← 返回 Skills 市场
Crawdaddy
作者
Michael Bennett
· GitHub ↗
· v1.0.0
· MIT-0
203
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install crawdaddy
功能描述
Autonomous scanner detecting quantum-unsafe ECDSA, smart contract risks, and agent credential exposures with compliance-ready post-quantum security reports.
使用说明 (SKILL.md)
CrawDaddy - Post-Quantum Security Scanner
Autonomous security scanner for post-quantum cryptography readiness, smart contracts, and agent credential exposure.
Overview
CrawDaddy scans code repositories, blockchain contracts, and agent skill packages for quantum-unsafe ECDSA usage and emerging infrastructure vulnerabilities. Built by Quantum Shield Labs.
Target Audience
- Healthcare CISOs protecting patient data (50+ year sensitivity)
- Blockchain developers securing smart contracts on Ethereum/Base
- Agent builders securing MCP skills and autonomous agent infrastructure
- Compliance officers implementing post-quantum readiness programs
Features
1. Smart Contract Auditing
Scan Ethereum and Base L2 smart contracts for quantum-vulnerable cryptographic primitives:
- ECDSA signature vulnerabilities (Shor's algorithm breakage)
- Known expiration dates on cryptographic keys
- Risk assessment for long-lived contracts
- Compatibility analysis for post-quantum alternatives
2. Cryptographic Repository Scanning
Analyze code repositories for:
- Quantum-unsafe cryptographic dependencies (ECDSA, RSA)
- Crypto usage patterns vulnerable to "harvest now, decrypt later" attacks
- Migration paths to post-quantum algorithms (NIST FIPS 203/204/205)
- Data sensitivity mapping (50+ year lifetime assets)
3. Agent Credential Exposure Detection
Scan AI agent skills and MCP packages for:
- Unencrypted API keys and signing credentials
- Long-lived tokens vulnerable to retroactive decryption
- Credential injection attack vectors
- Authentication protocol weaknesses
4. Audit Trail & Compliance Reports
Generate auditable, timestamped reports including:
- Detailed vulnerability inventory
- Risk scoring and remediation paths
- NIST post-quantum readiness checklist
- Healthcare/HIPAA compliance mapping
Pricing
Variable pricing based on scan complexity:
- $0.50 - Small projects (\x3C10K LOC)
- $1.50 - Medium projects (10K-100K LOC)
- $3.00 - Large projects (100K-1M LOC)
- $5.00 - Enterprise assessments + compliance reporting
Contact & Support
- Email: [email protected]
- Website: https://quantumshieldlabs.dev/agent/
- Wallet: 0x25B50fEd69175e474F9702C0613413F8323809a8
How It Works
- Submit code repository URL or smart contract address
- CrawDaddy scans for quantum vulnerabilities and crypto threats
- Report generated with risk assessment and remediation steps
- Ongoing monitoring available for critical infrastructure
Example Use Cases
Healthcare Data Protection
Healthcare organizations storing patient genetic data (50+ year retention):
Patient data with 50-year sensitivity
→ CrawDaddy identifies ECDSA encryption
→ Recommends post-quantum upgrade path
→ Generates HIPAA-compliant audit trail
Smart Contract Auditing
DeFi protocols deploying long-lived contracts:
Ethereum contract with ECDSA wallet signatures
→ Scan identifies quantum expiration date
→ Report shows Shor's algorithm impact
→ Recommends multi-sig + migration timeline
Agent Security
AI agent platforms using MCP skills:
Agent credentials stored in Redis
→ Scan detects unencrypted API keys
→ Analysis of key rotation policies
→ Recommendations for ephemeral credentials
Technical Details
- Scanning Engine: Static analysis + LLM-assisted semantic review
- Coverage: Python, JavaScript/TypeScript, Solidity, Java, Go, Rust, C/C++
- Output Formats: JSON, PDF, HTML reports
- Integration: GitHub, GitLab, Blockchain RPC endpoints, AI agent platforms
- Compliance: SOC 2, GDPR, HIPAA-ready reporting
Tags
security scanning, post-quantum cryptography, smart contracts, agent security, compliance, NIST PQC, ECDSA, healthcare, blockchain
License
CrawDaddy services are provided under the terms of service at quantumshieldlabs.dev. Reports are proprietary to the customer.
安全使用建议
This package is suspicious because it promises a capable autonomous scanner but contains only documentation and no implementation or credential requirements. Before installing or enabling it: 1) Ask the publisher for the actual scanner code or a concrete runtime endpoint and an explanation of where scanning work runs (local vs. remote). 2) Verify how private repos or RPC nodes are accessed — do not provide GitHub tokens, RPC keys, or agent credentials unless you trust and have reviewed the service code. 3) Request a sample report produced from a known public repo and the exact commands/tools used (solidity analyzers, linters, PQC checks). 4) Validate the vendor identity (domain, email, GitHub repo) independently and check for an open-source scanner you can audit. 5) If you must test, do so in an isolated environment and avoid granting access to production secrets or private repos. If the publisher intends this skill to call an external paid service, that behavior should be explicit in SKILL.md and the skill should require only the minimal credentials needed for that service.
功能分析
Type: OpenClaw Skill
Name: crawdaddy
Version: 1.0.0
The CrawDaddy skill bundle describes an autonomous security scanner that targets AI agent infrastructure, smart contracts, and code repositories. While its stated purpose is defensive (post-quantum readiness and credential detection), the instructions in SKILL.md direct the agent to search for unencrypted API keys and signing credentials within 'AI agent skills and MCP packages'—the same environment in which the agent itself operates. This capability, paired with the inclusion of a cryptocurrency wallet address (0x25B50fEd69175e474F9702C0613413F8323809a8) for 'variable pricing,' poses a high risk of credential harvesting or unauthorized probing of the host environment, even though explicit exfiltration logic is not present.
能力评估
Purpose & Capability
SKILL.md and README describe an autonomous scanner that integrates with GitHub/GitLab, blockchain RPCs, and agent platforms and produces JSON/PDF/HTML reports. However, the bundle contains no code, no install, and declares no required credentials or endpoints. A legitimate autonomous scanner would normally include scanning code or call an external service endpoint and would typically require API tokens (or at least document how to access public/private repos and RPC nodes). The stated pricing and proprietary reporting model further imply an external service, but the skill provides no runtime instructions tying into that service.
Instruction Scope
The SKILL.md is high-level and does not include concrete runtime commands or safe-scoped instructions. It instructs users to 'submit repository URL or smart contract address' and promises scanning agent credentials and MCP packages for unencrypted keys — but it does not specify how the agent should obtain code, whether it should read local files, or which endpoints to call. This vagueness grants broad discretion and could lead to an agent reading local skill packages or environment data without clear boundaries.
Install Mechanism
There is no install spec and no code files beyond documentation (SKILL.md, README, package.json). That lowers the immediate file-system and supply-chain risk because nothing will be downloaded or executed by default from this bundle. However, it also means the skill's claimed functionality is unimplemented or intended to rely on external services not described here.
Credentials
The skill claims to scan private repos, blockchain nodes, and agent credentials, which would normally require access to GitHub/GitLab tokens, blockchain RPC endpoints (or provider API keys), and possibly privileged access to agent storage. Yet requires.env and primary credential fields are empty. The absence of declared credentials is disproportionate to the described capabilities and leaves unclear how the scanner is supposed to operate (local code analysis vs. remote service).
Persistence & Privilege
Flags show always:false and default autonomous invocation allowed. The skill does not request persistent presence or system-wide configuration changes, and there is no install step that writes to disk. From a privilege/persistence perspective the bundle is low-impact as provided.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install crawdaddy - 安装完成后,直接呼叫该 Skill 的名称或使用
/crawdaddy触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of CrawDaddy, an autonomous post-quantum security scanner.
- Scans code repositories and smart contracts for quantum-vulnerable cryptography (ECDSA/RSA).
- Targets healthcare CISOs, blockchain developers, agent builders, and compliance officers.
- Detects exposed credentials and agent package security risks.
- Generates auditable, compliance-ready reports with risk scores and mitigation guidance.
- Offers migration recommendations to post-quantum cryptography standards (NIST).
- Integrates with major platforms, supports multiple languages, and variable pricing based on project size.
元数据
常见问题
Crawdaddy 是什么?
Autonomous scanner detecting quantum-unsafe ECDSA, smart contract risks, and agent credential exposures with compliance-ready post-quantum security reports. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 203 次。
如何安装 Crawdaddy?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install crawdaddy」即可一键安装,无需额外配置。
Crawdaddy 是免费的吗?
是的,Crawdaddy 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Crawdaddy 支持哪些平台?
Crawdaddy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Crawdaddy?
由 Michael Bennett(@mbennett-labs)开发并维护,当前版本 v1.0.0。
推荐 Skills