← 返回 Skills 市场
299
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-guard-1-0-2
功能描述
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads...
安全使用建议
This skill appears to implement a reasonable pre-install scan workflow, but take these precautions before installing or running it:
- Verify prerequisites: the SKILL.md and script require the 'clawhub' CLI and the 'uv/uvx' runner, but registry metadata does not list them; ensure you have and trust those binaries.
- Be cautious about remote installers: the README suggests installing uv with a curl | sh from https://astral.sh and the script runs 'uvx mcp-scan@latest' which will download and execute remote code. Audit mcp-scan and the uv installer source and verify checksums or use a pinned, reviewed release instead of '@latest'.
- Review the script: safe-install.sh is short and readable—inspect it locally (it stages to /tmp, runs the scanner, and moves files into your skills directory). Note it attempts to source "$HOME/.local/bin/env" (unusual) and allows skipping or bypassing the scan (--skip-scan and manual mv), so don't use those options unless you understand the risk.
- Treat flagged patterns as warnings: the SKILL.md includes an example of a prompt-injection marker; that alone isn't proof of malicious behavior, but any skill that your scanner flags should be inspected manually.
- If unsure, run the script in an isolated environment (VM/container) and manually verify the remote mcp-scan package and astral.sh installer before trusting it.
If you want, I can: (a) point out exact lines in safe-install.sh that are worth auditing, (b) help verify the integrity/source of mcp-scan and the astral.sh installer, or (c) propose a safer variant that pins mcp-scan to a specific version and avoids curl | sh.
功能分析
Type: OpenClaw Skill
Name: skill-guard-1-0-2
Version: 1.0.0
The skill-guard bundle is a security utility designed to scan other OpenClaw skills for vulnerabilities before installation. It uses a bash script (scripts/safe-install.sh) to download skills to a staging directory via the clawhub CLI and then analyzes them using the legitimate mcp-scan tool via uvx. The logic is transparent, follows a 'stage-scan-install' workflow, and contains no evidence of data exfiltration, malicious execution, or hidden prompt injections.
能力评估
Purpose & Capability
The skill's name/description (pre-install scanning) aligns with the included safe-install.sh which stages a ClawHub skill and runs a scanner before installing. However, registry metadata lists no required binaries/env vars while SKILL.md and the script require 'clawhub' and the 'uv/uvx' runner; that mismatch is an inconsistency and should be clarified.
Instruction Scope
Instructions and the script stay mostly within the stated purpose (download to /tmp, scan, move to skills dir). Concerns: the SKILL.md recommends installing uv via a curl | sh from https://astral.sh (a remote install script) and the script runs 'uvx mcp-scan@latest' which will fetch/execute remote code at runtime. The script also sources "$HOME/.local/bin/env" (odd path) and provides a --skip-scan option and explicit instructions to manually mv a staged (quarantined) skill into the final directory—both allow bypassing the scanner.
Install Mechanism
There is no formal install spec (instruction-only), but the runtime relies on uvx to run mcp-scan@latest and suggests bootstrapping uv with a curl installer. Running uvx/mcp-scan and executing a remote install script are moderate-to-high risk behaviors because they pull and execute remote code; the script itself does not download arbitrary payloads beyond using clawhub and uvx, but those tools will fetch remote content.
Credentials
The skill requests no credentials and only uses CLAWHUB_WORKDIR (optional) and HOME to determine paths — this is proportionate. However, registry metadata omits dependency declarations (clawhub and uv) that the SKILL.md and script require; that's an informational mismatch that could mislead users about prerequisites.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It only writes installed skills into the user's skills directory (expected behavior). Autonomous invocation is allowed by default (platform standard) but not by itself a red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-guard-1-0-2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-guard-1-0-2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: client-side security scanning for ClawHub skills before installation.
- Scans skill packages for prompt injections, malware, hardcoded secrets, exfiltration URLs, and other AI-specific threats before installing.
- Uses Invariant Labs/Snyk's mcp-scan for deep AI skill analysis.
- Installs only if skill is clean; otherwise quarantines detected threats in a staging folder.
- Provides clear CLI usage: secure install script, exit codes, and threat handling instructions.
- Adds a strong comparison to existing solutions (VirusTotal, skillscanner) highlighting superior coverage for AI risks.
元数据
常见问题
Skill Guard 1.0.2 是什么?
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 299 次。
如何安装 Skill Guard 1.0.2?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-guard-1-0-2」即可一键安装,无需额外配置。
Skill Guard 1.0.2 是免费的吗?
是的,Skill Guard 1.0.2 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Guard 1.0.2 支持哪些平台?
Skill Guard 1.0.2 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Guard 1.0.2?
由 kenswj(@kenswj)开发并维护,当前版本 v1.0.0。
推荐 Skills