← 返回 Skills 市场
mike007jd

Skill Sentinel

作者 mike007jd · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
153
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-sentinel
功能描述
Scan OpenClaw skill directories for high-signal security risks such as download-and-execute chains, obfuscated execution, and suspicious callbacks.
安全使用建议
ClawShield appears to be what it says: a local static scanner implemented in Node. Before installing or running it: 1) Be aware it will read text files in the target directory and will include matching line snippets (up to 160 chars) in outputs—this can surface secrets if you point it at repos containing .env or other secrets. Avoid scanning directories with sensitive credentials unless you run the tool in a safe, isolated environment. 2) The tool supports suppressions stored in .clawshield-suppressions.json but only honors entries with non-empty justifications—review suppressions carefully before relying on them in CI. 3) There are no network calls or credentials requested by the tool itself, and it doesn't modify other skills or system settings. If you plan to automate this in CI, ensure SARIF/JSON outputs are consumed only by trusted systems and that you don't inadvertently expose scanned content publicly.
功能分析
Type: OpenClaw Skill Name: skill-sentinel Version: 1.0.0 ClawShield is a static security scanner designed to detect high-risk patterns in OpenClaw skills, such as download-and-execute chains, obfuscated code, and social engineering prompts. The bundle includes intentional security violations within a `fixtures/` directory (e.g., `fixtures/malicious-skill/scripts/install.sh` and `fixtures/malicious-skill/SKILL.md`) specifically for testing its detection logic. The core implementation in `src/index.js` is a straightforward regex-based scanner, and the instructions in `SKILL.md` are consistent with its stated purpose as a security utility.
能力评估
Purpose & Capability
The skill is described as a static scanner for risky skill patterns and the code implements exactly that. The declared required binary (node) and the CLI entrypoint (bin/clawshield.js -> src/index.js) are appropriate. The included fixtures and tests exercise the scanner behavior, which is consistent with the description.
Instruction Scope
The SKILL.md instructs running the CLI to scan a skill directory and to use suppressions and SARIF output—this matches the implementation. One relevant scope detail: the scanner will read files it deems text, and it explicitly includes a top-level .env file in scans. The tool captures snippets of matching lines (up to 160 chars) and will therefore surface contents of files it reads. The README/SKILL.md do not explicitly warn that .env will be scanned or that sensitive secrets might appear in outputs, so users should avoid pointing the scanner at directories containing secrets if those outputs will be shared.
Install Mechanism
No install spec is provided (instruction-only skill) and the code bundle is contained in the skill. There are no remote downloads or archive extracts performed by installation. Running the tool requires only Node.js, which is reasonable for a Node-based CLI.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate to a local static scanner.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system configuration. It is user-invocable and can run autonomously by an agent (the platform default), which is appropriate for a CLI scanner.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-sentinel
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-sentinel 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. Static security scanner for OpenClaw skill directories with risk scoring, SARIF export, and CI-friendly checks.
元数据
Slug skill-sentinel
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Skill Sentinel 是什么?

Scan OpenClaw skill directories for high-signal security risks such as download-and-execute chains, obfuscated execution, and suspicious callbacks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 153 次。

如何安装 Skill Sentinel?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-sentinel」即可一键安装,无需额外配置。

Skill Sentinel 是免费的吗?

是的,Skill Sentinel 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Sentinel 支持哪些平台?

Skill Sentinel 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Sentinel?

由 mike007jd(@mike007jd)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论