← 返回 Skills 市场
nakedoshadow

Shadows Security Scanner

作者 NakedoShadow · GitHub ↗ · v1.1.0
darwinlinuxwin32 ⚠ suspicious
446
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install shadows-security-scanner
功能描述
7-phase security audit pipeline — reconnaissance, dependency scan, application tests, API security, hardening check, OWASP verification, report. Use before p...
安全使用建议
This skill appears coherent for running a repo-focused security audit. Before running it: (1) verify the skill source (registry metadata shows an external homepage in SKILL.md but the package's declared homepage is missing — confirm authenticity); (2) run scans only in the intended repository or an isolated clone to avoid accidentally scanning unrelated files on the machine; (3) be aware dependency auditors (npm audit, pip-audit, cargo-audit) make read-only network calls to vulnerability databases; (4) outputs (git history, grep results) can contain secrets — treat reports carefully and rotate any exposed secrets; (5) if you are uncertain, run the suggested commands manually in a controlled environment first rather than giving the agent autonomous execution access.
功能分析
Type: OpenClaw Skill Name: shadows-security-scanner Version: 1.1.0 The skill provides a comprehensive security audit pipeline using high-risk capabilities such as broad file system access, shell command execution, and outbound network requests. It utilizes `grep` and `git log --all -p` to scan source code and history for secrets, and invokes external tools like `npm audit` and `curl` for dependency and header checks. While these actions are clearly aligned with the stated purpose of a security scanner and no evidence of malicious intent or data exfiltration was found, the combination of shell access and network capabilities meets the threshold for a suspicious classification under the provided guidelines.
能力评估
Purpose & Capability
Name and description are consistent with the instructions: git is required for history/secret scans; npm/pip/cargo are optional for dependency audits. No unrelated credentials, config paths, or strange binaries are requested.
Instruction Scope
Instructions explicitly run grep across source files, run dependency auditors (which perform network reads), and run git log --all -p to search history. These actions are appropriate for a security audit, but they will read repository content (including any secrets) and may make network requests to vulnerability databases. The SKILL.md warns about only curling user-provided URLs for header checks.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written by an installer. Risk from installs is low because the skill assumes locally installed standard tools (git, npm, pip, cargo).
Credentials
No environment variables, credentials, or config paths are requested. Optional tools are proportionate to the dependency-audit features. The skill does not request unrelated secrets or keys.
Persistence & Privilege
always: false and no install means no forced or persistent presence. The skill does not attempt to modify other skills or system-wide agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install shadows-security-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /shadows-security-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
HIGH TRUST: full bins declaration, PREREQUISITES, SECURITY CONSIDERATIONS, LIMITATIONS, fixed Phase 5 URL handling
v1.0.0
Initial release of shadows-security-scanner 1.0.0 - Introduces a comprehensive 7-phase security audit pipeline (reconnaissance, dependency scan, application security tests, API security, hardening check, secrets verification, and structured reporting). - Provides specific command-line examples and detailed checklists for Node.js, Python, and Rust projects. - Designed for use before production deployments, after incidents, or as part of regular scheduled audits. - Ensures findings are evidence-based, actionable, and categorized by severity. - Offers an output format for clear, structured security audit reports.
元数据
Slug shadows-security-scanner
版本 1.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Shadows Security Scanner 是什么?

7-phase security audit pipeline — reconnaissance, dependency scan, application tests, API security, hardening check, OWASP verification, report. Use before p... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 446 次。

如何安装 Shadows Security Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install shadows-security-scanner」即可一键安装,无需额外配置。

Shadows Security Scanner 是免费的吗?

是的,Shadows Security Scanner 完全免费(开源免费),可自由下载、安装和使用。

Shadows Security Scanner 支持哪些平台?

Shadows Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。

谁开发了 Shadows Security Scanner?

由 NakedoShadow(@nakedoshadow)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论