← 返回 Skills 市场
diogopaesdev

CrawSecure

作者 Diogo Paes Dev · GitHub ↗ · v2.0.1
cross-platform ✓ 安全检测通过
1866
总下载
1
收藏
1
当前安装
7
版本数
在 OpenClaw 中安装
/install crawsecure
功能描述
Offline security scanner that detects unsafe code patterns in ClawHub skills before installation to help users assess potential risks locally.
使用说明 (SKILL.md)

CrawSecure

CrawSecure is a documentation-first security skill for the ClawHub / OpenClaw ecosystem.

This skill does not include executable code or binaries. Its purpose is to clearly document, explain, and guide the safe usage of the CrawSecure CLI, which is distributed and installed separately by the user.

The goal of this skill is to promote security awareness, transparency, and best practices when working with third‑party skills.

🔍 What this skill provides

  • Clear documentation of what CrawSecure analyzes
  • Explanation of risk signals and classifications
  • Guidance on how to use the CrawSecure CLI safely
  • Security philosophy and trust boundaries

ℹ️ This skill itself performs no scans and executes no code.

🧰 About the CrawSecure CLI

The CrawSecure CLI is an external, optional tool that users may install independently.

It performs local, offline static analysis of ClawHub / OpenClaw skills before installation or trust.

CLI distribution (external)

The CLI is not bundled with this skill.

🚨 Risk signals analyzed by the CLI

When used, the CrawSecure CLI may detect:

  • Dangerous command patterns
    (e.g. destructive or execution‑related behavior)
  • References to sensitive files or credentials
    (e.g. .env, .ssh, private keys)
  • Indicators of unsafe or misleading practices

Risk levels are classified as:

  • SAFE
  • MEDIUM
  • HIGH

🔒 Security & trust boundaries

This skill:

  • Does not execute code
  • Does not install software
  • Does not access the network
  • Does not modify files
  • Requests read‑only permissions only

Any actual scanning happens only if the user installs and runs the CrawSecure CLI from a trusted source.

✅ When to use this skill

  • To understand what CrawSecure checks and why
  • Before deciding to install or run the CrawSecure CLI
  • As a reference for safer skill development practices
  • To promote transparency inside the ClawHub ecosystem

📦 Version

v2.0.1 – Documentation‑only clarification release

This version clarifies scope and removes any ambiguity about bundled execution.

安全使用建议
This skill is documentation-only and appears coherent, but the actual CrawSecure scanner it documents is an external binary you would download separately. Before installing or running that external CLI: 1) verify the GitHub repo and release artifacts (owner identity, tags) are legitimate; 2) check release checksums or signatures where available; 3) review the CLI source code if you can, or run it in a sandbox/non-privileged environment; 4) avoid running downloaded binaries as root; and 5) prefer official distribution channels (GitHub releases, official site) over third-party mirrors. Also be aware that the SKILL.md's statements about not accessing network or not executing code are descriptive — they cannot enforce behavior of any external CLI you choose to install.
功能分析
Type: OpenClaw Skill Name: crawsecure Version: 2.0.1 The OpenClaw skill 'CrawSecure' is explicitly stated to be documentation-only, containing no executable code or binaries. It disclaims any ability to execute code, install software, access the network, or modify files, requesting only read-only permissions. The SKILL.md content serves purely as informational text, describing an external, separately installed CLI tool for static analysis, and does not contain any prompt injection attempts or instructions for the AI agent to perform malicious actions, hide behavior, or access sensitive data. All files consistently support this benign, informational purpose.
能力评估
Purpose & Capability
The name/description claim an offline security scanner, and the SKILL.md explicitly says this skill is documentation-only for an external CrawSecure CLI. No unrelated environment variables, binaries, or install steps are requested, which is proportionate for a documentation skill.
Instruction Scope
SKILL.md contains only documentation and guidance, explicitly states it performs no scanning or network access, and does not instruct the agent to read files, env vars, or execute commands. It does link to an external GitHub repo/website for the CLI — expected for a documentation skill.
Install Mechanism
There is no install spec and no bundled code. As an instruction-only skill this has the lowest install risk; any installation risk is deferred to the external CLI distribution referenced in the docs.
Credentials
The skill requests no environment variables, credentials, or config paths, which matches its documentation-only nature.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify agent/system settings. user-invocable and model invocation defaults are normal and acceptable for a docs skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install crawsecure
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /crawsecure 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
v2.0.1 is a documentation‑only clarification release: - Clarifies that this skill provides documentation only, with no executable code or scanning capability. - Clearly distinguishes the CrawSecure CLI as an external, optional tool the user must install separately. - Reinforces security philosophy, permissions, and boundaries. - Expands guidance for safe usage and understanding of risk signals. - Removes any ambiguity about what is included or performed by the skill itself.
v2.0.0
## 2.0.0 - Clarified execution model and security guarantees - Improved transparency around analysis flow - Prepared foundation for optional web-based visualization
v1.1.0
v1.1.0 - Switched to JavaScript ESM with zero build step - Introduced CLI-based execution model - Added explicit read-only security guarantees - Improved documentation clarity - Structured analyzer, rules, and reporter modules - Stable public release for ClawHub
v1.0.3
v1.0.3 - Improved documentation clarity - Explicit execution model explanation - No behavioral changes
v1.0.2
Fixed skill summary extraction by adjusting SKILL.md structure.
v1.0.1
Added skill summary and improved public description for better clarity and discoverability.
v1.0.0
Initial public release. Introduces CrawSecure as a security-focused skill to help identify potential risks and unsafe patterns in ClawHub skills.
元数据
Slug crawsecure
版本 2.0.1
许可证
累计安装 1
当前安装数 1
历史版本数 7
常见问题

CrawSecure 是什么?

Offline security scanner that detects unsafe code patterns in ClawHub skills before installation to help users assess potential risks locally. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1866 次。

如何安装 CrawSecure?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install crawsecure」即可一键安装,无需额外配置。

CrawSecure 是免费的吗?

是的,CrawSecure 完全免费(开源免费),可自由下载、安装和使用。

CrawSecure 支持哪些平台?

CrawSecure 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 CrawSecure?

由 Diogo Paes Dev(@diogopaesdev)开发并维护,当前版本 v2.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论