← 返回 Skills 市场
Skill Defender
作者
itsclawdbro
· GitHub ↗
· v1.0.0
2099
总下载
5
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-defender
功能描述
Scans installed OpenClaw skills for malicious patterns including prompt injection, credential theft, data exfiltration, obfuscated payloads, and backdoors. Use when installing new skills, after skill updates, or for periodic security scans. Runs deterministic pattern matching — fast, offline, no API cost.
安全使用建议
This skill appears internally consistent: it's an offline, deterministic pattern scanner implemented in Python that reads skill directories and reports findings. Before installing or running it, consider these points: (1) Source provenance — the skill's owner and homepage are unknown; prefer code from a trusted publisher or review the code yourself. (2) Local file access — the scanner will read all files in your skills directory (which is necessary for scanning). If your skills contain sensitive secrets, consider auditing those files separately or run the scanner in a controlled environment. (3) Allowlist/false positives — the tool includes a built-in allowlist that can suppress findings; review that allowlist to ensure it isn’t silencing legitimate issues. (4) No network I/O is visible in the provided code, but always review the full scripts before running. If you cannot inspect the code, run it in a sandboxed environment or a VM and verify behavior (stdout, exit codes) on a non-production copy of your skills directory.
功能分析
Type: OpenClaw Skill
Name: skill-defender
Version: 1.0.0
The 'skill-defender' skill is a security scanner designed to detect malicious patterns like prompt injection, RCE, and credential theft. Its documentation (SKILL.md, references/threat-patterns.md) and core scanning script (scripts/scan_skill.py) necessarily contain examples and regexes of these malicious patterns. The skill explicitly states it will flag itself without an allowlist, which is implemented in scripts/aggregate_scan.py. All file system access and subprocess execution are aligned with its stated purpose of scanning other skills, with no evidence of intentional harmful behavior or prompt injection against the agent itself.
能力评估
Purpose & Capability
Name/description (malicious-pattern scanner) align with the included artifacts: SKILL.md, a threat-patterns reference, and two Python scanner scripts. No unrelated env vars, binaries, or install steps are requested. The scripts' behavior (walking skill dirs, regex-based detections, aggregating results) is coherent with a scanner.
Instruction Scope
SKILL.md instructs scanning single skills or all installed skills and documents auto-detection of the skills directory (searching ~/.clawd/skills, ~/skills, ~/.openclaw/skills and walking up from the script). It also documents allowlisting and output handling. The SKILL.md contains explicit prompt-injection examples (e.g., "ignore previous instructions", "you are now") which triggered pre-scan flags — this is expected because the scanner documents the patterns it detects. The scanner will read skill files (required for its purpose); verify you are comfortable with a local tool reading installed skill files (these files can contain secrets).
Install Mechanism
Instruction-only with bundled Python scripts; no install spec, no downloads, no external packages required (scripts state standard library only). No evidence of downloading/executing remote payloads in the provided code.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code includes regexes that look for credential paths in scanned skills (expected) but the scanner itself does not request or require secrets.
Persistence & Privilege
No always:true, no automatic modification of agent configuration is described. The tool scans files and produces reports; it includes an allowlist stored in the script (normal). There is no code shown that writes to core agent files or modifies other skills' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-defender - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-defender触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: deterministic malicious pattern scanner for OpenClaw skills. Includes single-skill and batch scanning with built-in false-positive allowlist.
元数据
常见问题
Skill Defender 是什么?
Scans installed OpenClaw skills for malicious patterns including prompt injection, credential theft, data exfiltration, obfuscated payloads, and backdoors. Use when installing new skills, after skill updates, or for periodic security scans. Runs deterministic pattern matching — fast, offline, no API cost. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2099 次。
如何安装 Skill Defender?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-defender」即可一键安装,无需额外配置。
Skill Defender 是免费的吗?
是的,Skill Defender 完全免费(开源免费),可自由下载、安装和使用。
Skill Defender 支持哪些平台?
Skill Defender 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Defender?
由 itsclawdbro(@itsclawdbro)开发并维护,当前版本 v1.0.0。
推荐 Skills