技能详情(站内镜像,无评论)
作者:Rapi @0xRapi
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 356 · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :良性 · OpenClaw :良性
Package:0xrapi/isnad-scan
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill is internally consistent with being a wrapper/integration for an external scanner (isnad-scan); it requests the expected binary and shows reasonable usage, but there are small ambiguities about installation metadata and whether the scanner performs network calls or any dynamic execution during scanning.
目的
Name/description (a scanner) matches the declared requirement: the isnad-scan binary. No unrelated env vars, config paths, or surprising binaries are requested.
说明范围
SKILL.md only instructs running the scanner on a path and shows flags and a Python API. This stays within the stated purpose. Caveats: using --cve implies network queries to OSV.dev (expected for CVE checks) and the Python import example means the package code will be imported into the agent process — SKILL.md does not state whether the scanner performs any dynamic execution of scanned code or telemetry/remote submission of findings.
安装机制
SKILL.md includes a pipx install entry for isnad-scan (PyPI), which is a standard mechanism. The registry metadata noted 'No install spec', creating a minor inconsistency between declared registry install specs and the SKILL.md. Installing from PyPI via pipx is moderate risk but expected for a Python tool; there are no ad-hoc downloads or unknown URLs.
证书
No environment variables or credentials are requested, which is proportionate to a scanner. The only external access implied is CVE lookups (public OSV.dev) and possibly GitHub/PyPI lookups referenced in the README links.
持久
always is false and the skill is user-invocable; it does not request persistent elevated presence or attempt to modify other skills. Autonomous invocation is allowed (platform default) but not by itself a concern here.
综合结论
This skill appears to be a thin integration for the isnad-scan tool and is coherent with its description. Before installing: (1) verify the pip package and GitHub repo (pip install isnad-scan / https://github.com/counterspec/isnad) to ensure you trust the upstream maintainer; (2) if you care about privacy, run scans on copies of sensitive data and be aware that --cve will perform network queries to OSV.dev; (3) inspect the isnad-scan package s…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「isnad-scan」。简介:Scan AI agent skills for security vulnerabilities — detects code injection, pro…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0xrapi/isnad-scan/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。