← 返回 Skills 市场

Skill Security Guard

Name: Skill Security Guard
Author: sukimgit

作者 sukimgit · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ✓ 安全检测通过

187

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skill-security-guard-publish

功能描述

Skill 安全扫描器 - 检测第三方技能的恶意代码、信息泄露等安全风险，保护你的 AI 助手安全！

安全使用建议

This skill appears to be a legitimate local security scanner. Before running it: 1) don’t point it at system root or sensitive directories (e.g., /, your home, or cloud creds directories) while running as an elevated user—it will read files and could report sensitive content; 2) expect active network checks if you allow network scanning or if the scanner is configured to validate discovered URLs (these can contact remote hosts); 3) review scanner output and the rules/whitelist (rules/safe_domains.json) and avoid running it with root unless necessary; 4) verify you trust the skill source/author before giving it access to private repositories or directories. If you want extra assurance, inspect scanner.py for any data exfiltration paths (e.g., code that posts findings to remote servers) — none were evident in the provided files, but the full scanner.py and remaining truncated files should be reviewed if you need maximum assurance.

功能分析

Type: OpenClaw Skill Name: skill-security-guard-publish Version: 1.0.2 The skill bundle is a security auditing tool designed to scan other OpenClaw skills for malicious code, hardcoded secrets, and risky configurations. It utilizes static analysis (AST and regex) in scanner.py and various checker modules (code_checker.py, sensitive_checker.py) to identify patterns like RCE, data exfiltration, and unauthorized file access. While the bundle includes active system and network probing capabilities in network_checker.py (e.g., port scanning and firewall status checks), these behaviors are consistent with its stated purpose as a 'Security Guard' and show no evidence of malicious intent, unauthorized data exfiltration, or prompt injection.

能力评估

✓ Purpose & Capability

Name/description (security scanner) align with what is included: multiple checker modules (code/file/network/sensitive), a CLI entry (scanner.py), and a whitelist file. Required binary is only python and no unrelated credentials or unusual system paths are requested.

ℹ Instruction Scope

SKILL.md instructs running python scanner.py against a skill or directory. The scanner legitimately reads files, parses code (AST/regex), and may detect/flag env var usage or URLs. Note: the included network_checker can perform active network operations (port checks, SSL retrievals) and file_checker will stat/read files; these behaviors are expected for this tool but mean it will access local files and may perform network probes of hosts it discovers or is asked to check.

✓ Install Mechanism

No install spec — instruction-only invocation requiring only Python 3.7+. The code uses only standard-library modules per files shown, matching the SKILL.md claim of 'no extra packages'. No remote downloads or archive extraction are present.

✓ Credentials

The skill requests no environment variables or credentials. The code scans for patterns that indicate environment-variable usage in target code but does not itself require or exfiltrate credentials. No disproportionate secrets access is declared.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It does run code that may call subprocesses (netsh/iptables/systemctl) when checking firewall status — these calls are limited and expected for a network/security scanner, but may require appropriate OS permissions when executed.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skill-security-guard-publish
安装完成后，直接呼叫该 Skill 的名称或使用 /skill-security-guard-publish 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- 修复 Windows 编码问题（报告 emoji 无法显示） - 添加 UTF-8 编码支持

v1.0.1

Version 1.0.1 - Code refactored to include complete docstrings, type hints, and PEP 8 compliance. - Improved error messaging with user-friendly details and troubleshooting suggestions. - Unified interface standard for all checkers. - Documentation clarified and enhanced. - Added new checker modules for structure and clarity. - Removed redundant release notes file.

v1.0.0

Initial release of skill-security-guard: - Detects malicious code, information leaks, and other security risks in third-party skills. - Scans and reports on HTTP/HTTPS requests, file operations, dangerous functions, and sensitive information. - Provides risk scoring and actionable security suggestions. - Easy CLI usage; supports single-skill or directory scans with verbose reporting. - White-listing and custom rule support to reduce false positives.

元数据

Slug skill-security-guard-publish

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Skill Security Guard 是什么？

Skill 安全扫描器 - 检测第三方技能的恶意代码、信息泄露等安全风险，保护你的 AI 助手安全！. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 187 次。

如何安装 Skill Security Guard？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-security-guard-publish」即可一键安装，无需额外配置。

Skill Security Guard 是免费的吗？

是的，Skill Security Guard 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Skill Security Guard 支持哪些平台？

Skill Security Guard 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Skill Security Guard？

由 sukimgit（@sukimgit）开发并维护，当前版本 v1.0.2。