← 返回 Skills 市场
Shoofly Plugin Scan
作者
wow-leeroy-jenkins05
· GitHub ↗
· v0.1.0
· MIT-0
122
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install shoofly-plugin-scan
功能描述
Pre-install plugin security scanner for OpenClaw plugins
安全使用建议
This appears to be a coherent instruction-only plugin scanner. Before installing or running it, ask the author (or check implementation) to confirm two things: (1) the scanner only analyzes files in the provided plugin directory and does not read host-sensitive files (e.g., ~/.ssh, ~/.aws, /etc/passwd) or other unrelated system paths; and (2) it does not exfiltrate plugin contents or make external network calls — the "Unusual network calls" check should be a pattern check, not an outbound fetch. Also verify the scanner's provenance (source code or homepage) before trusting results, and run it on untrusted plugins inside a sandbox or isolated environment until you confirm its behavior.
功能分析
Type: OpenClaw Skill
Name: shoofly-plugin-scan
Version: 0.1.0
The bundle contains metadata and documentation for a security scanner utility named 'shoofly-plugin-scan'. The SKILL.md file describes standard security auditing functions such as checking for credentials, obfuscated code, and sensitive path access, with no evidence of malicious instructions or prompt injection attempts.
能力评估
Purpose & Capability
Name/description match the instructions: the SKILL.md describes checks you would expect from a pre-install security scanner (credential patterns, obfuscated code, network URLs, sensitive path references, exec patterns). There are no unrelated required env vars, binaries, or install steps.
Instruction Scope
The instructions are high-level and scoped to scanning a plugin directory. However, the wording around "Sensitive path access — ~/.ssh, ~/.aws, ~/.gnupg, /etc/passwd" is ambiguous: it likely means "look for code that accesses these paths" rather than "read these paths on the host," but the doc does not explicitly forbid or clarify reading host system files or making network requests. Clarification is recommended.
Install Mechanism
No install spec and no code files — this is instruction-only, which minimizes risk because nothing is downloaded or written by default.
Credentials
No environment variables, credentials, or config paths are required in the registry metadata; that is proportionate for a static scanner.
Persistence & Privilege
Does not request always:true or any persistent/system-wide changes. Default autonomous invocation allowed (normal for skills) but there is no indication the skill would modify other skills or agent config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shoofly-plugin-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/shoofly-plugin-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release. Pre-install security scanner for OpenClaw plugins — scans for credentials, obfuscated code, suspicious network calls, and exec injection before you install. Hardened: exec false-positive fix, base64 entropy gate, automated test suite.
元数据
常见问题
Shoofly Plugin Scan 是什么?
Pre-install plugin security scanner for OpenClaw plugins. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 122 次。
如何安装 Shoofly Plugin Scan?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shoofly-plugin-scan」即可一键安装,无需额外配置。
Shoofly Plugin Scan 是免费的吗?
是的,Shoofly Plugin Scan 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Shoofly Plugin Scan 支持哪些平台?
Shoofly Plugin Scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Shoofly Plugin Scan?
由 wow-leeroy-jenkins05(@wow-leeroy-jenkins05)开发并维护,当前版本 v0.1.0。
推荐 Skills