← 返回 Skills 市场
billyhetech

skill-scanner

作者 billyhetech · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
106
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-scanner-v1
功能描述
Security-first skill vetting for AI agents on OpenClaw and Claude Code. Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and Cl...
安全使用建议
This skill is internally consistent and reasonable for scanning SKILL.md files. Before using it: 1) Only allow network fetching when you trust the remote host — fetching an arbitrary URL could expose the skill to network-based hazards; prefer pasting content if you don't want the agent to fetch. 2) Be aware the scanner will read local SKILL.md files if you supply a path (e.g., ~/.openclaw/skills/...), so avoid passing files that contain secrets. 3) Treat the scanner's output as advisory — it can miss novel obfuscation techniques; for high assurance, run additional, isolated checks or inspect flagged lines manually. 4) If you plan to let the agent run scans automatically on install, consider restricting auto-fetching and reviewing any flagged evidence before installing a skill.
功能分析
Type: OpenClaw Skill Name: skill-scanner-v1 Version: 1.0.0 The skill is a security auditing utility designed to help AI agents vet other OpenClaw skills for malicious patterns, permission abuse, and prompt injection. The instructions in SKILL.md provide a structured framework for static analysis and reporting without requesting any sensitive permissions or executing suspicious code itself.
能力评估
Purpose & Capability
Name and description match the instructions: the SKILL.md describes fetching/parsing SKILL.md content from URLs, GitHub raw, or local paths and running static checks. No unrelated binaries, environment variables, or config paths are requested in the registry metadata.
Instruction Scope
Runtime instructions are limited to fetching/parsing SKILL.md content, running pattern checks, and returning evidence-backed flags. It explicitly accepts pasted content, local skill paths (~/.openclaw/skills/[name]/SKILL.md), and URLs. This file access and optional network fetch are coherent with the stated scanning purpose. The 'proactively offer to scan' guidance is broad but not dangerous by itself.
Install Mechanism
No install spec and no code files are present — this is instruction-only. That minimizes risk because nothing is written to disk or executed beyond the platform's normal agent behavior.
Credentials
The skill declares no required env vars, no primary credential, and no special config paths. The instructions reference local skill paths and remote URLs only — appropriate for a scanner and proportional to its function.
Persistence & Privilege
Flags: always=false and default model invocation allowed. There is no request for permanent presence, no modification of other skills' configs, and no privilege escalation behavior in the SKILL.md. Autonomous invocation is platform-default and not, by itself, a concern here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-scanner-v1
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-scanner-v1 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-scanner: fast, security-first AI skill vetting tool. - Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and ClawHavoc attack vectors. - Assigns a clear Safe / Caution / Danger verdict based on five detailed static checks. - Accepts ClawHub/GitHub URLs, local paths, or pasted content for analysis. - Cites specific concerns with exact fields/lines and suggests fix recommendations. - Proactively offers to scan any skill the user mentions installing.
元数据
Slug skill-scanner-v1
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

skill-scanner 是什么?

Security-first skill vetting for AI agents on OpenClaw and Claude Code. Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and Cl... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 106 次。

如何安装 skill-scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-scanner-v1」即可一键安装,无需额外配置。

skill-scanner 是免费的吗?

是的,skill-scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

skill-scanner 支持哪些平台?

skill-scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 skill-scanner?

由 billyhetech(@billyhetech)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论