技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.14
统计:⭐ 79 · 1.3k · 17 current installs · 17 all-time installs
⭐ 79
安装量(当前) 17
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:aigsec/edgeone-clawscan
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's behavior largely matches its stated purpose (OpenClaw security scans with cloud threat lookups), but there are a few inconsistencies and privacy/attribution concerns you should verify before installing or running it against production systems.
目的
The skill claims to be a Tencent Zhuque Lab product and implements OpenClaw security scanning; requiring the openclaw binary and performing supply-chain and CVE lookups is consistent with that purpose. However the registry metadata's Owner ID and 'Source: unknown' do not prove the publisher is Tencent — the SKILL.md claims Tencent authorship while the package registry identity is not clearly Tencent-controlled. Confirm the publisher and proven…
说明范围
Instructions explicitly perform local configuration audits (reads openclaw.json and installed-skill metadata) and run a live probe (openclaw security audit --deep) against the locally configured Gateway; that is within scope for a security scanner. The skill also instructs outbound requests to a cloud threat-intel endpoint; the SKILL.md documents what data is sent (skill_name, source, OpenClaw + version). Review whether sending these fields to…
安装机制
Instruction-only skill with no install spec and no code files. This is low-risk from an install perspective because nothing is downloaded or written by the skill itself.
证书
No required credentials are requested and the only required binary is openclaw, which is proportionate. The optional AIG_BASE_URL env var lets you point lookups to a self-hosted instance — useful for privacy. Still, outbound network calls to the Tencent endpoint will occur by default; if that is a privacy concern, override AIG_BASE_URL or avoid running cloud lookups.
持久
The skill is not flagged always:true and does not request elevated persistence. Model invocation is allowed (normal), so the agent could call the skill autonomously — this is expected behavior for user-invocable skills and is not by itself a red flag.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「EdgeOne ClawScan」。简介:The first security skill to install after setting up OpenClaw — powered by Tenc…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aigsec/edgeone-clawscan/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。