← 返回 Skills 市场
Li Base Scan
作者
Terry S Fisher
· GitHub ↗
· v0.0.2
· MIT-0
123
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install li-base-scan
功能描述
Linux base security scanner integrating multiple tools - nmap, lynis, nikto, sqlmap, trivy. SINGLE HOST ONLY. Features secure temp files, progress bar, scan...
使用说明 (SKILL.md)
Li Base Scan v0.0.2 - Linux安全基线扫描器 / Linux Security Baseline Scanner
作者 Author: 北京老李 (Beijing Lao Li)
版本 Version: 0.0.2
许可证 License: MIT
🌐 Language / 语言
\x3Ca name="中文文档-chinese-docs">\x3C/a>
中文文档 Chinese Docs
⚠️ 安全限制 - 重要
本工具仅支持单主机扫描,出于安全考虑,以下输入会被拒绝:
- ❌ CIDR网段 (如 192.168.1.0/24)
- ❌ IP范围 (如 192.168.1.1-254)
- ❌ 多目标 (如 192.168.1.1,192.168.1.2)
允许的目标格式:
- ✅ 单个IP:
192.168.1.1 - ✅ 域名:
scanme.nmap.org - ✅ 本地地址:
127.0.0.1,localhost
概述
Li Base Scan 是一个集成多种安全工具的Linux基线扫描器,v0.0.2版本包含以下增强功能:
- 网络安全 - 使用安全临时文件、完善超时处理、错误脱敏
- 进度显示 - 实时进度条显示扫描进度
- 历史记录 - SQLite数据库存储扫描历史
- 报告导出 - 支持Markdown和JSON格式导出
- AI分析 - 自动生成AI分析请求区块
集成工具
| 工具 | 功能 | 扫描类型 |
|---|---|---|
| nmap | 端口扫描、服务识别 | 网络层 |
| lynis | 系统安全审计 | 主机层 |
| nikto | Web漏洞扫描 | 应用层 |
| sqlmap | SQL注入测试 | 应用层 |
| trivy | 容器/文件系统漏洞 | 多层 |
扫描模式
1. Quick Scan (快速扫描)
快速扫描 127.0.0.1
- 工具: nmap
- 时间: ~30秒
- 用途: 快速了解开放端口
2. Standard Scan (标准扫描)
标准扫描 127.0.0.1
- 工具: nmap + lynis
- 时间: 2-5分钟
- 用途: 端口+系统配置审计
3. Full Scan (完整扫描)
完整扫描 127.0.0.1
完整扫描 127.0.0.1 包含web
- 工具: nmap + lynis + trivy
- 时间: 5-10分钟
- 用途: 全面安全评估
4. Web Focused (Web专项)
web扫描 http://localhost
扫描网站 http://example.com
- 工具: nmap + nikto
- 时间: 2-3分钟
- 用途: Web应用安全检测
5. Compliance (合规检查)
合规扫描 127.0.0.1
基线检查 localhost
- 工具: lynis + trivy
- 时间: 3-5分钟
- 用途: CIS基线合规检查
6. Stealth (隐蔽扫描) [v0.0.2新增]
隐蔽扫描 192.168.1.1
慢速扫描 target.com
- 工具: nmap (stealth模式)
- 时间: 5-10分钟
- 用途: 避免IDS/IPS检测
对话输入示例
基础命令
"快速扫描 192.168.1.1"
"标准扫描 localhost"
"检查系统安全"
"扫描网站 http://localhost:8080"
"完整安全评估 127.0.0.1"
"基线扫描"
"隐蔽扫描 10.0.0.1"
LLM 交互式对话
"扫描 example.com 并检查SQL注入"
"发现什么漏洞?"
"给我修复建议"
"导出HTML报告"
"系统加固情况如何?"
"Web应用有什么问题?"
命令行使用
基本扫描
# 快速扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick
# 标准扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard
# 完整扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode full
对话模式
python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"
导出报告 [v0.0.2新增]
# 导出Markdown报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown
# 导出JSON报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json
# 生成HTML报告(通过entrypoint)
python3 scripts/entrypoint.py '{"target": "127.0.0.1", "tools": ["nmap", "lynis"], "format": "html"}'
查看历史 [v0.0.2新增]
python3 scripts/li_base_scan.py --history
JSON输出
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json
输出格式
控制台报告
- 执行摘要 - 整体风险评级
- 网络发现 - nmap端口扫描结果
- 系统审计 - lynis合规评分和建议
- Web安全 - nikto发现的Web漏洞
- 漏洞清单 - trivy发现的CVE
- 修复建议 - 按优先级排序的行动项
- AI分析区块 - 供大模型分析的原始数据
导出文件 [v0.0.2新增]
报告保存在: /root/.openclaw/skills/li-base-scan/reports/
scan_\x3Chash>_\x3Ctimestamp>.md- Markdown格式scan_\x3Chash>_\x3Ctimestamp>.json- JSON格式
历史记录 [v0.0.2新增]
数据库位置: /root/.openclaw/skills/li-base-scan/history.db
v0.0.2 安全增强
1. 安全临时文件
# 使用tempfile.NamedTemporaryFile代替硬编码路径
with tempfile.NamedTemporaryFile(mode='w', suffix='.json',
delete=False, dir='/tmp') as f:
temp_file = f.name
os.chmod(temp_file, 0o600) # 限制权限
2. 完善的超时处理
# 子进程超时后正确终止
proc.terminate()
try:
proc.wait(timeout=5)
except subprocess.TimeoutExpired:
proc.kill()
3. 错误信息脱敏
# 不暴露内部实现细节
return {"error": "扫描执行失败", "tool": "nmap"}
# 详细错误记录到日志
logger.error(f"Nmap scan failed")
4. 审计日志
日志位置: /var/log/li-base-scan.log
2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4
依赖工具
# 安装所有依赖
apt-get update
apt-get install -y nmap lynis nikto sqlmap
# trivy安装
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
使用建议
快速检查 (日常)
python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"
定期深度扫描 (每周)
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown
Web应用测试
python3 scripts/li_base_scan.py http://localhost:8080 --mode web
查看历史趋势
python3 scripts/li_base_scan.py --history
安全警告
⚠️ 仅扫描您拥有或获得明确授权的系统!
- 未经授权的扫描可能违反法律
- sqlmap测试需谨慎,可能触发WAF/IDS
- 生产环境请使用--safe-mode避免破坏性测试
故障排除
扫描超时
# 增加超时时间
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600
禁用进度条
# JSON输出或禁用进度
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress
查看日志
tail -f /var/log/li-base-scan.log
\x3Ca name="english-documentation">\x3C/a>
English Documentation
⚠️ Security Restrictions - Important
This tool supports SINGLE HOST scanning only. The following inputs are REJECTED for security reasons:
- ❌ CIDR ranges (e.g., 192.168.1.0/24)
- ❌ IP ranges (e.g., 192.168.1.1-254)
- ❌ Multiple targets (e.g., 192.168.1.1,192.168.1.2)
Allowed target formats:
- ✅ Single IP:
192.168.1.1 - ✅ Domain:
scanme.nmap.org - ✅ Local address:
127.0.0.1,localhost
Overview
Li Base Scan is a Linux security baseline scanner integrating multiple tools. Version 0.0.2 includes:
- Security Hardening - Secure temp files, proper timeout handling, error sanitization
- Progress Display - Real-time progress bar
- Scan History - SQLite database for scan history
- Report Export - Markdown and JSON export support
- AI Analysis - Auto-generated AI analysis blocks
Integrated Tools
| Tool | Function | Scan Type |
|---|---|---|
| nmap | Port scanning, service detection | Network Layer |
| lynis | System security audit | Host Layer |
| nikto | Web vulnerability scanning | Application Layer |
| sqlmap | SQL injection testing | Application Layer |
| trivy | Container/filesystem vulnerabilities | Multi-layer |
Scan Modes
1. Quick Scan
quick scan 127.0.0.1
- Tool: nmap
- Time: ~30 seconds
- Purpose: Quick port discovery
2. Standard Scan
standard scan 127.0.0.1
- Tools: nmap + lynis
- Time: 2-5 minutes
- Purpose: Port + system configuration audit
3. Full Scan
full scan 127.0.0.1
- Tools: nmap + lynis + trivy
- Time: 5-10 minutes
- Purpose: Comprehensive security assessment
4. Web Focused
web scan http://localhost
scan website http://example.com
- Tools: nmap + nikto
- Time: 2-3 minutes
- Purpose: Web application security detection
5. Compliance
compliance scan 127.0.0.1
baseline check localhost
- Tools: lynis + trivy
- Time: 3-5 minutes
- Purpose: CIS baseline compliance check
6. Stealth [v0.0.2 New]
stealth scan 192.168.1.1
slow scan target.com
- Tool: nmap (stealth mode)
- Time: 5-10 minutes
- Purpose: Avoid IDS/IPS detection
Command Line Usage
Basic Scanning
# Quick scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick
# Standard scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard
# Full scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode full
Conversation Mode
python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"
Export Reports [v0.0.2 New]
# Export Markdown report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown
# Export JSON report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json
View History [v0.0.2 New]
python3 scripts/li_base_scan.py --history
JSON Output
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json
Output Format
Console Report
- Executive Summary - Overall risk rating
- Network Discovery - nmap port scan results
- System Audit - lynis compliance score and recommendations
- Web Security - Web vulnerabilities found by nikto
- Vulnerability List - CVEs discovered by trivy
- Remediation - Prioritized action items
- AI Analysis Block - Raw data for LLM analysis
Exported Files [v0.0.2 New]
Reports saved to: /root/.openclaw/skills/li-base-scan/reports/
scan_\x3Chash>_\x3Ctimestamp>.md- Markdown formatscan_\x3Chash>_\x3Ctimestamp>.json- JSON format
History [v0.0.2 New]
Database location: /root/.openclaw/skills/li-base-scan/history.db
v0.0.2 Security Enhancements
1. Secure Temp Files
# Use tempfile.NamedTemporaryFile instead of hardcoded paths
with tempfile.NamedTemporaryFile(mode='w', suffix='.json',
delete=False, dir='/tmp') as f:
temp_file = f.name
os.chmod(temp_file, 0o600) # Restrict permissions
2. Proper Timeout Handling
# Properly terminate subprocess after timeout
proc.terminate()
try:
proc.wait(timeout=5)
except subprocess.TimeoutExpired:
proc.kill()
3. Error Sanitization
# Don't expose internal implementation details
return {"error": "Scan execution failed", "tool": "nmap"}
# Log detailed errors
logger.error(f"Nmap scan failed")
4. Audit Logging
Log location: /var/log/li-base-scan.log
2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4
Dependencies
# Install all dependencies
apt-get update
apt-get install -y nmap lynis nikto sqlmap
# Install trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
Usage Recommendations
Quick Check (Daily)
python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"
Periodic Deep Scan (Weekly)
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown
Web Application Testing
python3 scripts/li_base_scan.py http://localhost:8080 --mode web
View History Trends
python3 scripts/li_base_scan.py --history
Security Warning
⚠️ Only scan systems you own or have explicit authorization to scan!
- Unauthorized scanning may violate laws
- sqlmap tests should be used cautiously, may trigger WAF/IDS
- Use --safe-mode in production to avoid destructive testing
Troubleshooting
Scan Timeout
# Increase timeout
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600
Disable Progress Bar
# JSON output or disable progress
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress
View Logs
tail -f ~/.openclaw/logs/li-base-scan.log
📞 Contact / 联系方式
Author: 北京老李 (Beijing Lao Li)
Email: (请添加您的邮箱)
GitHub: (请添加您的GitHub链接)
Made with ❤️ by 北京老李 (Beijing Lao Li)
安全使用建议
This skill is internally consistent with its stated purpose (a single-host security scanner) but review a few items before installing or running it:
- Authorization: Only scan systems you own or have explicit permission to test. The skill includes destructive/active tests (sqlmap, nikto) and a 'stealth' mode intended to evade detection — both increase legal/operational risk if used without authorization.
- Tools & installs: The SKILL.md recommends installing nmap/nikto/sqlmap/lynis and running a curl | sh for trivy. Do not blindly run curl | sh from docs; prefer installing Trivy from a trusted package or GitHub release and review the install script first.
- Paths & privileges: The code stores history and reports under /root/.openclaw/... while logs go under the current user's home. This mismatch may require root to work as documented or may fail to write history. Inspect and, if needed, change DB/report paths to a location appropriate for your environment before running.
- LLM integration: The README references LLM_API_KEY/LLM_API_URL, but the provided code does not clearly show outbound LLM API calls. If you plan to enable LLM analysis, search the code for any external network calls and check how/where you must provide credentials; do not provide secret keys until you verify the integration code.
- Review the code: Because this skill runs subprocesses of external scanning tools, audit the scripts (li_base_scan.py, entrypoint.py, llm_scanner.py, html_reporter.py) yourself for any unexpected network calls, hidden endpoints, or data exfil logic before running it in a sensitive environment.
- Run in a controlled environment first: Test on an isolated VM or container to confirm behavior, output locations, and permission handling. If you want to keep history, change the DB/report directories to a non-root path.
If you need, I can point out the exact lines where the DB path and trivy install command are referenced, or search the code for any locations that call external URLs.
功能分析
Type: OpenClaw Skill
Name: li-base-scan
Version: 0.0.2
The skill bundle is a security scanner that integrates powerful tools including nmap, nikto, sqlmap, lynis, and trivy. It possesses high-risk capabilities such as performing network scans and auditing the entire root filesystem (e.g., 'trivy fs /' in scripts/li_base_scan.py). While the implementation includes several security hardening features—such as target validation to prevent network-wide scanning, secure temporary file handling, and restrictive file permissions (0o600)—the inherent risks associated with these tools and a potential file overwrite vulnerability in scripts/entrypoint.py (via the 'html_report' parameter) meet the criteria for a suspicious classification. No evidence of intentional malice, data exfiltration, or persistence was observed.
能力评估
Purpose & Capability
Name/description match the code and README: the package contains orchestrator scripts (li_base_scan.py, entrypoint.py), an HTML reporter, and an LLM interaction layer, and references the expected tools (nmap, lynis, nikto, sqlmap, trivy). The inclusion of 'stealth' and SQL injection modes is consistent with the stated functionality.
Instruction Scope
Runtime instructions and code are focused on scanning a single host, producing reports, and saving history. The skill enforces single-host validation and uses secure temporary files and timeout handling. Note: documentation and code reference saving history/reports under /root/.openclaw/... while log files use Path.home() — this mismatch may cause permission issues or unexpected write locations if not run as root.
Install Mechanism
There is no automatic install spec in the registry; the SKILL.md suggests installing external tools manually (apt-get and a curl | sh call for Trivy). Because nothing is auto-downloaded by the skill manifest itself, install risk from the registry is low — but the recommended curl | sh command in docs is higher risk if executed blindly by a user.
Credentials
The registry metadata declares no required env vars, but the README and docs mention LLM_API_KEY and LLM_API_URL for optional LLM analysis. The codebase includes an LLM interface file but does not directly show an LLM API call or env-var use in the provided snippets; this is an inconsistency to be aware of (docs promise LLM integration and an API key, but the code doesn't appear to require or use credentials).
Persistence & Privilege
always:false (normal). The skill writes reports and a history DB to disk (history.db at /root/.openclaw/skills/li-base-scan/history.db and reports under /root/.openclaw/skills/li-base-scan/reports/ per docs). Storing history/reports locally is expected for this tool, but the use of absolute root paths is unusual and may require root privileges or fail silently — review and adjust paths before running as a non-root user.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install li-base-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/li-base-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.2
li-base-scan v0.0.2
- Added secure temporary file handling, improved timeout control, and sanitized error reporting for better security.
- Introduced real-time progress bar and command history tracking via SQLite.
- Enabled report export in Markdown and JSON formats.
- New "Stealth Scan" mode using nmap for low-profile scanning.
- Improved auditing logs with separate log file support.
- Usability enhancements and expanded documentation in both Chinese and English.
元数据
常见问题
Li Base Scan 是什么?
Linux base security scanner integrating multiple tools - nmap, lynis, nikto, sqlmap, trivy. SINGLE HOST ONLY. Features secure temp files, progress bar, scan... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 123 次。
如何安装 Li Base Scan?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install li-base-scan」即可一键安装,无需额外配置。
Li Base Scan 是免费的吗?
是的,Li Base Scan 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Li Base Scan 支持哪些平台?
Li Base Scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Li Base Scan?
由 Terry S Fisher(@43622283)开发并维护,当前版本 v0.0.2。
推荐 Skills