← 返回 Skills 市场

ClawSentinel

Name: ClawSentinel
Author: chuddyrudd

作者 chuddyrudd · GitHub ↗ · v2.3.5

cross-platform ✓ 安全检测通过

535

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawsentinel

功能描述

Pure local 2026 ClawHub/OpenClaw skill scanner. Detects ClawHavoc malware, MCP backdoors, obfuscated payloads, and supply-chain attacks. 100% read-only analy...

使用说明 (SKILL.md)

ClawSentinel v2.3

The sharpest skill auditor in the ClawHavoc era. Scans any skill markdown or GitHub repo for malicious patterns before you install it. Never executes code. Trained on public DataClaw dataset.

Security Guarantees

100% local read-only analysis
Only fetches raw.githubusercontent.com when you explicitly audit a public GitHub repo
Zero telemetry in base version

How to use

"audit this skill:" + paste markdown
"audit github https://github.com/user/repo"

Output Format

Always clean JSON.

Pro Tip

Run ClawSentinel on every skill before installing. ClawHub is infested right now.

安全使用建议

This skill appears coherent and low-friction, but its claims are high-level and not verifiable from an instruction-only manifest. Before trusting it: (1) do not paste any secrets or private keys into the audit input; treat pasted content as potentially transmitted. (2) Confirm how your agent/platform enforces the 'read-only' and 'no-execution' guarantees (e.g., network access policies, sandboxing). (3) If you need stronger assurance, ask the publisher for source code or a reproducible local script you can run offline, and prefer auditing public repos by manually downloading and reviewing files rather than pasting sensitive material into third-party tools.

功能分析

Type: OpenClaw Skill Name: clawsentinel Version: 2.3.5 The skill bundle describes a security auditing tool named ClawSentinel. Its `SKILL.md` clearly outlines its purpose as a local, read-only scanner for skill markdown and GitHub repositories, explicitly stating it fetches from `raw.githubusercontent.com` only when auditing a public GitHub repo. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection instructions designed to compromise the agent or user. The described network activity is consistent with its stated function as a GitHub repository auditor.

能力评估

✓ Purpose & Capability

Name and description (malware/skill scanner) align with the manifest: no install, no credentials, no unusual binaries or config paths are requested. Requesting nothing beyond user input is reasonable for a scanning-only skill.

ℹ Instruction Scope

SKILL.md instructs the agent to accept pasted markdown or an explicit GitHub repo URL and to fetch raw.githubusercontent.com only when asked. It explicitly claims 'Never executes code' and '100% local read-only analysis.' The instructions are high-level and do not direct the agent to read local files, env vars, or send data to other endpoints, but they also do not specify the exact checks performed or any safeguards against users pasting secrets. Because behavior is described in prose only, the claim of read-only/no-execution cannot be independently enforced from this manifest.

✓ Install Mechanism

No install spec and no code files—lowest-risk form. Nothing will be written to disk by the skill itself according to the manifest.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths, which is proportionate to a read-only static scanner. Note: auditing private repos would normally require credentials, but none are requested here.

✓ Persistence & Privilege

always is false and the skill does not request any persistent presence or system-level changes. Autonomous invocation is allowed by default but is not combined with other privilege escalations here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawsentinel
安装完成后，直接呼叫该 Skill 的名称或使用 /clawsentinel 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.3.5

- Version rollback to 2.3.4 with a simplified feature set. - Restores pure local, read-only skill scanning—no attestations, remediation chains, or human escalation. - Detects ClawHavoc malware, MCP backdoors, obfuscated payloads, and supply-chain attacks with zero code execution. - No telemetry and fetches from GitHub only when explicitly auditing a repo. - Output limited to clean JSON for every audit. - Pro tip: Scan every skill before installation for maximum protection.

v2.3.4

**Major upgrade: ClawSentinel v3.0 "Legion Enhanced" introduces proof-backed attestations, automated remediation, and human escalation for skill security audits.** - Each audit now produces a signed attestation with hashes and pattern signatures for verifiable, tamper-evident results. - Automated remediation chains and actionable "next_actions" guide skill quarantine, admin notification, and safe replacement suggestions. - Confidence-based escalation: uncertain findings are automatically routed to human experts for review. - Intelligent caching with L0/L1 layers boosts speed and serves cached audits with stale-while-revalidate logic. - Reputation ledger and detailed trust metrics provide transparency and measurable auditor performance. - Expanded detection: now includes advanced ClawHavoc, wallet-drain, and agent/prompt-injection signatures. - Fully updated, detailed JSON output schema for clearer, auditable results.

v2.3.3

- Rolled back to version 2.3.3 with simplified functionality and description. - Focuses on pure local, read-only skill scanning for ClawHavoc malware, MCP backdoors, obfuscated payloads, and supply-chain attacks. - Removes attestation, automated remediation chains, human escalation, caching layers, and reputation tracking. - Output is a clean JSON report; no code execution or telemetry. - Usage instructions updated for local markdown and GitHub audits.

v3.0.0

v3.0 Legion Enhanced - Attestations, remediation chains, human escalation, L0/L1 caching, 12 ClawHavoc patterns

v2.3.2

- Minor update to documentation: clarified that there is "Zero telemetry" (removed "in base version"). - No changes to code or core functionality.

v2.3.1

v2.3.1 - Rollback to exact v2.3 Benign version

v2.4.2

v2.4.2 - SEO optimizations with better keywords and tags

v2.4.1

- Rolled back to version 2.3 from 2.4.1; no code or content changes detected. - Updated skill version and some descriptive text in SKILL.md to reflect the previous version. - No new features, bug fixes, or removals in this release.

v2.4.0

v2.4 - Full transparency on how it works, reproducible local verification, killed the last nitpick

v2.3.0

v2.3 - Clean rename from Safe Skill Auditor

元数据

Slug clawsentinel

版本 2.3.5

许可证 —

累计安装 2

当前安装数 1

历史版本数 10

常见问题

ClawSentinel 是什么？

Pure local 2026 ClawHub/OpenClaw skill scanner. Detects ClawHavoc malware, MCP backdoors, obfuscated payloads, and supply-chain attacks. 100% read-only analy... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 535 次。

如何安装 ClawSentinel？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawsentinel」即可一键安装，无需额外配置。

ClawSentinel 是免费的吗？

是的，ClawSentinel 完全免费（开源免费），可自由下载、安装和使用。

ClawSentinel 支持哪些平台？

ClawSentinel 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 ClawSentinel？

由 chuddyrudd（@chuddyrudd）开发并维护，当前版本 v2.3.5。