技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 1 · 32 · 0 current installs · 0 all-time installs
⭐ 1
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:auroraproudmoore/java-audit-skill
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's files, scripts, and runtime instructions are coherent with an AI-driven Java code-audit purpose and do not request unexplained credentials or perform unexpected installs.
目的
Name/description match the included artifacts: Python and shell audit scripts, Semgrep rule sets, and documentation implement a Java/Kotlin code-audit workflow. Required tools (rg, grep, semgrep optional) and reading pom.xml/build.gradle are consistent with auditing tasks.
说明范围
SKILL.md and scripts instruct the agent to scan the target repository, read files (source, pom/build files, configs), run local shell/python scripts, and optionally perform web searches to check dependency CVEs. Reading the project tree and creating local audit output files is expected; network lookups for CVE info are allowed by the spec and should be expected behavior but will cause external network access if the agent uses them.
安装机制
No install spec; this is instruction-plus-code packaged with the skill. All code is present in the repository and no remote downloads or extract steps are required. Optional dependencies (semgrep, tree-sitter) are declared in requirements but not forcibly installed.
证书
The skill does not declare or require environment variables, credentials, or config paths beyond standard filesystem access to the project being audited. Scripts search for secrets in target files but do not request external tokens/keys.
持久
always:false and user-invocable. The skill writes audit results to local output files (audit-output/ etc.), which is normal for a scanner. It does not request permanent platform-wide privileges or modify other skills' configs.
综合结论
This skill appears to be what it claims: a Java/Kotlin code-audit framework. Before installing or running it: (1) Review the included scripts (scripts/*.sh, scripts/java_audit.py) yourself or run them in a disposable container/VM, since they will read all files under the target repo and write audit outputs; (2) Expect optional network access if you enable dependency CVE lookups or the 'web_search' steps in the SKILL.md; (3) No credentials are …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Java Security Audit - AI驱动的Java代码审计」。简介:AI驱动的Java代码安全审计技能,实现系统化、高覆盖率的漏洞挖掘。使用场景: (1) 审计Java/Kotlin项目寻找安全漏洞(0day挖掘、代码审计、安…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/auroraproudmoore/java-audit-skill/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。