← 返回 Skills 市场
126
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install clawshield-lite
功能描述
Scans AI skills for potential security risks and unsafe commands
使用说明 (SKILL.md)
ClawShield Lite
A lightweight security analysis skill that scans AI skill code for risky patterns and outputs a structured risk report.
How It Works
- Accepts code input via
stdin(string or file content) - Loads pattern definitions from
rules.json - Scans the input for dangerous and suspicious patterns
- Assigns a risk level:
SAFE,MEDIUM RISK, orHIGH RISK - Outputs a JSON report with all findings
Usage
echo "import os; os.system('rm -rf /')" | python main.py
安全使用建议
This skill appears coherent and low-risk: it statically scans text from stdin against local patterns. Before installing, consider that pattern-based scanners have limitations — they can produce false positives and false negatives (they may miss obfuscated or novel malicious code). Review and, if needed, expand rules.json to cover patterns important to you. Because the skill's source and homepage are unknown, prefer running it in a sandbox or CI job first, manually inspect rules.json and main.py yourself, and do not rely solely on this tool for security decisions; combine it with AST-based analysis and manual review for higher assurance.
功能分析
Type: OpenClaw Skill
Name: clawshield-lite
Version: 1.0.0
ClawShield Lite is a straightforward static analysis tool designed to scan code for risky patterns using simple string matching. The implementation in main.py is transparent, relies solely on the Python standard library, and does not execute the code it analyzes or perform any unauthorized network or file system operations. The skill's behavior aligns perfectly with its stated purpose in SKILL.md and README.md.
能力评估
Purpose & Capability
The name/description (static security scanner) matches the included files (main.py, rules.json, README, SKILL.md). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and main.py instruct the agent to read code from stdin and scan it against rules.json. The runtime only reads rules.json from the same package and does not reference other system paths, environment variables, or external endpoints.
Install Mechanism
There is no install spec and the tool uses only the Python standard library. No downloads, extract steps, or third‑party packages are required.
Credentials
The skill requests no environment variables, credentials, or config paths. All required inputs are provided via stdin and the local rules.json file.
Persistence & Privilege
Flags show the skill is not forced-always and does not modify agent/system configuration. It runs on-demand and does not persist credentials or change other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawshield-lite - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawshield-lite触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of ClawShield Lite.
- Added static code scanning
- Detects dangerous and suspicious patterns
- Provides risk scoring (SAFE, MEDIUM, HIGH)
- Outputs structured JSON security reports
元数据
常见问题
ClawShield Lite – AI Skill Security Scanner 是什么?
Scans AI skills for potential security risks and unsafe commands. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 126 次。
如何安装 ClawShield Lite – AI Skill Security Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawshield-lite」即可一键安装,无需额外配置。
ClawShield Lite – AI Skill Security Scanner 是免费的吗?
是的,ClawShield Lite – AI Skill Security Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ClawShield Lite – AI Skill Security Scanner 支持哪些平台?
ClawShield Lite – AI Skill Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawShield Lite – AI Skill Security Scanner?
由 TheNox21(@thenox21)开发并维护,当前版本 v1.0.0。
推荐 Skills