← 返回 Skills 市场
Security Checker
作者
johstracke
· GitHub ↗
· v1.0.1
1361
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install security-checker
功能描述
Security scanner for Python skills before publishing to ClawHub. Use before publishing any skill to check for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions like eval/exec/subprocess. Essential for maintaining trust and ensuring published skills are safe for others to install and run.
安全使用建议
What to consider before installing:
- This tool is a local, static scanner (no network exfiltration or credential requests). It reads files you point it at and prints findings.
- False positives are expected (e.g., legitimate uses of os, requests, or filesystem writes). Warnings require manual review and documentation as noted in SKILL.md.
- The scanner itself is simple and readable; you can audit scripts/security_scan.py quickly to confirm behavior.
- Because it flags hardcoded secrets, avoid running it in contexts where printing detected secrets to logs would leak sensitive data to others (the script avoids printing the secret contents but shows file/line info).
- Complement this tool with manual review and other tools (bandit, safety) and run scans in an isolated environment when processing untrusted code.
功能分析
Type: OpenClaw Skill
Name: security-checker
Version: 1.0.1
The OpenClaw skill 'security-checker' is a static analysis tool for Python code. The `SKILL.md` clearly describes its purpose to identify dangerous imports, functions, hardcoded secrets, and unsafe file operations, without containing any prompt injection attempts or instructions for malicious agent behavior. The `scripts/security_scan.py` script implements this functionality by reading Python files and using regular expressions to detect patterns. It strictly performs static analysis, does not execute any dangerous commands, make network calls, modify files, or attempt to exfiltrate data. Its file access is limited to reading the specified target files/directories, which is necessary for its stated purpose.
能力评估
Purpose & Capability
The name/description describe a pre-publish Python security scanner and the included script implements exactly that (pattern-based checks for dangerous imports/functions, hardcoded secrets, and unsafe file operations). Nothing requested (no env vars, no binaries, no config paths) is out of scope for that purpose.
Instruction Scope
SKILL.md instructs the agent/user to run the bundled security_scan.py against files or directories and to review warnings before publishing. The instructions do not tell the agent to read unrelated system state, secrets, or to transmit results externally; they stay within the stated scanning purpose.
Install Mechanism
There is no install spec (instruction-only plus a small local script). Nothing is downloaded or extracted from external URLs and no third-party packages are installed by the skill itself.
Credentials
The skill requests no environment variables or credentials. The scanner looks for hardcoded secrets in scanned files but does not itself require or access secrets — this is appropriate for a static scanner.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It is user-invocable and can be invoked autonomously (platform default), which is reasonable for a utility.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-checker - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-checker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Enhanced detection: Now catches file write operations (.write_text, .write_bytes, open for writing) in addition to existing checks. Improved security scanner to detect potential malicious file write patterns before publishing.
v1.0.0
Initial release - Security scanner for Python skills before publishing to ClawHub. Checks for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions. Essential for maintaining trust and ensuring published skills are safe. All three published skills (research-assistant, task-runner, security-checker) passed scans.
元数据
常见问题
Security Checker 是什么?
Security scanner for Python skills before publishing to ClawHub. Use before publishing any skill to check for dangerous imports, hardcoded secrets, unsafe file operations, and dangerous functions like eval/exec/subprocess. Essential for maintaining trust and ensuring published skills are safe for others to install and run. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1361 次。
如何安装 Security Checker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-checker」即可一键安装,无需额外配置。
Security Checker 是免费的吗?
是的,Security Checker 完全免费(开源免费),可自由下载、安装和使用。
Security Checker 支持哪些平台?
Security Checker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security Checker?
由 johstracke(@johstracke)开发并维护,当前版本 v1.0.1。
推荐 Skills