← 返回 Skills 市场
371
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-guard-snyk-agent-scan
功能描述
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads...
安全使用建议
This wrapper appears to do what it says: download a skill to /tmp, run a Snyk Agent scan, and only install if clean. Before using it: 1) Verify the uv installer source (astral.sh) and prefer installing uv/uvx from a trusted package manager if possible (avoid copy-pasting arbitrary curl | sh commands). 2) Only provide a SNYK_TOKEN with the minimal scope needed for scanning; treat it like any secret. 3) When threats are reported, inspect the staged files in /tmp and the scan report before manually moving them into your skills directory. 4) Avoid using --skip-scan except when you explicitly accept the risk. Overall the design is coherent, but runtime downloads (uvx and the scanner package) are the primary residual risk — verify those upstream projects before trusting them.
功能分析
Type: OpenClaw Skill
Name: skill-guard-snyk-agent-scan
Version: 1.0.3
The skill-guard bundle is a security utility designed to protect OpenClaw agents by scanning other skills for vulnerabilities before installation. The primary component, scripts/safe-install.sh, implements a secure workflow by downloading skills to a temporary staging directory, scanning them using the legitimate Snyk Agent Scan tool (via uvx), and only moving them to the active workspace if no threats are detected. No evidence of data exfiltration, malicious execution, or prompt injection was found; the code logic aligns perfectly with its stated purpose of enhancing agent security.
能力评估
Purpose & Capability
Name/description say: pre-install scan using Snyk Agent Scan. The script fetches a skill to a staging area, invokes a scanner (uvx snyk-agent-scan@latest), and installs or quarantines based on results. Required tooling (clawhub, uvx) and SNYK_TOKEN are consistent with scanning-before-install behavior.
Instruction Scope
SKILL.md and safe-install.sh limit actions to staging a skill in /tmp, running the scanner, writing a scan report, and (optionally) moving the staged skill into the user's skills folder. The script reads CLAWHUB_WORKDIR (reasonable) and SNYK_TOKEN (required for authenticated scans). It does not attempt to read unrelated system secrets, modify other skills, or exfiltrate data itself.
Install Mechanism
There is no platform install spec, but the script expects uvx to run the scanner and documents installing uv via a curl | sh command (https://astral.sh/uv/install.sh). Running remote install scripts or using uvx to fetch and run 'snyk-agent-scan@latest' involves downloading and executing third-party code at runtime — this is expected for a scanner but is a moderate risk vector and worth verifying the sources before trusting them.
Credentials
Only SNYK_TOKEN (for authenticated scanning) and optional CLAWHUB_WORKDIR are used. That credential aligns with the stated need to run Snyk Agent Scan. No unrelated credentials or broad secrets are requested by the skill itself.
Persistence & Privilege
always is false and the skill does not request permanent agent inclusion or modify other skills' configs. It stages files in /tmp and moves them into the user's skills directory only when the scan passes (or when user explicitly chooses to install).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-guard-snyk-agent-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-guard-snyk-agent-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
**Skill-guard v1.0.3 changelog:**
- Fork of @jamesOuttake/skill-guard
- Switched scanner engine from "mcp-scan" to "Snyk Agent Scan" (reflects upstream rename/successor).
- Updated documentation to reference Snyk Agent Scan and new scanner requirements.
- Added a new exit code (3) for scanner availability/configuration errors, making it clear when the scan cannot run (e.g., missing SNYK_TOKEN).
- Improved error handling: the installer now explicitly separates scanner setup errors from skill security issues.
- Minor documentation updates for clarity and accuracy.
元数据
常见问题
skill-guard w Snyk Agent Scan 是什么?
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 371 次。
如何安装 skill-guard w Snyk Agent Scan?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-guard-snyk-agent-scan」即可一键安装,无需额外配置。
skill-guard w Snyk Agent Scan 是免费的吗?
是的,skill-guard w Snyk Agent Scan 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
skill-guard w Snyk Agent Scan 支持哪些平台?
skill-guard w Snyk Agent Scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 skill-guard w Snyk Agent Scan?
由 pepe(@firefrog-pepe)开发并维护,当前版本 v1.0.3。
推荐 Skills