技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v2.0.0
统计:⭐ 7 · 1.8k · 9 current installs · 9 all-time installs
⭐ 7
安装量(当前) 9
🛡 VirusTotal :良性 · OpenClaw :良性
Package:anikrahman0/security-skill-scanner
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code, documentation, and runtime instructions are coherent with a local, pattern-based SKILL.md scanner and do not request unrelated credentials or elevated persistent privileges.
目的
Name/description match the provided artifacts: scanner.js, test.js, examples, and a SKILL.md that documents CLI and programmatic usage. No unrelated environment variables, binaries, or install hooks are requested. The files and examples justify the scanner purpose.
说明范围
SKILL.md instructs the agent to read skill markdown and optionally run scanner.js locally; it also documents scanning an installed-skills directory (~/.openclaw/skills/). That read access is appropriate for the task, but the scanner searches arbitrary files and will surface anything it finds (including sensitive content embedded in skills). The project uses broad regexes (e.g., backticks, template string, ${...}) which the README already warns…
安装机制
No install spec is provided (instruction-only skill for OpenClaw) and the included Node.js scripts have no external package downloads. scanner.js is a single-file, zero-dependency Node tool (shebang present). This is low-risk compared to remote downloads or executing fetched archives.
证书
The skill requests no environment variables or credentials. It does require read access to skill files/directories to operate (explicitly documented). That file access is proportionate to its purpose but could expose secrets if those appear in scanned files — the README properly warns users to review flagged items manually.
持久
Flags: always is false and the skill is user-invocable. The scanner declares itself read-only and the code reads files but does not attempt to persist changes or modify other skills/config. No evidence of system-wide config modification or forced persistence.
综合结论
This scanner appears to be what it claims: a local, regex-based SKILL.md scanner. Before running it, review the included scanner.js yourself (it's provided) and run it in a safe environment. Be aware: the tool intentionally uses broad regexes and will produce false positives (the README documents this). When scanning a directory, the scanner will read all files you point it at — do not scan directories that contain secrets you don't want a too…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Security Skill Scanner」。简介:Scans OpenClaw skills for security vulnerabilities and suspicious patterns befo…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/anikrahman0/security-skill-scanner/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。