← 返回 Skills 市场
andyxinweiminicloud

Supply Chain Poison Detector

作者 andyxinweiminicloud · GitHub ↗ · v1.0.1
cross-platform ✓ 安全检测通过
486
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install supply-chain-poison-detector
功能描述
Helps detect supply chain poisoning in AI agent marketplace skills. Scans Gene/Capsule validation fields for shell injection, outbound requests, and encoded...
安全使用建议
This skill appears coherent for static supply-chain scanning, but keep these cautions in mind: 1) It will fetch remote assets if you give an EvoMap/URL — avoid giving it URLs that require authentication or that will trigger unintended operations. 2) Do not paste secrets or private files into the scanner input. 3) Because SKILL.md is high-level and provides no concrete script/regex, review the scanner's implementation (or run it in an isolated environment) before relying on results; false negatives are possible. 4) Ensure curl and python3 on your system come from trusted sources. If you need stricter guarantees, request the actual analysis code from the author or run an independent, auditable scanner in a sandbox.
功能分析
Type: OpenClaw Skill Name: supply-chain-poison-detector Version: 1.0.1 The skill 'supply-chain-poison-detector' is a security tool designed to identify malicious patterns (such as shell injection, data exfiltration, encoded payloads, and sensitive file access) within other AI agent skills. Both the `_meta.json` and `SKILL.md` files consistently describe this legitimate security purpose. The required binaries (`curl`, `python3`) are appropriate for its stated function, and there are no instructions or code within the provided files indicating that *this* skill performs any malicious actions itself, nor any prompt injection attempts against the agent.
能力评估
Purpose & Capability
Name/description match the requested resources: a scanner that may fetch assets (curl) and run analysis (python3). No unrelated credentials, config paths, or binaries are requested.
Instruction Scope
SKILL.md describes the scanner behavior and patterns to detect, and accepts pasted JSON/source or an EvoMap asset URL. It does not instruct the agent to read local files or env vars by default, but it will fetch remote assets if given a URL. The document is high-level and does not include an actual analysis script or exact regexes, so behavior depends on the agent's implementation (risk of inconsistent detection and false negatives/positives).
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install posture.
Credentials
No environment variables, secrets, or config paths are requested. Asking for curl and python3 is proportionate to fetching and analyzing remote assets.
Persistence & Privilege
always:false and no special persistence requested. The skill can be invoked autonomously by default (platform normal), but it does not request force-inclusion or system-wide changes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install supply-chain-poison-detector
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /supply-chain-poison-detector 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Agent Card metadata update
v1.0.0
- Initial release of supply-chain-poison-detector. - Scans AI skill assets (Gene/Capsule JSON or source code) for supply chain poisoning indicators. - Detects shell injection, outbound requests, encoded payloads, unauthorized file system access, and suspicious process spawning in skill validation fields. - Produces a structured report with detected patterns, risk rating (CLEAN / SUSPECT / THREAT), and usage recommendations.
元数据
Slug supply-chain-poison-detector
版本 1.0.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Supply Chain Poison Detector 是什么?

Helps detect supply chain poisoning in AI agent marketplace skills. Scans Gene/Capsule validation fields for shell injection, outbound requests, and encoded... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 486 次。

如何安装 Supply Chain Poison Detector?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install supply-chain-poison-detector」即可一键安装,无需额外配置。

Supply Chain Poison Detector 是免费的吗?

是的,Supply Chain Poison Detector 完全免费(开源免费),可自由下载、安装和使用。

Supply Chain Poison Detector 支持哪些平台?

Supply Chain Poison Detector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Supply Chain Poison Detector?

由 andyxinweiminicloud(@andyxinweiminicloud)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论