← 返回 Skills 市场
109
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install skill-pre-install-scanner
功能描述
Pre-install safety check for ClawHub skills — scans for the 3 highest-risk signals before anything lands on disk. Free taster. Full 10-signal scanner in the...
安全使用建议
This skill is instruction-only and coherent with its stated purpose: it fetches skill manifests and flags risky patterns before install, and it doesn't ask for secrets. Before installing, confirm your platform actually invokes pre-install skills at the install hook (so the "intercept" claim is meaningful). Also remember this is a free 3-signal taster — it is not a full audit, so consider running a post-install scanner or using the full Security Pack for deeper checks. Beware of external purchase links (Gumroad) if you consider buying the full pack.
功能分析
Type: OpenClaw Skill
Name: skill-pre-install-scanner
Version: 1.1.0
The skill-pre-install-scanner is a defensive utility designed to intercept installation commands and perform a security audit on remote skill manifests before they are downloaded. It uses the agent's web_fetch and web_search tools to identify high-risk patterns such as shell/network combinations and unverified publishers. While the bundle includes marketing links to a paid 'Security Pack' on Gumroad and contains multiple instruction variants (SKILL-FULL.md, SKILL-LITE.md), its logic is entirely focused on providing security guardrails and lacks any evidence of malicious intent, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
Name/description match the declared requirements and instructions: the skill fetches SKILL.md/meta from ClawHub and scans for exec+network, hardcoded URLs, and publisher verification. Required tools (web_fetch, web_search) are appropriate and no unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions are limited to fetching manifests, checking patterns (exec/network, URLs), and looking up publisher metadata. The docs show specific fetch endpoints and clear risk/rating rules. One minor note: the text says it "intercepts a clawhub install" — this is coherent if the platform invokes the skill pre-install, but the operator should confirm the platform actually triggers the skill at that hook.
Install Mechanism
No install spec and no code files that would be written or executed on disk; instruction-only approach is lowest-risk for installation. Nothing is downloaded from arbitrary URLs by the skill itself.
Credentials
No environment variables, keys, or config paths requested. The checks it performs (web fetch/search) do not require additional credentials, so requested access is proportionate to purpose.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or cross-skill configuration changes. It instructs blocking installs and requiring --force overrides, which is appropriate behavior for a pre-install gate.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-pre-install-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-pre-install-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Lite version: free taster. Full version in the ClawHub Security/Ops Pack on Gumroad.
v1.0.0
Initial release
元数据
常见问题
Pre-Install Scanner 是什么?
Pre-install safety check for ClawHub skills — scans for the 3 highest-risk signals before anything lands on disk. Free taster. Full 10-signal scanner in the... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 109 次。
如何安装 Pre-Install Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-pre-install-scanner」即可一键安装,无需额外配置。
Pre-Install Scanner 是免费的吗?
是的,Pre-Install Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pre-Install Scanner 支持哪些平台?
Pre-Install Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pre-Install Scanner?
由 Ordo-tech(@ordo-tech)开发并维护,当前版本 v1.1.0。
推荐 Skills