← 返回 Skills 市场
161
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install secure-linter
功能描述
安全代码 Linter:扫描漏洞、密钥泄露和代码异味
安全使用建议
This skill appears coherent and safe in structure: it performs static analysis only, needs no installs or credentials, and outputs line numbers, risk levels, and fixes. Before installing: (1) confirm whether your agent's `browser`/`web_fetch` calls transmit code or other context to third-party sites — avoid sending sensitive code to external endpoints; (2) remember the skill is a static checker and can miss business-logic vulnerabilities, so perform manual review for high-risk code; (3) if you require offline-only analysis, do not enable the agent's web access or prefer a skill that explicitly forbids external fetches.
能力评估
Purpose & Capability
Name and description describe a static 'secure linter' and the SKILL.md lists language detection, vulnerability checks, and quality checks. There are no unrelated binaries, env vars, or installs required — the requested capabilities align with the stated purpose.
Instruction Scope
Instructions are limited to static analysis steps (identify language, check for SQLi/XSS/hardcoded keys, code-smells) and specify output format. The only outward action suggested is using `browser` or `web_fetch` to consult public security guidance (e.g., OWASP). That is reasonable for augmenting checks but means the agent may make external network requests if those tools are available — review how the agent handles outbound requests and whether it sends user code/context to external sites.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk install model — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a static linter that claims to operate without special configuration.
Persistence & Privilege
Flags are default (not always-on). The skill does not request persistent system presence or modify other skills; normal autonomous invocation remains possible but is not unusual or excessive here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secure-linter - 安装完成后,直接呼叫该 Skill 的名称或使用
/secure-linter触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of secure_linter.
- Introduces code review assistant for detecting vulnerabilities, key leaks, and code smells.
- Supports multiple programming languages (JavaScript, Python, Go, Rust, etc.).
- Scans for common issues: SQL injection, XSS, hardcoded keys, missing boundary checks, code duplication, long functions, and magic numbers.
- Outputs findings with line numbers, risk levels, and remediation suggestions.
- Suggests referencing security guidelines (e.g., OWASP) using `browser` or `web_fetch` for enhanced analysis.
元数据
常见问题
Secure Linter 是什么?
安全代码 Linter:扫描漏洞、密钥泄露和代码异味. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 161 次。
如何安装 Secure Linter?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secure-linter」即可一键安装,无需额外配置。
Secure Linter 是免费的吗?
是的,Secure Linter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Secure Linter 支持哪些平台?
Secure Linter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secure Linter?
由 lig-8max(@lig-8max)开发并维护,当前版本 v0.1.0。
推荐 Skills