← 返回 Skills 市场
Skill Safety Checker
作者
austindixson
· GitHub ↗
· v1.0.0
621
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-safety-checker
功能描述
Runs VirusTotal-style security checks on OpenClaw/Cursor skills before install, including remote code execution (RCE) and malicious code (obfuscation, exfilt...
安全使用建议
This skill is internally coherent and appropriate for auditing other skills: it needs read access to skill folders and registry metadata to do its job, but it does not request credentials or install code. Before enabling automatic 'run-on-install' behavior, confirm you are comfortable granting the agent read access to your skills directories (e.g. ~/.openclaw/skills, ~/.cursor/skills). Treat the checker as a helpful filter, not a perfect oracle — for high-risk or complex skills manually inspect scripts and releases, verify upstream sources, and run untrusted installs in a sandbox. If you want extra caution, restrict the agent from automatically running the checker without your confirmation, or require the checker to run in a read-only/sandboxed environment.
功能分析
Type: OpenClaw Skill
Name: skill-safety-checker
Version: 1.0.0
This skill bundle is a security analysis tool designed to detect vulnerabilities and malicious code in *other* OpenClaw skills. The `SKILL.md` and `reference.md` files meticulously describe various risky patterns (RCE, data exfiltration, backdoors, obfuscation, sensitive reads) but only in the context of *identifying* and *reporting* them. The instructions for the OpenClaw agent are to perform security checks and to *prevent* the installation of skills exhibiting these patterns, not to execute them itself. There is no evidence of prompt injection, malicious execution, or any harmful intent within the analyzed files; instead, the skill actively promotes secure practices.
能力评估
Purpose & Capability
Name/description match the SKILL.md and reference.md: the skill inspects a target skill's SKILL.md, registry metadata, install spec, and files in the target skill directory to look for RCE/malicious patterns and registry inconsistencies. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
Runtime instructions describe reading a target skill's metadata, SKILL.md, and any scripts in the skill folder to detect unsafe patterns. That scope is appropriate for a security checker. The instructions explicitly avoid recommending reading unrelated secrets (e.g. ~/.ssh, ~/.aws) and call those out as malicious patterns to flag.
Install Mechanism
No install specification and no code files (instruction-only). This minimizes on-disk persistence and risk from third-party installs; expected and proportional for this kind of audit skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its checks examine skill metadata and files only, which is proportionate to the stated purpose.
Persistence & Privilege
Skill is user-invocable and allows model invocation (platform default). SKILL.md recommends an agent rule to run the checker automatically 'whenever the user installs or adds a skill' — the skill itself does not set always:true, but if an agent is configured to run it automatically during install flows, it will be invoked frequently and will need read access to skill directories. This is expected for its purpose but operators should ensure the agent's automatic invocation policy and filesystem permissions are appropriate.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-safety-checker - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-safety-checker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the skill-security-check tool for OpenClaw/Cursor skills.
- Provides structured, VirusTotal-style security checks for skills before install, focusing on remote code execution (RCE) and malicious code detection.
- Compares registry metadata with SKILL.md for consistency in purpose, required binaries, install steps, and credential declarations.
- Flags suspicious patterns such as obfuscated code, install instructions from untrusted sources, and unexpected credential or privilege requirements.
- Ensures all skills in the user’s directory can be batch-checked and classified as Benign or Suspicious, supporting user security decisions.
- Designed to help both skill authors and users objectively assess and improve skill safety before installation or credential sharing.
元数据
常见问题
Skill Safety Checker 是什么?
Runs VirusTotal-style security checks on OpenClaw/Cursor skills before install, including remote code execution (RCE) and malicious code (obfuscation, exfilt... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 621 次。
如何安装 Skill Safety Checker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-safety-checker」即可一键安装,无需额外配置。
Skill Safety Checker 是免费的吗?
是的,Skill Safety Checker 完全免费(开源免费),可自由下载、安装和使用。
Skill Safety Checker 支持哪些平台?
Skill Safety Checker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Safety Checker?
由 austindixson(@austindixson)开发并维护,当前版本 v1.0.0。
推荐 Skills