技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.4.0
统计:⭐ 0 · 447 · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:aviclaw/slither-audit
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill's code and instructions align with its stated purpose (running Slither on local Solidity files); it requires a local Slither install but does not request unrelated credentials, network exfiltration, or persistent privileges.
目的
The name/description (Slither static analysis) matches the included script and prompts. Minor inconsistency: the skill metadata lists no required binaries, but both SKILL.md and slither-audit.py expect a local 'slither' CLI to be installed (SKILL.md suggests 'pip install slither-analyzer'). This is expected for the stated purpose but the binary requirement is not declared in the metadata.
说明范围
SKILL.md and detect.md clearly limit operations to local Solidity files and local analysis. The Python script only validates that the target path exists and runs the Slither binary; it does not read or transmit other system files, environment variables, or external endpoints. detect.md is an analysis prompt and does not introduce network calls.
安装机制
There is no formal install spec in the registry (instruction-only). SKILL.md instructs the user to run 'pip install slither-analyzer' and then run the included script. That is a normal, low-risk approach but means installation of third-party packages happens outside the skill's manifest; users should verify the pip package source and version before installing.
证书
The skill requests no environment variables, credentials, or config paths. The script does not access secrets or unrelated environment state. The lack of credential requests is proportionate to a local static-analysis tool.
持久
The skill does not request always: true, does not modify other skill configs, and has no persistent agent privileges. It runs only when invoked and performs local analysis.
综合结论
This skill appears to do what it claims: run Slither on local Solidity sources and produce a report. Before installing/using it: (1) install the Slither CLI (SKILL.md suggests 'pip install slither-analyzer') from a trusted source and confirm the correct package name and version; (2) be aware the script invokes the 'slither' subprocess on files you provide — running analysis on untrusted code carries the usual risks of executing third-party too…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Slither Audit」。简介:Run slither static analysis on Solidity contracts. Fast, lightweight security s…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aviclaw/slither-audit/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。