← 返回 Skills 市场
Vulnerability Scanner
作者
brandonwise
· GitHub ↗
· v1.0.0
1299
总下载
0
收藏
8
当前安装
1
版本数
在 OpenClaw 中安装
/install vulnerability-scanner
功能描述
Performs static analysis for OWASP 2025 risks, supply chain threats, secrets detection, code patterns, and prioritizes vulnerabilities by exploitability and...
安全使用建议
This package appears to be a normal, self-contained source-code vulnerability scanner. Before running it: (1) run it on a copy of the target repository (not on a sensitive production directory), (2) be aware that it will read many files and may report secrets — treat reported results carefully, and do not leak findings to public outputs, (3) npm audit may contact the network/registry if package.json exists, so run in an environment where network activity is acceptable, (4) inspect the included script yourself if you have concerns (it uses subprocess.run and file I/O), and (5) run scans with least privilege or in an isolated container if you want to limit side effects.
功能分析
Type: OpenClaw Skill
Name: vulnerability-scanner
Version: 1.0.0
The OpenClaw skill 'vulnerability-scanner' is classified as benign. The `SKILL.md` provides detailed, legitimate instructions for a security scanner and contains no prompt injection attempts. The core script `scripts/security_scan.py` correctly implements the stated purpose, performing static analysis for secrets, dangerous code patterns, and configuration issues within a specified project path. It uses `subprocess.run` to execute `npm audit`, which is a standard security tool, and reads files only within the designated project directory. There is no evidence of data exfiltration, unauthorized system modification, or malicious execution beyond its stated function of identifying vulnerabilities.
能力评估
Purpose & Capability
Name/description (vulnerability scanning, OWASP/supply-chain/secrets) match the included SKILL.md and the provided Python scanner script; no unrelated environment variables, binaries, or external credentials are requested.
Instruction Scope
SKILL.md instructs running the included script against a project path. The script legitimately reads project files (code/config) and runs local checks. It also invokes subprocesses (e.g., 'npm audit' when package.json exists) which may contact package registries — expected for dependency scanning but worth noting since it can reach the network and produce potentially sensitive output (e.g., detected secrets).
Install Mechanism
No install specification — instruction-only skill with a bundled script. Nothing is downloaded or written by an installer step.
Credentials
The skill declares no required env vars or credentials. The scanner searches files for secrets and patterns, which is appropriate for its stated purpose. There are no requests for unrelated service credentials or config paths.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request persistent system-wide privileges or modify other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vulnerability-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/vulnerability-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: OWASP 2025, supply chain security, secret detection, code pattern analysis
元数据
常见问题
Vulnerability Scanner 是什么?
Performs static analysis for OWASP 2025 risks, supply chain threats, secrets detection, code patterns, and prioritizes vulnerabilities by exploitability and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1299 次。
如何安装 Vulnerability Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vulnerability-scanner」即可一键安装,无需额外配置。
Vulnerability Scanner 是免费的吗?
是的,Vulnerability Scanner 完全免费(开源免费),可自由下载、安装和使用。
Vulnerability Scanner 支持哪些平台?
Vulnerability Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vulnerability Scanner?
由 brandonwise(@brandonwise)开发并维护,当前版本 v1.0.0。
推荐 Skills