← 返回 Skills 市场
320
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install skill-sec-scan
功能描述
自动检测并评分 ClawHub、GitHub 和本地 Skill 中 JS、TS、Python、Shell 文件的安全风险,识别数据泄露、注入、混淆和木马等威胁。
安全使用建议
What to consider before installing or running this skill:
- Purpose vs implementation: The skill's description and SKILL.md claim multi-language scanning and remote-URL support, but the Node scanner only walks .js files; confirm which script is actually used in your environment (the shell scripts appear to implement more checks). If you rely on .py or .sh scanning, verify the scanner actually inspects those files.
- Remote targets: SKILL.md shows commands that accept GitHub/ClawHub URLs. Before passing a URL, inspect scan.sh to confirm it clones/downloads repositories in a safe, read-only way (and does not run any install scripts from the target). If unsure, clone the target manually into a sandbox and run the scanner against the local copy.
- Execution risk: Running index.js will invoke the included shell scanner via execSync; running the bundled scripts will execute grep/sed/other command-line utilities and read many files. That is expected, but avoid running the scanner as root and run it in an isolated/sandboxed environment when scanning untrusted repos.
- False positives and coverage: The scanner is rule-based with many aggressive regexes; expect false positives. The SKILL.md enforces a two-step flow (static report then optional LLM analysis) which helps avoid blind automated decisions — keep that workflow.
- Verify truncations: Parts of scripts were truncated in the provided content. Review the full scripts/scan.sh and scan-all.sh to ensure there are no hidden fetch-or-execute steps (e.g., automatic 'curl | bash', running postinstall hooks, or executing target code). If you cannot inspect the full code, treat the skill as untrusted and run only in a sandbox.
If you want, I can: (1) point out exact lines to inspect in scripts/scan.sh for remote-fetch behavior, (2) summarize where the node scanner and shell scanner differ, or (3) recommend a safe command sequence to run this scanner against a cloned repository in a disposable environment.
功能分析
Type: OpenClaw Skill
Name: skill-sec-scan
Version: 4.4.1
The bundle is a security scanner tool designed to audit other OpenClaw skills for malicious patterns. It uses a combination of static analysis (via shell scripts and Node.js) and guided LLM semantic analysis to identify risks such as data exfiltration, command injection, and backdoors. The core logic in `scripts/scan.sh` and `node/scanner.js` uses regular expressions to flag dangerous code patterns (e.g., private keys, `eval`, `rm -rf`) and generates a detailed security report. While the tool performs high-risk operations like downloading remote content and executing shell commands, these actions are strictly aligned with its stated purpose as a security utility and are transparently documented in `SKILL.md` and `SKILL_EN.md`.
能力评估
Purpose & Capability
The SKILL.md and scripts claim multi-language support (.js, .ts, .py, .sh) and remote ClawHub/GitHub scanning. The shipped Bash scripts implement many language checks, but the Node SecurityDetector (node/scanner.js) only recursively scans .js files. index.js simply invokes scripts/scan.sh via execSync. This mismatch (Node code scanning only .js while other scripts claim broader coverage) and the advertised ability to scan remote URLs are not fully substantiated in the visible code.
Instruction Scope
The SKILL.md explicitly instructs the agent to run scripts/scan.sh and to not proceed to LLM analysis without user confirmation; that flow is clear and reduces some risk. The instructions ask the agent to scan local skill directories (e.g., ~/.openclaw/workspace/skills) and to optionally perform semantic LLM analysis using prompts derived from the scan output. The agent will read many files under the target path (expected), but the README claims remote scanning of URLs — the provided scripts as shown do not clearly include safe, explicit remote-fetch handling (clone/download) in the visible portions, so behavior on URL inputs is ambiguous.
Install Mechanism
There is no install spec (instruction-only from the registry standpoint). The package includes shell scripts and Node code; nothing in the manifest downloads external code during install. Running the provided scripts will write nothing to system paths beyond typical transient console output. Risk comes from executing the included scripts (they run locally) rather than an external installer URL.
Credentials
The skill declares no required env vars or credentials. The scanner contains detection rules that look for patterns like process.env.AWS_/AZURE_ etc. — this is expected for a scanner (it flags code that references credentials) and does not itself require those secrets.
Persistence & Privilege
always:false and no special persistence or system-wide modifications are requested. The skill reads files in skill directories (its stated purpose) and does not request to modify other skills or global agent configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-sec-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-sec-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.4.1
v4.4.1: 重构 LLM prompt - 六维评估框架(数据透明/权限边界/行为透明/供应链风险/用户控制/成本告知)+ 越界行为列 + 额外判断标准
v4.4.0
v4.4: 逐文件分析改为表格格式,新增越界行为列(⚠️ 维度X+Y / 无明显越界行为),与六维评估一一对应
v4.3.0
v4.3: 重构 LLM 语义分析 prompt - 引入安全评估六维框架(数据透明/权限边界/行为透明/供应链风险/用户控制/成本告知)+ 六维额外判断标准;修复文件内容重复输出 bug
v4.2.0
v4.2: 规范 Agent 操作流程(先报告→询问→确认后语义分析);新增双层检测机制文档;修复下载逻辑(HTTP验证+git clone降级);精简 LLM 提示;交互式用户体验
v4.1: 新增 LLM 语义分析提示生成(解决静态扫描误报)
v4.0: 威胁分类、完整报告规范、JSONL 输出
v1.0.0
Initial release of skill-sec-scan – a comprehensive security scanner for ClawHub, GitHub, and local skills.
- Supports JavaScript, TypeScript, Python, and Shell file scanning.
- Detects 4 major threat categories: Data Exfiltration, Injection Attacks, Code Obfuscation, and Trojans.
- Includes 57 specialized detection rules covering 60+ risk patterns.
- Provides automated security scoring, full threat report, and customizable whitelist.
- Offers command-line usage for both remote and local scanning, with batch scan and multiple report formats (Markdown, JSON, JSONL).
- Outputs standardized, detailed security reports with clear recommendations.
元数据
常见问题
Skill Security Scanner 是什么?
自动检测并评分 ClawHub、GitHub 和本地 Skill 中 JS、TS、Python、Shell 文件的安全风险,识别数据泄露、注入、混淆和木马等威胁。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 320 次。
如何安装 Skill Security Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-sec-scan」即可一键安装,无需额外配置。
Skill Security Scanner 是免费的吗?
是的,Skill Security Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Security Scanner 支持哪些平台?
Skill Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Security Scanner?
由 moer(@torchesfrms)开发并维护,当前版本 v4.4.1。
推荐 Skills