← 返回 Skills 市场

CMIC Skill Scanner (BCLinux 21 / 低版本 glibc Linux x64)

Name: CMIC Skill Scanner (BCLinux 21 / 低版本 glibc Linux x64)
Author: cyzlmh

作者 random_player · GitHub ↗ · v0.9.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cmic-skill-scanner-bclinux21-amd64

功能描述

使用内置 Rust 引擎审计待安装的 skill 包或归档，并可选桥接外部 scanner。

使用说明 (SKILL.md)

Skill Scan Wrapper

当你要在安装一个本地 skill、归档或 release bundle 前做一次快速安全检查时，使用这个 skill。

⚠️ Security Notice

This tool operates locally and requires user trust in the binary you run. Always verify the checksum after downloading. For maximum security, build from source (recommended).

Binary Included

Property	Value
Location	`assets/bin/skillscan`
Version	`v0.9.0`
Platform	`bclinux21-amd64`
SHA-256	`b701a5cccbfb1d350b63f35656f6feb9862fac9e12940607ace95470a9bed27a`

Verify locally before running:

sha256sum assets/bin/skillscan
# Compare output with the SHA-256 value above

This bundled package includes a pre-compiled binary. You can still build from source if you prefer:

git clone https://gitee.com/random_player/cmic-skill-scanner.git
cd cmic-skill-scanner && cargo build --release

前置条件

默认不需要任何外部依赖
--upload-url 和 --engine external 功能默认禁用，仅在用户显式配置时启用

信任模型

This is an open-source (MIT-0) package. The binary (bundled or downloaded) is a convenience only — it does not grant any additional trust.

Your options:

Approach	Trust Requirement	Verification
Build from source	None (you control everything)	Manual code review
Bundled/downloaded binary	You trust the release host	SHA-256 checksum

What the tool does NOT do by default:

Does NOT upload data anywhere
Does NOT connect to the network
Does NOT access credentials, SSH configs, or environment variables
Does NOT execute external tools unless you explicitly configure --engine external

工作流程

调用 skillscan：

skillscan review /path/to/target --format markdown
skillscan review /path/to/skills --output-dir /tmp/skillscan-out

阅读输出中的：输入类型、完整度、engine 执行状态、findings

网络上传功能 (默认禁用)

⚠️ This feature is completely optional and disabled by default. It requires explicit user configuration via --upload-url.

What gets sent (only when you configure --upload-url):

A structured JSON report containing detection findings
An instance identifier you supply via --instance-id
No skill source code, credentials, or system configuration is ever transmitted

外部引擎集成 (默认禁用)

⚠️ This feature is completely optional and disabled by default. It requires explicit user configuration via --engine external.

Delegates pattern-matching to a user-configured local tool. This runs locally — no remote calls are made.

Permissions Required

Scope	Reason
Read files in target path	To analyze skill source code for patterns
Write to `--output-dir`	To save scan reports locally
Execute binary	To run the scanner engine
Network (optional)	Only if `--upload-url` is explicitly configured

安全使用建议

Install only if you trust the release source or build the scanner from source. Verify the documented SHA-256 before running any downloaded binary, scan only intended skill directories, and enable upload or external-scanner modes only when you deliberately want those extra behaviors.

能力评估

✓ Purpose & Capability

The stated purpose is to scan local skill packages before installation, and the documented capabilities fit that purpose: read selected targets, write local reports, execute the scanner engine, and optionally bridge to external scanning.

ℹ Instruction Scope

Instructions are mostly user-directed, with upload and external-engine modes described as optional, but INSTALL.md also says auto mode may prefer an external backend if available; users should understand that behavior before relying on defaults.

ℹ Install Mechanism

Installation involves downloading a platform ZIP, verifying its SHA-256, extracting it, and running a local binary. This is disclosed and purpose-aligned, but it still requires trusting the release source or building from source.

✓ Credentials

Requested access is proportionate for a local scanner: target-path file reads, local report writes, binary execution, and network only for downloading or explicitly configured upload.

✓ Persistence & Privilege

The inspected artifacts show no startup persistence, background service, privilege escalation, credential access, or destructive behavior.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cmic-skill-scanner-bclinux21-amd64
安装完成后，直接呼叫该 Skill 的名称或使用 /cmic-skill-scanner-bclinux21-amd64 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.9.0

Skillscan-wrapper v0.9.0 introduces a Rust-powered local scanner with binary packaging and opt-in extensions. - Includes a pre-compiled Rust binary for bclinux21-amd64; SHA-256 checksum provided for local verification. - Scans skill packages or archives locally before installation; no network or uploads by default. - Optional external scanner integration and upload features are fully disabled unless explicitly configured by the user. - Source code build instructions included for users preferring maximum trust. - Does not access credentials, environment variables, or execute other tools unless configured.

元数据

Slug cmic-skill-scanner-bclinux21-amd64

版本 0.9.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题