技能详情(站内镜像,无评论)
作者:Terry S Fisher @43622283
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.0.2
统计:⭐ 0 · 19 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :良性 · OpenClaw :良性
Package:43622283/li-python-sec-check
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill implements a local Python security scanner and optional LLM-based analysis; its files, env usage, and runtime behavior are consistent with the description (LLM/network access is optional and only used when explicitly enabled).
目的
Name/description (Python security checks + optional LLM) matches the included code and docs. The code implements static checks, privacy/data checks, and an optional LLM analyzer. No unrelated credentials or binaries are required.
说明范围
SKILL.md and SECURITY_AND_PRIVACY.md clearly state core checks run locally and that LLM analysis is opt-in via --llm. The LLM module will send code snippets and scan results to the configured API only when an API key is present / LLM is enabled. You should still inspect scripts/python_sec_check.py to confirm LLM calls are gated by the CLI flag before enabling networked analysis.
安装机制
No install spec; package is shipped as code files (no remote downloads at install time). This is low-risk. The only network use is in the optional LLM analyzer which uses requests when an API key is provided.
证书
No required environment variables. Optional env vars (LLM_API_KEY, LLM_API_BASE) are reasonable and documented for the LLM feature. The skill does not request unrelated secrets or system config paths.
持久
always:false and no special privileges are requested. Autonomous invocation is allowed by default (platform standard). If you enable LLM/networking and the agent is allowed to call the skill autonomously, that combination increases blast radius because code snippets can be sent to the configured endpoint — but the skill itself documents and requires explicit LLM usage.
examples/unsafe-example/app.py:36
Dynamic code execution detected.
scripts/python_sec_check.py:257
Dynamic code execution detected.
综合结论
This skill is coherent with its purpose, but follow these precautions before use: 1) Do not enable --llm when scanning sensitive or private code unless you trust and control the configured API endpoint. 2) If you must use LLM analysis in an enterprise, set LLM_API_BASE to an internal/private LLM and provide a dedicated key. 3) Inspect scripts/python_sec_check.py and scripts/llm_analyzer.py to confirm LLM calls are only made when the CLI flag i…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Li Python Sec Check」。简介:Python 安全规范检查工具 - 基于 CloudBase 规范 + 腾讯安全指南 + LLM 智能分析(LLM 功能默认禁用,本地执行优先)。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/43622283/li-python-sec-check/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。