← 返回 Skills 市场
130
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-security-scan-dxx
功能描述
Scan installed OpenClaw skills for potential security risks. Use when you want to check if skills contain dangerous commands, access sensitive paths, or have...
安全使用建议
This script appears to be a straightforward local scanner. Before running it, inspect the skill_scan.py yourself (you already have the source) and confirm it contains no network calls or code-execution paths (it does not). Run it in a safe/test environment if any skills contain sensitive secrets, since the scanner will read files under ~/.openclaw/workspace/skills. If you use it regularly, consider improving false-positive handling and binary detection, and avoid trusting scanner output as a replacement for manual review of flagged files.
功能分析
Type: OpenClaw Skill
Name: skill-security-scan-dxx
Version: 1.0.0
The skill is a security utility designed to perform static analysis on other installed OpenClaw skills to identify potentially dangerous commands, sensitive path access, and insecure network requests. The Python script `skill_scan.py` implements a straightforward regex-based scanner that checks for patterns like 'rm -rf', fork bombs, and access to directories like ~/.ssh/ or ~/.aws/. The code uses only standard libraries, does not exfiltrate data, and its behavior is entirely consistent with the documentation provided in SKILL.md.
能力评估
Purpose & Capability
Name/description match behavior: the code scans ~/.openclaw/workspace/skills for dangerous commands, sensitive paths, and network-call patterns. The requested resources (none) align with a local scanner.
Instruction Scope
SKILL.md instructs running the included Python script from the skills directory which is consistent with its purpose. The scanner reads all non-ignored files under the skills tree (may read files that contain secrets), and it ignores some document filetypes; these are implementation choices (may cause false negatives/positives) but not scope creep.
Install Mechanism
No install spec; the skill is instruction+script only. Nothing is downloaded or written to disk by an installer step beyond the existing skill files.
Credentials
No environment variables, credentials, or config paths are requested. The scanner only looks for sensitive path strings in other skills' files; it does not attempt to read external secrets or ask for unrelated credentials.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not modify other skills or global agent settings; it simply reads files under the skills directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-security-scan-dxx - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-security-scan-dxx触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-security-scan
- Scans all installed OpenClaw skills for potential security risks.
- Detects dangerous commands (e.g., rm -rf /, fork bombs).
- Checks for access to sensitive paths and risky use of eval/exec.
- Reviews network request security (such as missing SSL verification).
- Generates a detailed risk report to help identify and manage threats.
- Includes usage guidance and security best practices for skill management.
元数据
常见问题
Skill Security Scanner by dxx 是什么?
Scan installed OpenClaw skills for potential security risks. Use when you want to check if skills contain dangerous commands, access sensitive paths, or have... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 130 次。
如何安装 Skill Security Scanner by dxx?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-security-scan-dxx」即可一键安装,无需额外配置。
Skill Security Scanner by dxx 是免费的吗?
是的,Skill Security Scanner by dxx 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Security Scanner by dxx 支持哪些平台?
Skill Security Scanner by dxx 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Security Scanner by dxx?
由 ntaffffff(@ntaffffff)开发并维护,当前版本 v1.0.0。
推荐 Skills