← 返回 Skills 市场
liverock

Security Sentinel Ultimate

作者 Peter Lum · GitHub ↗ · v0.3.0 · MIT-0
cross-platform ⚠ suspicious
80
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install security-sentinel-ultimate
功能描述
Scans a skill directory for security issues and best practices
安全使用建议
This scanner appears to do what it claims, but take care before scanning sensitive directories: the report will include any hardcoded secrets or reconstructed strings it finds, and those results may be sent wherever the agent normally sends outputs. If you plan to scan private code, run the tool locally or in an isolated environment and review the generated Markdown output (or redact findings) before sharing. If you want extra assurance, review scanner.py yourself to confirm there are no unexpected network calls or exfiltration paths (none were found in the provided source).
功能分析
Type: OpenClaw Skill Name: security-sentinel-ultimate Version: 0.3.0 The skill is a security scanner that uses Python's AST module in `scanner.py` to detect dangerous coding patterns, hardcoded secrets, and obfuscation techniques. While the code logic is well-implemented and aligned with its stated purpose, the skill is classified as suspicious due to a critical shell injection vulnerability in `SKILL.md`. The `scan_skill` tool passes the user-provided `path` argument directly into a shell command (`python3 ... "{{path}}"`) without sanitization, which could allow an attacker to execute arbitrary commands by including shell metacharacters (e.g., quotes and semicolons) in the path.
能力评估
Purpose & Capability
Name and description match the included artifacts: SKILL.md defines a scan_skill tool that runs the packaged scanner.py against a target skill directory. The skill declares no binaries, env vars, or installs it doesn't use — all required pieces are proportional to a static code scanner.
Instruction Scope
SKILL.md instructs the agent to execute scanner.py against all .py files in the target directory (expected for a scanner). Important caveat: the scanner intentionally finds hardcoded secrets and reconstructs obfuscated strings, and will include findings in its Markdown output — that output can contain sensitive secret material from the scanned code if present. The instructions do not themselves direct results to external endpoints, but the agent running the tool may transmit scan output elsewhere.
Install Mechanism
No install spec (instruction-only) and no external downloads — scanner.py is executed in-place. This is low-risk relative to install scripts or networked installs.
Credentials
The skill requests no environment variables or credentials. The scanner inspects files for secrets but does not require any credentials itself; the scope of access (reading files in the target directory) is appropriate to the task.
Persistence & Privilege
Skill is not configured as always:true and does not request persistent system-wide privileges. It runs on demand and only operates on the provided directory path.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install security-sentinel-ultimate
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /security-sentinel-ultimate 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
- Improved documentation with detailed detection categories and severity model explanations. - Added a new severity tier system (Critical, Warning, OK) with clear definitions and reporting for individual files and overall status. - Expanded detection capabilities: flags dangerous calls, hardcoded secrets, risky network calls, multiple obfuscation techniques, and hidden files. - Enhanced scan analysis: now catches secret construction through string concatenation and `chr()` sequences. - Clarified tool usage instructions with updated arguments and execution details for easier integration.
元数据
Slug security-sentinel-ultimate
版本 0.3.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Security Sentinel Ultimate 是什么?

Scans a skill directory for security issues and best practices. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。

如何安装 Security Sentinel Ultimate?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-sentinel-ultimate」即可一键安装,无需额外配置。

Security Sentinel Ultimate 是免费的吗?

是的,Security Sentinel Ultimate 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Security Sentinel Ultimate 支持哪些平台?

Security Sentinel Ultimate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Security Sentinel Ultimate?

由 Peter Lum(@liverock)开发并维护,当前版本 v0.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论