技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 506 · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :良性 · OpenClaw :良性
Package:aiwithabidi/agxntsix-skill-auditor
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill is internally coherent for the stated purpose (a local quarantine + scanner) and contains no obvious exfiltration or install-time downloads, but a few minor inconsistencies and a prompt-injection signature in the provided docs merit a quick human check before trusting it automatically.
目的
Name/description match included artifacts: a quarantine shell script and a Python scanner are present and their behavior (copy into a temp directory, scan files, produce JSON/human reports, optionally copy to production skills dir) aligns with a 'Skill Auditor'. No unrelated credentials or external services are requested.
说明范围
Runtime instructions direct the agent/operator to quarantine the skill and run the included scanner — scope is appropriate. Two items to note: (1) SKILL.md states it is 'Automatically triggered before any skill installation' whereas the registry metadata sets always:false (a mismatch to confirm). (2) SKILL.md contains an instruction to 'always show Abidi the full findings' — this is ambiguous (who/where is Abidi?) and implies a required human …
安装机制
No install spec / no external downloads. The package is instruction+scripts only and uses only local copy/scan operations. This is low-risk compared with skills that fetch remote code or run installers.
证书
No environment variables, credentials, or suspicious config paths are requested. The scanner itself looks for environment-access patterns in target skill code (appropriate for an auditor) but does not itself request secrets.
持久
always:false (normal). The scripts can copy files into the production skills directory if the user consents during the quarantine workflow — expected for an installer/auditor. Confirm whether you want the 'Automatically triggered before any skill installation' behavior claimed in docs to be implemented, since that would require platform-side hooks or always:true.
综合结论
This skill appears to implement a sensible local quarantine + scanner and does not demand credentials or download remote code, so it's reasonable to use. Before installing or enabling it automatically: 1) Manually review the audit output and the quarantine directory the first few times to ensure no report is being sent to unknown endpoints. 2) Confirm the ambiguous instruction to 'show Abidi the full findings' — identify who/where 'Abidi' is a…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Skill Auditor」。简介:Security audit and quarantine system for third-party OpenClaw skills. Use when …。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aiwithabidi/agxntsix-skill-auditor/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: skill-auditor
description: Security audit and quarantine system for third-party OpenClaw skills. Use when evaluating, reviewing, or installing any skill from ClawHub or external sources. Automatically triggered before any skill installation.
---
# Skill Auditor
Security gatekeeper for third-party skill installation. **No skill gets installed without passing audit.**
## When to Use
- Before installing ANY skill from ClawHub or external sources
- When asked to review/evaluate a skill's safety
- When `clawhub install` or similar installation is requested
## Audit Workflow
### 1. Quarantine First
Never copy a skill directly to the production skills directory. Always quarantine first:
```bash
bash skills/skill-auditor/scripts/quarantine.sh /path/to/skill-source
```
This copies the skill to a temp directory, runs the full audit, and only allows installation if the risk score is CLEAN or LOW.
### 2. Manual Audit (Python Script Directly)
For inspection without the quarantine wrapper:
```bash
python3 skills/skill-auditor/scripts/audit_skill.py /path/to/skill-dir
```
Outputs JSON report to stdout. Add `--human` for formatted text output.
### 3. Interpreting Results
| Rating | Action |
|--------|--------|
| CLEAN | Safe to install |
| LOW | Safe, minor notes — review findings briefly |
| MEDIUM | **Do NOT install** without manual review of each finding |
| HIGH | **Block installation** — likely malicious patterns detected |
| CRITICAL | **Block immediately** — active threat indicators (exfil, prompt injection, obfuscated payloads) |
### 4. Exit Codes
- `0` = CLEAN or LOW (safe)
- `1` = MEDIUM (needs review)
- `2` = HIGH or CRITICAL (blocked)
## What Gets Scanned
- All files: inventory, sizes, suspicious file types
- Code: shell commands, network calls, env access, filesystem escape, obfuscation, dynamic imports
- SKILL.md: prompt injection patterns, permission scope requests
- Dependencies: requirements.txt / package.json flagged packages
- Encoding: base64 payloads, hex/unicode escapes, string manipulation tricks
## References
- `references/known-patterns.md` — catalog of real attack patterns from ClawHub
- `references/prompt-injection-patterns.md` — prompt injection signatures to detect
## Important
If a skill scores MEDIUM or above, **always show Abidi the full findings** before taking any action. Never override or bypass the auditor. This is the last line of defense before untrusted code enters the system.