← 返回 Skills 市场
dgriffin831

Skill Scan

作者 dgriffin831 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2192
总下载
3
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-scan
功能描述
Security scanner for OpenClaw skill packages. Scans skills for malicious code, evasion techniques, prompt injection, and misaligned behavior BEFORE installation. Use to audit any skill from ClawHub or local directories.
安全使用建议
This package appears to be a legitimate, featureful skill-scanner, but there are some red flags you should act on before installing or enabling automatic behavior: 1) Inspect the SKILL.md and AGENTS.md templates for hidden or coercive instructions (look for 'ignore previous instructions' language and any invisible/unicode-control characters). If present, remove or sanitize those lines. 2) Review the included source files (skill_scan/ and test-fixtures/) locally or in a sandbox before running the CLI, especially if you will grant it permission to edit AGENTS.md or run LLM-enabled analysis. The code bundle contains both safe test fixtures and explicit malicious examples used for evaluation — confirming behaviour matters. 3) Be cautious about granting LLM API keys (OPENAI_API_KEY/ANTHROPIC_API_KEY) to the environment unless you trust the skill; LLM layers run arbitrary prompt content against those providers. 4) Prefer manual (on-demand) scanning over automatic installation hooks. If you choose automatic integration, require an explicit review step and backup the current AGENTS.md before allowing modifications. 5) If you accept the skill, run it initially with static analysis only (no --llm) and examine JSON output (--json) to verify the scanner's behavior; only enable alerting channels after testing. If you want, I can: (a) show the exact AGENTS.md templates included so you can inspect them, (b) list files in skill_scan/ that perform code execution or network calls, or (c) produce a sanitized AGENTS.md patch you can apply manually instead of allowing the skill to change it automatically.
功能分析
Type: OpenClaw Skill Name: skill-scan Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'skill-scan' is a security scanner designed to detect malicious code, evasion techniques, and prompt injection in *other* skill packages. Its code (`scanner.py`, `ast_analyzer.py`, `prompt_analyzer.py`, `llm_analyzer.py`, `rules/dangerous-patterns.json`) implements various detection mechanisms, which inherently involve looking for high-risk patterns. The `SKILL.md` provides instructions for the agent to integrate this scanner into its workflow to *enhance* security, not compromise it. Files containing actual malicious code (e.g., reverse shells, credential exfiltration) are clearly labeled as `test-fixtures` and are used solely for evaluating the scanner's effectiveness, not as part of its operational logic. All observed behaviors are aligned with its stated purpose as a security tool.
能力评估
Purpose & Capability
The name/description match the included functionality: a multi-layer scanner with optional LLM analysis and ClawHub integration. Requested environment variables (OPENAI_API_KEY, ANTHROPIC_API_KEY, PROMPTINTEL_API_KEY, alert channel vars) are consistent with LLM scanning and alerting. One mismatch: the registry metadata says 'instruction-only / no install spec' but the package contains a full Python project (CLI, analyzers, tests, 100+ files). That isn't necessarily malicious, but it's an inconsistency you should be aware of (code will be present in the skill directory even though no platform-level installer is declared).
Instruction Scope
The SKILL.md contains explicit runtime instructions for the agent (scan-before-install workflow) and templates to insert into AGENTS.md. Option A uses strong language ('non-negotiable — never skip the scan') and recommends automatic pre-install scanning/blocking behavior. While this is plausible for a security tool, it also instructs the agent to alter its install workflow and to block installs automatically — a higher-scope action than simply providing a scanner. Additionally, automated alerting and LLM-provider auto-detection are described; the SKILL.md also includes content that triggered prompt-injection detections (see scan_findings_in_context).
Install Mechanism
No external install spec or remote download is declared (low install-mechanism risk). However, the repository includes a full Python CLI and many code files that would be written into the workspace when the skill is installed. There are no suspicious remote URLs or archive installs in the metadata, but because code is present, review the included source before running any CLI or LLM-enabled features.
Credentials
Environment variables mentioned are appropriate for the stated features: LLM provider keys for optional deep analysis (OPENAI_API_KEY, ANTHROPIC_API_KEY), a PROMPTINTEL key for an optional integration, and alert-channel variables for sending notifications. No unrelated or excessive credentials are demanded in SKILL.md or project metadata.
Persistence & Privilege
The skill suggests automatically modifying your AGENTS.md (agent instruction file) during installation to enforce pre-install scanning. That amounts to persistent changes to the agent's behavior/configuration and is outside a simple on-demand scanner's minimal scope. The skill does not set always:true, but it does recommend automatic, non-optional integration which increases its effective privilege. If you allow the skill to edit agent instructions, you should review/approve the exact changes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-scan
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-scan 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-scan – a multi-layered security scanner for OpenClaw skills. - Scans skills (local or from ClawHub) for malicious code, evasion, prompt injection, and misaligned behavior before installation. - Features 6 analysis layers, 60+ detection rules, and context-aware scoring to reduce false positives. - Supports static and optional LLM-powered deep inspection. - Provides detailed risk scores with actionable exit codes for automation. - Integrates with agent workflows via AGENTS.md templates (automatic or manual scanning). - Flexible output (text, JSON, compact, quiet) and supports batch audits.
元数据
Slug skill-scan
版本 1.0.0
许可证
累计安装 7
当前安装数 7
历史版本数 1
常见问题

Skill Scan 是什么?

Security scanner for OpenClaw skill packages. Scans skills for malicious code, evasion techniques, prompt injection, and misaligned behavior BEFORE installation. Use to audit any skill from ClawHub or local directories. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2192 次。

如何安装 Skill Scan?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-scan」即可一键安装,无需额外配置。

Skill Scan 是免费的吗?

是的,Skill Scan 完全免费(开源免费),可自由下载、安装和使用。

Skill Scan 支持哪些平台?

Skill Scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Scan?

由 dgriffin831(@dgriffin831)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论