← 返回 Skills 市场

ClawSkillShield

Name: ClawSkillShield
Author: abyousef739

作者 AbYousef739 · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1545

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawskillshield

功能描述

Locally scans OpenClaw/ClawHub skills for security risks like hardcoded secrets, dangerous calls, and risky imports, then scores and quarantines threats.

使用说明 (SKILL.md)

ClawSkillShield 🛡️\r

\r Local-first security scanner for OpenClaw/ClawHub skills.\r \r

What It Does\r

Static analysis for security risks and malware patterns\r
Detects:\r
- Hardcoded secrets (API keys, credentials, private keys)\r
- Risky imports (os, subprocess, socket, ctypes)\r
- Dangerous calls (eval(), exec(), open())\r
- Obfuscation (base64 blobs, suspicious encoding)\r
- Hardcoded IPs\r
Risk scoring (0–10) + detailed threat reports\r
Quarantine high-risk skills automatically\r \r

Dual-Use Design\r

CLI for humans: Quick safety checks before installing skills\r
Agent API: Importable functions for autonomous agents/Moltbots to proactively scan and quarantine risky skills (essential post-ClawHavoc)\r \r

Quick Start\r

CLI (Humans)\r

pip install -e .\r
clawskillshield scan-local /path/to/skill\r
clawskillshield quarantine /path/to/skill\r
```\r
\r
### Python API (Agents)\r
```python\r
from clawskillshield import scan_local, quarantine\r
\r
threats = scan_local("/path/to/skill")\r
if risk_score \x3C 4:  # HIGH RISK\r
    quarantine("/path/to/skill")\r
```\r
\r
## Zero Dependencies\r
Pure Python. No network calls. Runs entirely locally.\r
\r
## Why This Matters\r
ClawHavoc demonstrated how easily malicious skills can slip into the ecosystem. ClawSkillShield provides a trusted, open-source defense layer—audit the code, run offline, stay safe.\r
\r
---\r
\r
**GitHub**: https://github.com/AbYousef739/clawskillshield  \r
**License**: MIT  \r
**Author**: Ab Yousef  \r
**Contact**: [email protected]\r

安全使用建议

This package appears to implement a local static scanner and quarantine facility and does not make network calls or request secrets — that part is coherent. However, the documentation examples and the actual Python API do not match: scan_local() returns a formatted string report, not a list of threats or a numeric risk_score as shown in the README/SKILL.md. That means agent code copied from the docs could behave incorrectly (or fail) and might mis-handle quarantine decisions. Before installing or giving an agent the ability to call this skill autonomously: 1) Review and fix the API/documentation mismatch (either return structured data and a numeric score from scan_local or update docs/examples). 2) Add a function that returns structured results (threat list + numeric score) so agents can make safe decisions programmatically. 3) Add safety checks around quarantine (confirm path is a skill folder, prevent system-path moves, require explicit confirmation or a dry-run mode). 4) Test the quarantine behavior in a sandbox so you’re comfortable that moving directories to ~/.openclaw/quarantine won’t delete or hide important data. If you plan to enable autonomous agent invocation, only do so after these safeguards are implemented and reviewed.

功能分析

Type: OpenClaw Skill Name: clawskillshield Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'ClawSkillShield' is a local-first security scanner designed to detect malicious patterns in other skills. Its code primarily uses Python's `ast` and `re` modules for static analysis, and `os` and `shutil` for legitimate file system operations like traversing directories and moving detected high-risk skills to a dedicated quarantine directory (`~/.openclaw/quarantine`). The documentation (SKILL.md, README.md) clearly states its purpose, explicitly claims 'Zero Dependencies' and 'No network calls', and provides instructions for agents to use its scanning and quarantining functions for security. There is no evidence of intentional harmful behavior, data exfiltration, malicious execution, persistence, or prompt injection designed to subvert the agent or system; all actions are aligned with its stated security function.

能力评估

ℹ Purpose & Capability

Name/SKILL.md/README describe a local static scanner and included Python modules implement that scanner. The requested resources (no env vars, no external binaries) are proportional. Minor oddity: the analyzer flags 'risky imports' such as os/open but the scanner itself uses os and open to perform filesystem operations; this is explainable (the scanner needs filesystem access) but should be documented to avoid confusion.

⚠ Instruction Scope

SKILL.md and README present a Python API example that does not match the implementation. Examples show: 'threats = scan_local(...)' and then 'if risk_score < 4: quarantine(...)'. In the actual code, scan_local(path) returns a formatted string report, not a threats list or a numeric risk score. There is no exported function that directly returns a numeric risk score to callers. Also the CLI/API allows an agent to call quarantine(path), which moves the target path into ~/.openclaw/quarantine — functional for quarantine but potentially destructive if invoked on the wrong path. The instructions give agents the discretion to auto-quarantine; that combination of autonomous invocation + move behavior requires caution.

✓ Install Mechanism

No install spec was provided by the registry (instruction-only) but the package contains a pyproject and console entrypoint so it can be installed with pip locally. There are no external downloads, no network calls in code, and no extract-from-URL behavior — low install risk.

✓ Credentials

No environment variables, credentials, or config paths are requested. The only filesystem write is the quarantine directory under the user's home (~/.openclaw/quarantine) which is consistent with a quarantine feature.

ℹ Persistence & Privilege

always is false (no forced inclusion). The skill can be invoked autonomously (default). Because it implements quarantine by moving directories, an autonomous agent using the provided example could move user files. This is not necessarily malicious, but it is a privileged destructive action that should be gated behind safe checks and correct API behavior (see mismatch noted above).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawskillshield
安装完成后，直接呼叫该 Skill 的名称或使用 /clawskillshield 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release v0.1.1 - Full static analysis with risk scoring - Quarantine command - Dual CLI + agent import support - Tested on safe/risky code

元数据

Slug clawskillshield

版本 1.0.0

许可证 —

累计安装 1

当前安装数 0

历史版本数 1

常见问题