← 返回 Skills 市场
Skill Safety Scanner
作者
infectit007
· GitHub ↗
· v1.0.0
· MIT-0
81
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-safety-scanner
功能描述
Scan your installed ClawHub skills for dangerous code patterns — credential harvesting, shell injection, unauthorized network calls, and known malicious sign...
安全使用建议
This instruction-only skill is largely consistent with its stated purpose (running the local OpenClaw scanner and formatting results), but check a few things before using it:
- Confirm the CLIs: make sure `openclaw` and `clawhub` are the correct, expected local tools on your system. The SKILL.md mixes both names; verify `clawhub uninstall` will remove skills safely.
- Run the scanner manually first: run `openclaw security audit --deep --json` yourself and inspect the raw JSON before using any automation from this skill.
- Be careful with scheduling and memory: avoid using the example prompt that reports findings 'to memory' unless you know where memory is stored and that it never leaves your machine. Prefer local-only storage (files) for scan reports.
- Review deletion commands before running: the provided `rm -rf` is destructive. Only use auto-remove after manually verifying evidence.
- Understand data access: the skill will read every installed skill's source (including any secrets embedded there). That is necessary for auditing but means scan outputs may contain sensitive values — handle reports accordingly.
If you want higher assurance: run the OpenClaw audit manually, inspect the SKILL.md content yourself (it is provided), and avoid enabling scheduled/automatic reporting to agent memory or remote services.
功能分析
Type: OpenClaw Skill
Name: skill-safety-scanner
Version: 1.0.0
The skill is a security utility designed to audit other installed skills using the native 'openclaw security audit' command. It identifies dangerous patterns like credential harvesting or shell injection and provides a structured report and uninstallation options (SKILL.md). There is no evidence of data exfiltration, obfuscation, or malicious intent; all actions are local and aligned with the stated purpose of enhancing workspace security.
能力评估
Purpose & Capability
The name/description match the actions: it runs a local OpenClaw audit and formats results. However the SKILL.md mixes tooling names (openclaw security audit vs clawhub uninstall) — this may be benign (two CLIs for related functionality) but you should confirm both commands exist on your system and are the correct managers for installed skills.
Instruction Scope
Instructions tell the agent to run `openclaw security audit --deep --json`, parse JSON, read every installed skill under ~/.openclaw/workspace/skills, show evidence, and (optionally) run `clawhub uninstall` + `rm -rf`. Those actions require reading arbitrary skill source files. The doc repeatedly claims 'zero network calls' and 'no data leaves your machine', but the scheduling example stores results 'to memory' (agent memory) — if the platform syncs memory to a cloud service, that could leak scan output. Verify where 'memory' is stored and whether 'openclaw cron add' actually persists prompts externally.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install risk. It executes existing local CLIs; nothing is downloaded or written by default.
Credentials
No environment variables, credentials, or config paths are declared or required. The skill does instruct reading installed-skill files (under ~/.openclaw/workspace/skills), which is proportional to auditing purposes but means the scanner will inspect any secrets present in skill code — expected, but worth knowing.
Persistence & Privilege
The skill itself is not always-enabled. However the SKILL.md encourages creating a cron job via `openclaw cron add` that runs the scan automatically and (in the example) writes results to 'memory'. That creates persistent scheduled runs and stored outputs; if your agent platform persists or syncs memory to external services, scheduled runs and stored scan reports could leak sensitive info. Also automated removal commands (rm -rf) are destructive if misapplied — the skill does say to ask confirmation, but automated workflows increase risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-safety-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-safety-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. Scans installed ClawHub skills for dangerous patterns using OpenClaw built-in scanner. Single SKILL.md file — fully transparent source.
元数据
常见问题
Skill Safety Scanner 是什么?
Scan your installed ClawHub skills for dangerous code patterns — credential harvesting, shell injection, unauthorized network calls, and known malicious sign... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 Skill Safety Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-safety-scanner」即可一键安装,无需额外配置。
Skill Safety Scanner 是免费的吗?
是的,Skill Safety Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Safety Scanner 支持哪些平台?
Skill Safety Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Safety Scanner?
由 infectit007(@infectit007)开发并维护,当前版本 v1.0.0。
推荐 Skills