← 返回 Skills 市场
lanew197894fun-cmd

Skill Security Vet

作者 lanew197894fun-cmd · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
278
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install skill-security-vet
功能描述
技能安全審核 - 整合本地掃描 + VirusTotal 雲端威脅情報
安全使用建议
This skill can scan installed skills and query VirusTotal, which matches its description — but it also contains a full-disk scanning mode and can automatically quarantine or delete files. Before installing or running it: 1) Inspect the code yourself or run it in a sandbox or VM first. 2) Disable automatic actions (autoQuarantine/autoRemove/autoScanOnStartup) in the config before running scans. 3) Do not provide your VirusTotal API key until you confirm where it is stored (the code writes plain JSON to ~/.opencode/config). 4) Backup ~/.opencode/skill (and important data) so you can recover if the tool quarantines or removes files. 5) If you only want skill-level checks, run the tool with explicit arguments (e.g., scan for specific skills) and avoid 'local' or 'full' modes. If you are not comfortable reviewing the code or running it in an isolated environment, treat this skill as high-risk.
功能分析
Type: OpenClaw Skill Name: skill-security-vet Version: 2.0.0 The skill-security-vet bundle is a security auditing tool that performs local and cloud-based (VirusTotal) threat detection. While its stated purpose is defensive, it contains high-risk capabilities including broad filesystem scanning of system drives ('/' or 'C:\') in vet.ts, and the ability to automatically 'quarantine' (move) or delete files and directories in both vet.ts and startup-scan.ts. The inclusion of a startup script that automatically scans and potentially disables other skills, combined with the invasive nature of the full system scan, makes this bundle suspicious despite its documented utility. It communicates with virustotal.com for file reputation checks.
能力评估
Purpose & Capability
Name and description claim a skills security vet that integrates local scanning and VirusTotal — the code implements that for ~/.opencode/skill and VirusTotal lookups, which is coherent. However the vet.ts also implements a full local-disk scanner (scanLocalComputer) with support for scanning system drives and suspicious binary extensions; that broad disk scanning and file-level handling is not clearly advertised in SKILL.md examples, creating a capability mismatch.
Instruction Scope
The SKILL.md examples only show scanning installed skills and configuring a VirusTotal API key. The code supports additional modes (local, full) that traverse filesystem roots, examine many file types, compute hashes, call VirusTotal, and can quarantine or remove files. Those instructions/behaviour (disk-wide scanning, removing/quarantining files) are not clearly surfaced in SKILL.md, which grants the skill broad discretion over local files.
Install Mechanism
No external download/install steps; the skill is designed to run under bun and has no network install URL. There are no archive downloads or third-party package installs in the manifest.
Credentials
The skill requests no cloud credentials up-front and uses a user-provided VirusTotal API key configured via CLI (reasonable). However SKILL.md claims 'secure storage' of the API key while the code persists configuration as plain JSON under ~/.opencode/config (skill-vet.json / security-scan.json), which is not encrypted and may be readable by other local users. Also the skill reads HOME/USERPROFILE and will operate on system paths; this access is broader than the SKILL.md explicitly warns about.
Persistence & Privilege
The code defaults to enabling auto-scan/auto-quarantine behavior in places (loadConfig defaults autoScanOnStartup: true and autoQuarantine: true in startup-scan fallback), and includes functions that copy then rmSync files/directories (quarantine/ removal). While the skill is not marked always:true, these automatic removal/quarantine capabilities give it destructive privileges on the user's skill directory and, in full/local mode, potentially other files on disk. SKILL.md does not make these defaults explicit.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-security-vet
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-security-vet 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
v2.0 - 新增 VirusTotal 整合、啟動自動掃描
v1.0.0
Initial release
元数据
Slug skill-security-vet
版本 2.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Skill Security Vet 是什么?

技能安全審核 - 整合本地掃描 + VirusTotal 雲端威脅情報. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 278 次。

如何安装 Skill Security Vet?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-security-vet」即可一键安装,无需额外配置。

Skill Security Vet 是免费的吗?

是的,Skill Security Vet 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Security Vet 支持哪些平台?

Skill Security Vet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Security Vet?

由 lanew197894fun-cmd(@lanew197894fun-cmd)开发并维护,当前版本 v2.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论