← 返回 Skills 市场
669
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-trust-guard
功能描述
Enforces skill-trust-scanner security checks before installing skills, blocking or alerting based on risk scores to reduce supply chain threats.
安全使用建议
This package implements exactly what it says (wraps 'clawhub install' and runs a scanner) but contains a couple of red flags you should address before using it: (1) it expects a scanner at a hard-coded developer path (/home/guofeng/...), so by default it will fail on most machines or — if that path exists — run whatever code is there; (2) the pre-install hook uses 'npx tsx' which can fetch and run code from npm at runtime; (3) integrate.sh installs a PATH shim that will intercept all future 'clawhub install' calls. Recommended steps before installing/integrating: inspect the scanner CLI source you plan to point to (set SCANNER_ROOT/SCANNER_CLI to a trusted local copy or a vetted release), run install.sh on a harmless local skill to observe behavior, avoid running integrate.sh until you trust the scanner (or back up your clawhub binary path), and prefer bundling or referencing a released scanner package (GitHub release or published npm package) rather than relying on a hard-coded developer path. If you want a safer posture, ask the author for a packaged scanner dependency or a verified install mechanism.
功能分析
Type: OpenClaw Skill
Name: skill-trust-guard
Version: 1.0.0
The skill-trust-guard is designed as a security measure to scan and block malicious OpenClaw skills, as evidenced by its stated purpose and test reports (TEST_REPORT.md explicitly mentions blocking skills that 'read ~/.clawdbot/.env + exfiltrate to a malicious domain'). However, it is classified as 'suspicious' due to its critical reliance on an external, unprovided 'skill-trust-scanner' (hardcoded path in hooks/pre-install.sh: /home/guofeng/clawd/skill-trust-scanner/src/cli.ts), making its core security logic a black box. Furthermore, the install.sh script performs actions like 'git clone' and 'clawhub install' (for temporary fetching) *before* the skill is fully scanned, which could expose the system to pre-scan execution risks (e.g., git hooks or clawhub pre-install scripts from untrusted skills).
能力评估
Purpose & Capability
The name/description (enforce a pre-install scanner) matches what the scripts do (wrapper + pre-install hook + shim). However the scanner dependency is hard-coded to /home/guofeng/clawd/skill-trust-scanner/src/cli.ts by default, which is specific to the author's environment and not explained in the metadata — this will either fail for users or cause the wrapper to run an arbitrary local script if that path exists. That hard-coded path is unexpected for a distributable skill.
Instruction Scope
SKILL.md and the scripts are focused on scanning a skill directory and making allow/warn/reject decisions. The runtime instructions do not attempt to read unrelated system files themselves (they delegate scanning to an external scanner). The wrapper intercepts 'clawhub install' via a PATH shim as documented, which is consistent with the stated goal.
Install Mechanism
There is no packaged install spec (instruction-only with scripts). The pre-install hook uses 'npx tsx' to execute a TypeScript CLI at a user-expected path; running 'npx' may fetch tools from npm at runtime if tsx is not present, which introduces network code execution. The hard-coded scanner path increases fragility and risk because the skill expects an external project present on disk rather than bundling or installing a vetted scanner from a known release host.
Credentials
The skill does not request credentials or config paths beyond optional SCANNER_ROOT/SCANNER_CLI overrides. It does not try to read or exfiltrate environment variables itself. The only notable env usage is allowing override of the scanner path, which is reasonable but means the scanner run will have whatever access that scanner has.
Persistence & Privilege
The integrate.sh installs a shim in ~/.openclaw/bin and instructs users to add it to PATH, which gives the skill persistent interception of 'clawhub install' when that PATH entry is earlier. This is consistent with the purpose but is a behavior that can affect all future installs and should be consciously accepted by the user. The skill is not 'always: true' and does not modify other skill configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-trust-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-trust-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-trust-guard:
- Enforces a mandatory skill security scan (skill-trust-scanner) before installation.
- Blocks installation of high-risk skills (score < 50), warns for medium risk, and allows low-risk skills.
- Integrates seamlessly with existing CLI usage, including a PATH shim for automatic protection.
- Includes reusable hooks and documented integration steps.
元数据
常见问题
Skill Trust Guard 是什么?
Enforces skill-trust-scanner security checks before installing skills, blocking or alerting based on risk scores to reduce supply chain threats. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 669 次。
如何安装 Skill Trust Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-trust-guard」即可一键安装,无需额外配置。
Skill Trust Guard 是免费的吗?
是的,Skill Trust Guard 完全免费(开源免费),可自由下载、安装和使用。
Skill Trust Guard 支持哪些平台?
Skill Trust Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Trust Guard?
由 Flynn Guo(@walkman1w)开发并维护,当前版本 v1.0.0。
推荐 Skills