技能详情(站内镜像,无评论)
作者:azzar budiyanto @1999AZZAR
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.1.0
统计:⭐ 0 · 805 · 4 current installs · 4 all-time installs
⭐ 0
安装量(当前) 4
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:1999azzar/security-guardian
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill's files and runtime instructions are consistent with an automated secret- and container-scanning tool; nothing in the package requests unrelated credentials or network exfiltration, but the skill has no provenance (no homepage/source owner info) so exercise caution.
目的
Name/description (secret scanning + Trivy container scans) matches the included files and runtime instructions. The repository contains a secrets scanner and a Trivy wrapper. The SKILL.md references mema-vault for remediation, which is coherent with the stated purpose.
说明范围
SKILL.md instructs only local scans and Trivy usage. The provided scripts scan files or images only and do not reference external endpoints or collect/transmit secrets. The Python scanner explicitly blocks scanning system roots unless --force is used, and the container script delegates to the host's Trivy.
安装机制
No install spec (instruction-only) and two small scripts are included. The only external requirement is the user-installed trivy binary for container scanning, which is documented in the SKILL.md.
证书
The skill does not request environment variables, credentials, or config paths. The scripts do not read secrets from environment variables or attempt to persist/authenticate to external services. Use of a vault (mema-vault) is suggested for remediation, but that integration is advisory rather than automatic.
持久
The skill is not force-included (always:false), does not request persistent system-wide changes, and does not modify other skills' configs. Autonomous invocation is allowed by default (platform behavior) but is not combined with other concerning privileges here.
综合结论
What to consider before installing: - Code review: The packaged scripts are small and readable; review them yourself before running. The skill has no homepage or provenance, which lowers trust — prefer skills with verified sources. - Run scope: Use the tool only on intended project workspace paths. The secret scanner blocks system roots by default; avoid using --force unless you explicitly intend to scan system directories. - Handling findings…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Security Guardian」。简介:Automated security auditing for OpenClaw projects. Scans for hardcoded secrets …。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/1999azzar/security-guardian/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。