← 返回 Skills 市场
715
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install giraffe-guard
功能描述
Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support.
使用说明 (SKILL.md)
🦒 Giraffe Guard — 长颈鹿卫士
Scan OpenClaw skill directories for supply chain attacks and malicious code. 扫描 OpenClaw skill 目录,检测潜在的供应链投毒和恶意代码。
Features / 功能
- 22 security detection rules covering the full supply chain attack surface / 22 条检测规则,覆盖供应链攻击全链路
- Context-aware: distinguishes documentation from executable code, reducing false positives / 上下文感知:区分文档描述和实际可执行代码,降低误报
- Colored terminal output + JSON report output / 彩色终端输出 + JSON 格式报告
--verbosemode shows matching line context /--verbose模式显示匹配行上下文--skip-dirto exclude directories /--skip-dir跳过指定目录- Whitelist support / 白名单机制
- Compatible with macOS and Linux, zero external dependencies / 兼容 macOS 和 Linux,零外部依赖
Usage / 使用方法
Scan a skill directory / 扫描目录
{baseDir}/scripts/audit.sh /path/to/skills
Verbose mode / 详细模式
{baseDir}/scripts/audit.sh --verbose /path/to/skills
JSON report / JSON 报告
{baseDir}/scripts/audit.sh --json /path/to/skills
With whitelist / 使用白名单
{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills
Skip directories / 跳过目录
{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills
Combined / 组合使用
{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills
Detection Rules (22) / 检测规则
🔴 Critical / 严重级别
| # | Rule | EN | 中文 |
|---|---|---|---|
| 1 | pipe-execution | Pipe execution (curl/wget to bash) | 管道执行 |
| 2 | base64-decode-pipe | Base64 decoded and piped | Base64 解码管道执行 |
| 3 | security-bypass | macOS Gatekeeper/SIP bypass | 安全机制绕过 |
| 5 | tor-onion-address | Tor hidden service | 暗网地址 |
| 5 | reverse-shell | Reverse shell patterns | 反向 shell |
| 7 | file-type-disguise | Binary disguised as text | 文件类型伪装 |
| 8 | ssh-key-exfiltration | SSH key theft | SSH 密钥窃取 |
| 8 | cloud-credential-access | Cloud credential access | 云凭证访问 |
| 8 | env-exfiltration | Env vars sent over network | 环境变量外传 |
| 9 | anti-sandbox | Anti-debug/anti-sandbox | 反沙盒/反调试 |
| 10 | covert-downloader | One-liner downloaders | 单行下载器 |
| 11 | persistence-launchagent | macOS LaunchAgent | 持久化 |
| 13 | string-concat-bypass | String concatenation bypass | 字符串拼接绕过 |
| 15 | env-file-leak | .env with real secrets | .env 密钥泄露 |
| 16 | typosquat-npm/pip | Typosquatting packages | 包名仿冒 |
| 17 | malicious-postinstall | Malicious lifecycle scripts | 恶意生命周期脚本 |
| 18 | git-hooks | Active git hooks | 活跃 git hooks |
| 19 | sensitive-file-leak | Private keys/credentials | 私钥/凭证泄露 |
| 20 | skillmd-prompt-injection | Prompt injection in SKILL.md | SKILL.md prompt 注入 |
| 21 | dockerfile-privileged | Docker privileged mode | Docker 特权模式 |
| 22 | zero-width-chars | Zero-width Unicode chars | 零宽 Unicode 字符 |
🟡 Warning / 警告级别
| # | Rule | EN | 中文 |
|---|---|---|---|
| 2 | long-base64-string | Long Base64 strings | 超长 Base64 字符串 |
| 4 | dangerous-permissions | Dangerous permissions | 危险权限修改 |
| 5 | suspicious-network-ip | Non-local IP connections | 非本地 IP 直连 |
| 5 | netcat-listener | Netcat listeners | netcat 监听 |
| 6 | covert-exec-eval | Suspicious eval() (JS/TS) | 可疑 eval 调用 |
| 6 | covert-exec-python | os.system/subprocess in .py | Python 危险调用 |
| 11 | cron-injection | Cron/launchctl injection | 定时任务注入 |
| 12 | hidden-executable | Hidden executable files | 隐藏可执行文件 |
| 13 | hex/unicode-obfuscation | Hex/Unicode obfuscation | hex/Unicode 混淆 |
| 14 | symlink-sensitive | Symlinks to sensitive paths | 敏感符号链接 |
| 16 | custom-registry | Non-official registries | 非官方包源 |
| 20 | skillmd-privilege-escalation | Privilege escalation | 权限提升 |
| 21 | dockerfile-sensitive-mount | Sensitive mounts | 敏感目录挂载 |
| 21 | dockerfile-host-network | Host network mode | 主机网络模式 |
Exit Codes / 退出码
0— ✅ Clean / 安全1— 🟡 Warnings / 有警告2— 🔴 Critical / 有严重发现
Dependencies / 依赖
No external dependencies. Uses: bash, grep, sed, find, file, awk, readlink, perl 零外部依赖,仅使用系统自带工具。
安全使用建议
This package is largely coherent with its claimed purpose (a local scanner), but there are a few things to check before installing or running it:
- Clarify the mismatches: SKILL.md mentions 22 rules while README and scripts indicate 55+ rules; confirm which rules will actually run.
- Ensure required system tools are available: the scripts assume standard Unix tools; python3 is optional but needed for deeper AST checks; git is used by --pre-install. The registry metadata did not list these binaries — don't rely solely on the metadata.
- Be cautious with --pre-install: it clones remote git URLs (network activity). When scanning untrusted repos, run the tool in an isolated environment (sandbox, container, or CI worker) to avoid any accidental execution of untrusted code.
- Review the included scripts yourself (audit.sh and ast_analyzer.py are provided) or run them on test data first. They are intended to scan for secrets and dangerous constructs but will read all files in the target directory — do not point it at sensitive home directories.
- If you need high assurance, request the publisher/source (homepage is missing) or prefer a scanner from a known repository; otherwise run in a disposable environment and inspect outputs carefully.
Confidence is medium because inconsistencies look like sloppy packaging rather than malicious intent, but the lack of declared runtime dependencies and the network-enabled pre-install mode increase risk until clarified.
功能分析
Type: OpenClaw Skill
Name: giraffe-guard
Version: 3.1.0
This OpenClaw skill bundle, 'Giraffe Guard', is a security scanner designed to detect supply chain attacks and malicious code. Both `SKILL.md` and `README.md` clearly describe its purpose and usage, without any prompt injection attempts or malicious instructions for the AI agent. The core scripts (`scripts/audit.sh` and `scripts/ast_analyzer.py`) implement a wide array of detection rules targeting common malicious patterns (e.g., RCE, data exfiltration, persistence, obfuscation) in *other* code, not performing these actions themselves. The tool explicitly includes a rule to detect prompt injection in `SKILL.md` and uses only standard system utilities and Python's standard library, indicating a well-intentioned security utility.
能力评估
Purpose & Capability
The skill's code (scripts/audit.sh and scripts/ast_analyzer.py) implements a supply-chain scanner consistent with the declared purpose. However, metadata lists 'no required binaries' while the textual docs and scripts expect common system tools (bash, grep, sed, find, awk, file, readlink, perl), optionally python3 for AST analysis, and git when using --pre-install. Also the SKILL.md claims 22 detection rules but README/scripts advertise many more (55+ rules / 38 grep + 17 AST). These mismatches are likely sloppy packaging/documentation but should be clarified before installation.
Instruction Scope
SKILL.md instructs the agent to run scripts/audit.sh against a target directory (or with --pre-install clone a repo). The runtime instructions are scoped to scanning files and producing reports. The script may read all files under the target directory (expected for a scanner). It does not appear to instruct modification of system-wide configs or to harvest agent secrets. Note: --pre-install triggers a git clone of a remote repo (network I/O).
Install Mechanism
There is no install spec (instruction-only with included scripts). No remote downloads or archive extraction are defined by the registry metadata. The code is present in the skill bundle and executed as local scripts, which is lower risk than an installer that fetches arbitrary code at install time.
Credentials
The skill declares no required environment variables or credentials (primary credential none), and the scripts do not request secrets. The scanner is designed to detect hardcoded keys in target code but does not require access to any external credentials. This is proportionate to its stated function.
Persistence & Privilege
The skill is not always:true and does not request permanent platform privileges. It does not appear to modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined with other privileged behaviors here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install giraffe-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/giraffe-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.1.0
22 detection rules + AST deep Python analysis. Context-aware, zero dependencies, macOS/Linux compatible.
元数据
常见问题
🦒 Giraffe Guard — 长颈鹿卫士 是什么?
Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 715 次。
如何安装 🦒 Giraffe Guard — 长颈鹿卫士?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install giraffe-guard」即可一键安装,无需额外配置。
🦒 Giraffe Guard — 长颈鹿卫士 是免费的吗?
是的,🦒 Giraffe Guard — 长颈鹿卫士 完全免费(开源免费),可自由下载、安装和使用。
🦒 Giraffe Guard — 长颈鹿卫士 支持哪些平台?
🦒 Giraffe Guard — 长颈鹿卫士 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 🦒 Giraffe Guard — 长颈鹿卫士?
由 lida408(@lida408)开发并维护,当前版本 v3.1.0。
推荐 Skills