技能详情(站内镜像,无评论)
作者:Ada Vale @AdaInTheLab
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 0 · 540 · 5 current installs · 5 all-time installs
⭐ 0
安装量(当前) 5
🛡 VirusTotal :良性 · OpenClaw :良性
Package:adainthelab/skulk-skill-scanner
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill is internally coherent: it is a static, instruction-only skill that includes a JavaScript static scanner consistent with its name and description and does not request unrelated credentials or install external software.
目的
Name, description, SKILL.md usage, and the included scripts/scanner.js are consistent: the tool is a static analyzer for skill folders and does only file-reading and pattern-matching. It does not request unrelated credentials, binaries, or system privileges.
说明范围
SKILL.md limits runtime actions to running node scripts/scanner.js against a skill folder and describes the scanner's detection categories. This stays within the stated purpose. One design note: the scanner defaults to ignoring its own scripts (shouldIgnore excludes scripts/scanner.js unless --include-self is used), which reduces self-noise but can hide issues in the scanner itself unless the user intentionally self-scans.
安装机制
There is no install spec and no downloads; the skill is instruction-only with a bundled script. Nothing writes new binaries or pulls external code during install — lowest-risk install model.
证书
The skill requires no environment variables or external credentials. The scanner looks for environment-variable usage patterns in target skills (e.g., process.env) but does not itself read the host environment. The hardcoded SAFE_DOMAINS allowlist is a policy choice — it can cause false negatives for otherwise benign domains or false negatives for suspicious domains if the list is overly permissive; changing it requires editing the script.
持久
The skill does not request persistent presence (always:false) and does not modify other skills or agent configuration. It runs when invoked by the user and has no autonomous background behavior.
综合结论
This scanner appears to be what it claims: a static pattern-based skill scanner. Before trusting its results, run it in a sandbox or on a copy of the skill directory (not on system roots), and: (1) run it with --include-self to self-audit the scanner; (2) manually review any FAIL/WARN findings (static checks produce false positives and false negatives); (3) inspect and if needed customize SAFE_DOMAINS to match your environment; (4) remember it…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Skulk Skill Scanner」。简介:Scan OpenClaw skill folders for security red flags before installing or publish…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adainthelab/skulk-skill-scanner/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: skulk-skill-scanner
description: "Scan OpenClaw skill folders for security red flags before installing or publishing. Detects data exfiltration, credential theft, prompt injection, destructive commands, obfuscation, privilege escalation, and supply chain risks. Use when: evaluating a skill from ClawHub before install, auditing your own skills before publishing, or reviewing any SKILL.md for safety. NOT for: general code review or vulnerability scanning of non-skill codebases."
---
# Skill Scanner
Security scanner for OpenClaw agent skills. Static analysis for red flags.
## Usage
```bash
node scripts/scanner.js <path-to-skill> [--verbose] [--json] [--summary] [--ignore <path>] [--include-self]
```
## Examples
```bash
# Scan a downloaded skill folder before enabling it
clawhub inspect some-skill
node scripts/scanner.js ./skills/some-skill --verbose
# Scan your own skill before publishing
node scripts/scanner.js ./skills/my-skill
# JSON output for automation
node scripts/scanner.js ./skills/my-skill --json
# One-line summary output for heartbeat checks
node scripts/scanner.js ./skills/my-skill --summary
# Include scanner internals (off by default to reduce self-scan noise)
node scripts/scanner.js ./skills/skulk-skill-scanner --include-self
```
## What It Catches
| Severity | Flags |
|----------|-------|
| 🔴 Critical | Data exfiltration, credential access, safety overrides, destructive commands |
| 🟠 High | Obfuscation (base64/eval), unknown network access, env scanning, privilege escalation, hidden instructions |
| 🟡 Medium | Writes outside workspace, package installs (supply chain), messaging on user's behalf, persistent timers/automation |
| 🔵 Info | API key references, broad tool access requests |
## Scoring
- Each unique rule deducts points: critical=30, high=15, medium=5, info=0
- Score 75-100: ✅ PASS
- Score 50-74: ⚠️ WARN
- Score 0-49 or any critical: ❌ FAIL
- Exit code 1 on FAIL (CI-friendly)
## Safe Domain Allowlist
Known legitimate API domains are allowlisted to reduce false positives on network-related rules. Edit the `SAFE_DOMAINS` array in `scripts/scanner.js` to customize.
## Limitations
This is static pattern matching — it catches obvious and moderately obfuscated attacks but cannot detect:
- Sophisticated multi-step social engineering
- Runtime-generated URLs or dynamic exfiltration
- Attacks that look identical to legitimate skill behavior
It's a first line of defense, not a guarantee. Always review skills manually before granting sensitive access.