← 返回 Skills 市场

npm defender2

Name: npm defender2
Author: goog

作者 Jay · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

233

总下载

当前安装

版本数

在 OpenClaw 中安装

/install defender2

功能描述

Scan npm packages or projects to detect JavaScript malware, suspicious Base64, private use characters, and known malicious packages with RLO attack detection.

使用说明 (SKILL.md)

defender2 - NPM恶意软件检测

使用内置的 pua.py 脚本扫描 npm 包和项目，检测 JavaScript 恶意软件。

setup

pip install rlo-detect

使用方法

python skills/defender2/scripts/pua.py \x3Cpath> [-r] [-v]

参数

path: 要扫描的路径（文件或目录）
-r, --recursive: 递归扫描子目录
-v, --verbose: 显示详细信息

example

# 扫描整个项目
python skills/defender2/scripts/pua.py ./my-project

# 扫描单个package.json
python skills/defender2/scripts/pua.py ./package.json

# 递归扫描node_modules
python skills/defender2/scripts/pua.py ./node_modules --recursive

# rlo malware detect
rlo-detect ./my-project

检测功能

PUA字符检测 - 检测Unicode私有使用区字符的混淆技术
恶意模式匹配 - 检测eval(atob())、Buffer.from()等危险代码模式
IOC检测 - 识别已知恶意包名、IP、C2地址
Base64解码 - 解码隐藏的可疑代码
持久化技术 - 检测单例锁文件、异常捕获等隐蔽技术
依赖分析 - 检查package.json中的恶意依赖

安全使用建议

This skill appears to do what it claims: it ships a local Python scanner and its SKILL.md tells you how to run it. Before installing or running anything: (1) inspect the included script (already present) — it contains no network calls or exfiltration; (2) vet the external package 'rlo-detect' on PyPI (check project homepage, source, and maintainers) before running 'pip install'; (3) run the scanner in an isolated environment (container or VM) if you are unsure; (4) be aware that scanning large directories (node_modules) will read many files and could surface secrets in output — avoid scanning sensitive systems without safeguards.

功能分析

Type: OpenClaw Skill Name: defender2 Version: 1.0.0 The defender2 skill is a defensive security tool designed to scan NPM projects for supply chain malware and obfuscation techniques. The primary script, `scripts/pua.py`, implements detection logic for Unicode Private Use Area (PUA) characters, known malicious IOCs (such as the `os-info-checker-es6` package and IP `140.82.54.223`), and dangerous JavaScript patterns like `eval(atob())`. The skill's behavior is transparent, lacks any data exfiltration or unauthorized execution logic, and is entirely consistent with its stated purpose of malware detection.

能力评估

✓ Purpose & Capability

Name and description (scan npm packages for JS malware, PUA/RLO, suspicious Base64, known malicious packages) match the provided files: SKILL.md instructs running the included Python scanner and the script implements PUA detection, pattern/IOC checks, Base64 decoding and package.json analysis.

✓ Instruction Scope

SKILL.md instructs only local actions (pip install an optional helper package, then run the included script or an external rlo-detect tool). The runtime instructions focus on scanning files and package.json; they do not ask the agent to read unrelated system files or secrets. Note: scanning node_modules or entire projects will read many files (expected for this tool).

ℹ Install Mechanism

There is no install spec (instruction-only) and the included script is run directly. SKILL.md recommends 'pip install rlo-detect' and shows 'rlo-detect' usage — installing a third-party PyPI package is a moderate risk because it pulls code from an external source not included with the skill. The skill itself does not install arbitrary archives or fetch code at runtime.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. The Python script reads only the target files/directories provided by the user and uses sys.platform; this is proportional to scanning functionality.

✓ Persistence & Privilege

always is false and the skill does not request persistent/system-wide changes. The skill does not modify other skills or system config. Autonomous invocation is allowed (platform default) but not combined with broad privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install defender2
安装完成后，直接呼叫该 Skill 的名称或使用 /defender2 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

defender2 1.0.0 - Initial release - Scan npm packages and projects for JavaScript and Windows filename RLO malware. - Detects obfuscated code, suspicious PUA characters, and Base64-encoded payloads. - Analyzes package.json dependencies and scripts for supply chain attacks. - Identifies known malicious packages and suspicious behavior patterns. - Includes command-line usage with options for recursive and verbose scanning.

元数据

Slug defender2

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

npm defender2 是什么？

Scan npm packages or projects to detect JavaScript malware, suspicious Base64, private use characters, and known malicious packages with RLO attack detection. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 233 次。

如何安装 npm defender2？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install defender2」即可一键安装，无需额外配置。

npm defender2 是免费的吗？

是的，npm defender2 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

npm defender2 支持哪些平台？

npm defender2 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 npm defender2？

由 Jay（@goog）开发并维护，当前版本 v1.0.0。