← 返回 Skills 市场
2955
总下载
10
收藏
10
当前安装
2
版本数
在 OpenClaw 中安装
/install skillscanner
功能描述
Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.
安全使用建议
This skill is internally consistent: it sends a ClawHub skill URL to ai.gendigital.com and uses the returned status/severity. Before installing, confirm you trust the external service (ai.gendigital.com) because the skill will transmit each scanned skill URL there. Check whether the API requires authentication (the skill provides no auth flow) and prefer scanning in a sandbox or using manual review for high‑risk skills. Because the package has no homepage or source link, prefer caution — verify the operator (Gen Digital) independently if you will rely on these scan results.
功能分析
Type: OpenClaw Skill
Name: skillscanner
Version: 1.0.1
The skill 'skillscanner' is designed to check the safety of other ClawHub skills by querying a specific API endpoint (`https://ai.gendigital.com/api/scan/lookup`). The `SKILL.md` file contains clear instructions for the agent to make a `curl` POST request with the target skill's URL. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent to perform actions beyond its stated purpose. The 'Why This Matters' section describes general risks of untrusted skills, not actions this specific skill performs.
能力评估
Purpose & Capability
Name and description say it looks up ClawHub skill safety via a scan API, and the SKILL.md instructs exactly that (POST to https://ai.gendigital.com/api/scan/lookup with the ClawHub URL). No unrelated credentials, binaries, or installs are requested. Note: source/homepage are missing, but that does not make the functionality incoherent.
Instruction Scope
Runtime instructions are narrow: perform a single HTTP POST with the skill URL and interpret status and severity fields. The instructions do not ask the agent to read files, env vars, or other local data. The only data transmitted is the skill URL (which may include author/slug).
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk or installed by the skill.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not attempt to access unrelated secrets. One caveat: the SKILL.md provides no auth flow; if the API required credentials this skill does not handle them.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skill/system settings. Autonomous invocation is allowed (platform default) but not excessive for this utility.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skillscanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/skillscanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added _meta.json file for metadata management.
- No changes to existing skill logic or documentation.
v1.0.0
- Initial release of skillscanner, a security scanner for ClawHub skills.
- Allows users to check skill safety using the scan API with a ClawHub skill URL.
- Provides clear instructions for scanning, interpreting the response, and handling different verdicts.
- Advises users to proceed only if status is "done" and severity is "SAFE"; otherwise, caution is recommended.
- Outlines key risks of untrusted skills and notes limitations of automated scanning.
元数据
常见问题
Skillscanner 是什么?
Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2955 次。
如何安装 Skillscanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillscanner」即可一键安装,无需额外配置。
Skillscanner 是免费的吗?
是的,Skillscanner 完全免费(开源免费),可自由下载、安装和使用。
Skillscanner 支持哪些平台?
Skillscanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skillscanner?
由 rexshang(@rexshang)开发并维护,当前版本 v1.0.1。
推荐 Skills