. Scans your skill code for patterns that might trigger automatic suspicious flagging on ClawHub, and gives actionable fixing suggestions.

Commands

Command	Description
`scan.py`	Scan a skill folder for suspicious patterns
`precheck.py`	Interactive pre-publish checklist wizard - step-by-step security check before publishing
`review.py`	Review scan results and get modification suggestions

Usage

# Scan a skill folder
python scripts/scan.py --path ./my-skill

What it scans

Scans for code patterns that commonly trigger ClawHub VirusTotal Code Insight suspicious flagging:

🔴 High Risk (really dangerous, should fix)

Reads sensitive files (/etc/passwd, ~/.ssh/*, id_rsa, etc.)
Uses dangerous functions (eval(), exec(), execfile()) without validation
Dynamic code execution from untrusted sources
Hard-coded API keys/tokens in source code

🟡 Medium Risk (may trigger false positive flagging, need review)

Reads environment variables for API keys (normal & safe, but triggers flag)
Makes external HTTP/HTTPS requests (normal for most skills, but triggers flag)
Uses subprocess, os.system to run system commands
Downloads code from external sources

🟢 Good Practice

Reads environment variables instead of hard-coding keys
All network requests go to known public APIs
No arbitrary code execution

Output

Gives each file a risk rating (High/Medium/Low/Good)
Lists the line numbers and patterns found
Gives specific modification suggestions
Exits with non-zero code if high risk issues found

Pricing

0.001 USDT per call, billed via SkillPay.me.

Custom Configuration

You can create a .clawhub-security file in your skill root to ignore specific patterns that you know are safe:

# .clawhub-security - ignore patterns that are safe
ignore: high-entropy-secret  # ignore the high-entropy warning for your SkillID
ignore: os\.environ          # ignore environment variable warnings

One pattern per line. Lines starting with # are comments.

Why use this

ClawHub automatically scans published skills with VirusTotal Code Insight. Some perfectly normal patterns (like reading env vars or making API requests) get flagged as "suspicious" scaring users. This tool helps you find and address those issues before publishing.

This tool doesn't guarantee you won't get flagged, but it greatly reduces the chance.

安全使用建议

This skill appears to implement the promised pre-publish scanner, but it charges 0.001 USDT per call by calling SkillPay.me and expects a SkillPay API key (SKILLPAY_API_KEY) which is not declared in the registry metadata. Before installing or running: 1) Confirm you trust the payment endpoint (https://skillpay.me) and the skill author; 2) Expect to provide a SKILLPAY_API_KEY (or pass --api-key) and a user-id when running the interactive precheck — the script will attempt to charge that key; 3) If you want to avoid unexpected charges, run scan.py directly (it also exposes a scan mode) and inspect the code locally; 4) Ask the publisher to update the registry manifest to declare required env vars and clearly document billing behavior in SKILL.md; 5) If you audit before running, review the full scripts for any code that might send scanned file contents elsewhere — in the visible code the only external POST is the billing call, but always verify before providing credentials.

功能分析

Type: OpenClaw Skill Name: clawhub-security-scan Version: 1.1.2 The skill bundle provides a security scanning utility that includes a monetization mechanism via an external API (https://skillpay.me). While the code appears to perform its stated function of identifying insecure patterns, it exhibits risky behaviors such as broad local file system access and the transmission of API credentials (SKILLPAY_API_KEY) to a third-party endpoint. These capabilities, found in scripts/scan.py and scripts/precheck.py, are classified as suspicious because they involve external network communication and sensitive credential handling, even though they are aligned with the stated commercial purpose in SKILL.md.

能力评估

⚠ Purpose & Capability

The code (scan.py, review.py, precheck.py) implements a code scanner and a pre-publish checklist consistent with the skill's stated purpose. However, the scripts include SkillPay billing logic (POSTs to https://skillpay.me and reading SKILLPAY_API_KEY) while the registry metadata declares no required environment variables or primary credential. Charging behavior is mentioned in SKILL.md but the required credential (SKILLPAY_API_KEY) is not declared in the skill manifest — this is an incoherence that affects trust and transparency.

⚠ Instruction Scope

SKILL.md instructs running the provided scripts and lists a per-call price, which matches the code. But the interactive precheck (precheck.py) will attempt to charge before running and requires a user-id and an API key (or environment variable) to succeed. The SKILL.md does not explicitly document the exact env var name (SKILLPAY_API_KEY) or the full shape of the network POST, which means users may be surprised by a networked billing step tied to an undeclared secret.

✓ Install Mechanism

No install spec is present (instruction-only + shipped scripts). No downloads or archive extraction are performed during install. This is low-risk from an install footprint perspective.

⚠ Credentials

The scripts read environment variables (os.environ) to obtain SKILLPAY_API_KEY for billing. Requesting a payment API key is proportionate to a paid tool, but the skill metadata does not declare this required env var or primary credential. Also the scanner will by design inspect files and environment-variable usage in user repositories (which is expected for a scanner) — users should understand those file reads happen locally and the script will not (based on visible code) exfiltrate scanned file contents, but it does send billing-related data (user_id, skill_id, amount) to an external endpoint. The undeclared credential + external network call is the main proportionality concern.

✓ Persistence & Privilege

The skill is not forced-always, does not request elevated platform privileges, and does not modify other skills or global agent configuration. Autonomous invocation is enabled (the platform default), but that's not combined here with other broad privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawhub-security-scan
安装完成后，直接呼叫该 Skill 的名称或使用 /clawhub-security-scan 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.2

Update SkillPay Skill ID

v1.1.1

Update SkillPay Skill ID

v1.1.0

Add SkillPay billing 0.001 USDT per call

v1.0.0

Initial release: Pre-publish security scan - finds patterns that might get flagged as suspicious on ClawHub

元数据

Slug clawhub-security-scan

版本 1.1.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题