← 返回 Skills 市场
msgnoki

SkillGuard Scanner

作者 msgnoki · GitHub ↗ · v1.1.0
cross-platform ✓ 安全检测通过
1617
总下载
2
收藏
5
当前安装
2
版本数
在 OpenClaw 中安装
/install skillguard-scanner
功能描述
Security scanner for OpenClaw/ClawHub skills. Detects malware, reverse shells, credential theft, prompt injection, memory poisoning, typosquatting, and suspicious prerequisites before installation. Use when installing new skills, auditing existing skills, checking a skill name for typosquatting, or scanning ClawHub skills for security risks.
安全使用建议
This skill appears to do what it advertises, but treat any security tool as you would any code: (1) Inspect scripts/scanner.py yourself before running (it's included in the bundle). (2) Run it in a restricted environment or with least privilege (do not run as root/administrator). (3) Be aware --fetch-clawhub will use network access and an external 'clawhub' CLI; verify that CLI before using. (4) Review flagged results manually — scanners have false positives and may flag benign tooling. (5) If you plan to automate or allow autonomous invocation, consider the same sandboxing and review controls to limit blast radius.
功能分析
Type: OpenClaw Skill Name: skillguard-scanner Version: 1.1.0 The OpenClaw SkillGuard scanner is a security tool designed to detect malicious patterns, such as reverse shells, obfuscation, credential theft, and data exfiltration, in other OpenClaw skills. Analysis of `scripts/scanner.py` confirms that it identifies these patterns using regex but does not execute them itself. The only external command executed is `clawhub search`, which is benign and safely invoked. The `SKILL.md` and `references/threat-landscape.md` files describe the scanner's purpose and provide examples of threats it detects, without containing any malicious prompt injections or executable code for the agent. All observed behaviors are consistent with a legitimate security scanning utility.
能力评估
Purpose & Capability
The name/description match the included files: SKILL.md documents running scripts/scanner.py to scan skills or check names; the included scanner.py contains heuristics for reverse shells, obfuscation, credential access, typosquatting, etc. No unrelated environment variables, binaries, or install steps are required.
Instruction Scope
Instructions tell the agent/user to run the bundled Python scanner and optionally use --fetch-clawhub (which requires the external 'clawhub' CLI). The scanner will read skill files to look for suspicious patterns (expected). Note: --fetch-clawhub will require network access and the external CLI; review any network-facing operations and where reports are written ({baseDir}/../data/scan_results.json).
Install Mechanism
No install spec — code is shipped in the skill bundle. This is the lowest-risk distribution method (nothing is downloaded or executed automatically during install). The scanner is run explicitly by the user/agent.
Credentials
The skill declares no required environment variables or credentials. The scanner's detection patterns reference common secret names (e.g., OPENAI_API_KEY) only to find them in scanned files; that is appropriate for a scanner and does not imply the skill needs those secrets itself.
Persistence & Privilege
The skill is not always-included and is user-invocable. It does not request persistent agent privileges or modify other skills' configs. It writes a JSON report to a relative data path, which is reasonable for a scanner.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skillguard-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skillguard-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Added security policy engine: human-readable WHY/ACTION blurbs per finding, real-world incident references, enriched JSON output
v1.0.0
Initial release: static analysis, reverse shell/obfuscation/exfiltration detection, memory poisoning, typosquatting, prerequisites attack vector, false positive scoring
元数据
Slug skillguard-scanner
版本 1.1.0
许可证
累计安装 7
当前安装数 5
历史版本数 2
常见问题

SkillGuard Scanner 是什么?

Security scanner for OpenClaw/ClawHub skills. Detects malware, reverse shells, credential theft, prompt injection, memory poisoning, typosquatting, and suspicious prerequisites before installation. Use when installing new skills, auditing existing skills, checking a skill name for typosquatting, or scanning ClawHub skills for security risks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1617 次。

如何安装 SkillGuard Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillguard-scanner」即可一键安装,无需额外配置。

SkillGuard Scanner 是免费的吗?

是的,SkillGuard Scanner 完全免费(开源免费),可自由下载、安装和使用。

SkillGuard Scanner 支持哪些平台?

SkillGuard Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SkillGuard Scanner?

由 msgnoki(@msgnoki)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论