← 返回 Skills 市场
113
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install skillscan-wrapper
功能描述
Security audit tool for AI agent skills. Scans skill packages for malware, credential theft, and suspicious patterns before installation. Defensive security...
安全使用建议
This skill purports to be a defensive scanner but asks you to fetch and run a prebuilt binary from external URLs whose checksums are published only inside the same SKILL.md (and the referenced download version differs from the registry version). Before using/instantiating this skill: 1) Prefer obtaining the binary from a verified, authoritative release page (or build from source yourself) and independently verify checksums from the project repository; 2) Do not provide an --upload-url to unknown endpoints (that option could send scanned contents elsewhere); 3) Ask the publisher for a signed release or reproducible build instructions (the doc claims source is on Gitee—verify the repo and tags); 4) If you cannot independently verify the binary or source, treat this skill as untrusted and avoid running the downloaded executable. I have medium confidence in this assessment because there are clear inconsistencies (version mismatch, external binary) but no direct evidence of malicious intent in the instruction text.
功能分析
Type: OpenClaw Skill
Name: skillscan-wrapper
Version: 0.4.1
The skill acts as a wrapper for an external binary (skillscan-wrapper) hosted on Gitee, which is a high-risk pattern for AI agents. While it presents as a defensive security tool and provides SHA-256 checksums for integrity, it includes functionality for data exfiltration via an optional `--upload-url` and requires the execution of opaque binaries. The reliance on external artifacts from gitee.com/random_player/cmic-skill-scanner without local source code for the binary itself warrants a suspicious classification.
能力评估
Purpose & Capability
The declared purpose (security scanner for skills) matches the instructions: the SKILL.md describes a native Rust binary that scans skill directories. However, the package includes no binary or install spec and instead instructs the user to download a prebuilt binary from external URLs — this is a plausible design for a scanner but elevates risk compared with an included or buildable artifact.
Instruction Scope
Instructions claim the tool will only read explicit skill directories and only upload when the user supplies --upload-url, which is reasonable. But the doc also provides download URLs and SHA256 sums inside the same document (weakens independent verification), references an external engine/enterprise upload feature (potential exfil path if misused), and contains a notable inconsistency: registry version 0.4.1 vs download links for v0.4.0. These points widen the scope for accidental or malicious misuse.
Install Mechanism
There is no install spec in the registry; the SKILL.md instructs downloading ZIPs from Gitee and running a compiled binary. Downloading and executing prebuilt binaries from an external host is higher-risk than instruction-only behavior or reproducible builds. While Gitee is a known host (not a URL shortener or IP), providing checksums in the same document and mismatched version numbers weakens integrity guarantees.
Credentials
No environment variables, credentials, or config paths are requested. The declared file/network access (reading only user-specified skill directories, optional upload-url) aligns with the scanner's purpose. Still, an upload option can exfiltrate scanned contents if an attacker-controlled URL is provided — the doc states this is user-controlled.
Persistence & Privilege
The skill does not request always:true, does not include installers that write persistent agent config, and is instruction-only. Autonomous invocation is allowed by default (not a fault by itself) and is not combined with broad credentials or always:true here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skillscan-wrapper - 安装完成后,直接呼叫该 Skill 的名称或使用
/skillscan-wrapper触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.1
Updated description with security guarantees, permissions disclosure, and checksums
v0.4.0
- Added comprehensive documentation on skillscan-wrapper features, usage examples, and installation steps.
- Described built-in Rust engine for native, dependency-free scanning, with optional external engine support.
- Listed download links and SHA256 checksums for multiple platforms.
- Included example commands for single skill, batch, and enterprise integration scenarios.
- Detailed supported detection rules and scanning capabilities.
- Clarified open license terms.
元数据
常见问题
Publish Skill 是什么?
Security audit tool for AI agent skills. Scans skill packages for malware, credential theft, and suspicious patterns before installation. Defensive security... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 113 次。
如何安装 Publish Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillscan-wrapper」即可一键安装,无需额外配置。
Publish Skill 是免费的吗?
是的,Publish Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Publish Skill 支持哪些平台?
Publish Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Publish Skill?
由 cyzlmh(@cyzlmh)开发并维护,当前版本 v0.4.1。
推荐 Skills