← 返回 Skills 市场
sudhindrat

Skill Scanner

作者 sudhindrat · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
206
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-security-scan
功能描述
Security checks for installing skills, packages, or plugins. Use BEFORE any `npm install`, `openclaw plugins install`, `clawhub install`, or similar install...
安全使用建议
This skill is a safe, instruction-only checklist you can use before installing packages. Before you rely on it: ensure the environment where checks run has npm/git if you want the automated commands to work; review any commands the agent would execute (it may run `npm info`, `npm audit`, or inspect package.json); treat the checklist as guidance — it doesn't auto-block installs; and continue to require explicit user approval before running or installing anything flagged as suspicious.
功能分析
Type: OpenClaw Skill Name: skill-security-scan Version: 1.0.0 The skill bundle (skill-security-scan) is a defensive utility providing a comprehensive security checklist and heuristics for an AI agent to follow before installing third-party packages. It includes instructions to verify sources, audit dependencies, check for lifecycle scripts, and identify known attack patterns like 'ClawHavoc' or 'AuthTool' in SKILL.md. The instructions are aligned with the stated purpose of enhancing security and do not contain any malicious payloads or exfiltration logic.
能力评估
Purpose & Capability
Name and description match the SKILL.md content: it is a pre-install security checklist for skills/packages. There are no unrelated environment variables, binaries, or installs requested that would be disproportionate to the stated purpose.
Instruction Scope
The runtime instructions are advisory (inspect package.json, run `npm info`, `npm audit`, check repos, look for downloads/lifecycle scripts, etc.). This is appropriate for a security checklist. One minor mismatch: the skill expects tools like `npm` and `git` to be available but the metadata does not declare required binaries — that is reasonable given it's instruction-only but worth noting so an operator knows these checks rely on external CLI tools.
Install Mechanism
No install spec and no code files — lowest-risk category. The skill does not download or execute third-party code itself.
Credentials
The skill requests no credentials, environment variables, or config paths. Its guidance to look for credential-access patterns (e.g., `.env`, `~/.ssh/`) is appropriate for its purpose rather than an attempt to access them.
Persistence & Privilege
always is false and the skill is user-invocable. Model invocation is allowed (default) but that is appropriate for a helper skill and not excessive given the skill has no install or credential requests.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-security-scan
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-security-scan 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Major update: Migrated from an automated shell audit tool to a comprehensive pre-install security checklist and manual review workflow. - Removed all audit scripts and blocklist/allowlist files; the skill no longer performs automated scanning. - Added detailed, actionable checklists for vetting sources, popularity, dependencies, lifecycle scripts, and post-install risks. - Expanded instructions to cover npm and ClawHub skill/package/plugin installs, including dynamic content, core file protection, and reporting known attack campaigns. - Focus is now on practical user guidance for risk assessment at install-time, rather than automated post-hoc scanning.
元数据
Slug skill-security-scan
版本 1.0.0
许可证 MIT-0
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Skill Scanner 是什么?

Security checks for installing skills, packages, or plugins. Use BEFORE any `npm install`, `openclaw plugins install`, `clawhub install`, or similar install... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 206 次。

如何安装 Skill Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-security-scan」即可一键安装,无需额外配置。

Skill Scanner 是免费的吗?

是的,Skill Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Scanner 支持哪些平台?

Skill Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Scanner?

由 sudhindrat(@sudhindrat)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论