← 返回 Skills 市场

Li Python Sec Check

Name: Li Python Sec Check
Author: 43622283

作者 Terry S Fisher · GitHub ↗ · v0.0.2 · MIT-0

cross-platform ⚠ suspicious

132

总下载

当前安装

版本数

在 OpenClaw 中安装

/install li-python-sec-check

功能描述

Python 安全规范检查工具 - 基于 CloudBase 规范 + 腾讯安全指南 + LLM 智能分析（LLM 功能默认禁用，本地执行优先）

安全使用建议

This skill is coherent with its purpose, but follow these precautions before use: 1) Do not enable --llm when scanning sensitive or private code unless you trust and control the configured API endpoint. 2) If you must use LLM analysis in an enterprise, set LLM_API_BASE to an internal/private LLM and provide a dedicated key. 3) Inspect scripts/python_sec_check.py and scripts/llm_analyzer.py to confirm LLM calls are only made when the CLI flag is used (and that no API key is picked up silently from environment). 4) Run scans in an isolated environment (container/VM) when first evaluating the tool, and ensure no accidental LLM_API_KEY is present in CI environment variables. 5) If you allow autonomous agents to invoke skills, be cautious about enabling the LLM feature because it will transmit code snippets to the configured endpoint.

功能分析

Type: OpenClaw Skill Name: li-python-sec-check Version: 0.0.2 The bundle is a legitimate Python static analysis tool designed to scan projects for security vulnerabilities and compliance issues based on CloudBase and Tencent standards. The core logic in `scripts/python_sec_check.py` uses regex-based patterns to detect risks like SQL injection, command injection, and hardcoded secrets, while `scripts/llm_analyzer.py` provides an optional feature to send code snippets to an external LLM API (defaulting to Alibaba DashScope at https://dashscope.aliyuncs.com) for remediation advice. This network behavior is transparently documented in `SECURITY_AND_PRIVACY.md`, is disabled by default, requires explicit user activation via the `--llm` flag, and triggers runtime warnings, indicating no malicious intent or stealthy data exfiltration.

能力评估

✓ Purpose & Capability

Name/description (Python security checks + optional LLM) matches the included code and docs. The code implements static checks, privacy/data checks, and an optional LLM analyzer. No unrelated credentials or binaries are required.

ℹ Instruction Scope

SKILL.md and SECURITY_AND_PRIVACY.md clearly state core checks run locally and that LLM analysis is opt-in via --llm. The LLM module will send code snippets and scan results to the configured API only when an API key is present / LLM is enabled. You should still inspect scripts/python_sec_check.py to confirm LLM calls are gated by the CLI flag before enabling networked analysis.

✓ Install Mechanism

No install spec; package is shipped as code files (no remote downloads at install time). This is low-risk. The only network use is in the optional LLM analyzer which uses requests when an API key is provided.

✓ Credentials

No required environment variables. Optional env vars (LLM_API_KEY, LLM_API_BASE) are reasonable and documented for the LLM feature. The skill does not request unrelated secrets or system config paths.

ℹ Persistence & Privilege

always:false and no special privileges are requested. Autonomous invocation is allowed by default (platform standard). If you enable LLM/networking and the agent is allowed to call the skill autonomously, that combination increases blast radius because code snippets can be sent to the configured endpoint — but the skill itself documents and requires explicit LLM usage.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install li-python-sec-check
安装完成后，直接呼叫该 Skill 的名称或使用 /li-python-sec-check 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.0.2

- 增加多份安全与合规文档，包括 SECURITY_AND_PRIVACY.md 及安全报告模板 - 更新描述，明确 LLM 智能分析默认禁用，本地检查为主 - 文档与合规性增强，提升企业/云原生环境适配性 - 适配项目元信息与依赖配置，便于长期维护 - 小幅度优化 skill 文件结构和说明

v0.0.1

Initial release of li-python-sec-check, a Python security compliance inspection tool. - Implements 12 comprehensive security checks based on CloudBase and Tencent security standards. - Detects unsafe encryption, SQL/command injection, hardcoded secrets, debug mode, and more. - Supports static code analysis, dependency vulnerability scanning, and code quality checks using external tools (flake8, bandit, pip-audit). - Flexible usage: command-line arguments, .env configuration, and customizable report output formats (Markdown/JSON/HTML). - Suitable for post-development review, SAST, CI/CD automation, and code audit workflows.

元数据

Slug li-python-sec-check

版本 0.0.2

许可证 MIT-0

累计安装 1

当前安装数 0

历史版本数 2

常见问题

Li Python Sec Check 是什么？

Python 安全规范检查工具 - 基于 CloudBase 规范 + 腾讯安全指南 + LLM 智能分析（LLM 功能默认禁用，本地执行优先）. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 132 次。

如何安装 Li Python Sec Check？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install li-python-sec-check」即可一键安装，无需额外配置。

Li Python Sec Check 是免费的吗？

是的，Li Python Sec Check 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Li Python Sec Check 支持哪些平台？

Li Python Sec Check 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Li Python Sec Check？

由 Terry S Fisher（@43622283）开发并维护，当前版本 v0.0.2。