Agent Security Skill Scanner Gitee

v1.0.0

AI Agent 安全扫描器 - 通用恶意代码检测 + 多语言支持 + CLI 工具

⭐ 0· 62·0 current·1 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for caidongyun/agent-security-skill-scanner-gitee.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Agent Security Skill Scanner Gitee" (caidongyun/agent-security-skill-scanner-gitee) from ClawHub.
Skill page: https://clawhub.ai/caidongyun/agent-security-skill-scanner-gitee
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-security-skill-scanner-gitee

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-security-skill-scanner-gitee

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description match the code: the repository and included Python scanner modules (multi_language_scanner_v4.py, llm_analyzer.py, intent_detector_v2.py, etc.) are consistent with a security scanning tool. However SKILL.md and other docs reference additional artifacts (asc-scan binary, install.sh, lingshun_scanner_daemon.py, various shell helpers) and large sample directories that are not present in the provided manifest; that mismatch is unexpected and reduces confidence that the declared installation/runtime steps are accurate.

Instruction Scope

SKILL.md instructs the agent/user to clone remote repos, run install scripts, symlink a local 'asc-scan' to /usr/local/bin (sudo), start an optional background daemon (nohup python3 lingshun_scanner_daemon.py) and add cron tasks — all of which are powerful system actions. The documentation also encourages enabling an LLM API key and optional network notifications. Those runtime instructions go beyond read-only scanning (they perform network installs and persistent background execution). Additionally, the SKILL.md contains a detected 'unicode-control-chars' prompt-injection signal despite claiming the characters were cleaned, which suggests a possible attempt to hide or manipulate text.

Install Mechanism

There is no formal install spec in the skill metadata (instruction-only), which is lowest platform risk, but SKILL.md tells users to git clone remote repositories and run install scripts / symlink binaries with sudo. Downloading and executing scripts from an external repo and creating root-owned symlinks is a higher-risk install flow — acceptable for a CLI tool if you trust the source, but disproportionate if the repository/owner is unverified. The manifest also does not include the referenced asc-scan binary or some scripts, creating an ambiguous install story.

Credentials

The declared environment variables are optional and appropriate for an LLM-enabled scanner (LLM_API_KEY, LLM_API_URL, FEISHU_WEBHOOK, ALERT_EMAIL, ENABLE_LLM_ANALYSIS). That is reasonable. However other repository files/docs mention services (Redis message bus via redis.from_url, possible network endpoints) and configuration paths that are not declared as required env vars. Also enabling LLM analysis requires providing an API key and endpoint; if provided, scanner code may send samples to that external endpoint — a legitimate feature but a sensitive operation that must be limited to test/isolated keys. Overall the requested env access is plausible but the docs/code reference additional runtime dependencies/config not declared explicitly, which is a concern.

ℹ

Persistence & Privilege

always:false and model invocation allowed (normal). SKILL.md clearly marks daemon/cron/network as optional and requires manual enabling. This is acceptable, but optional persistence (daemon + cron) combined with network capability increases blast radius if the user enables them without review. The skill does not declare it will modify other skills or system-wide agent settings.

Scan Findings in Context

[unicode-control-chars] unexpected: SKILL.md contains unicode control characters flagged by the pre-scan. The SKILL.md itself claims these were removed; the presence of such characters is suspicious because they can hide or alter displayed instructions (prompt-injection risk). This is not expected for a clean scanner specification and should be resolved before trusting automated execution of instructions.

What to consider before installing

Before installing or running this skill: 1) Verify the repository owner and commit history on both Gitee/GitHub; don't run install.sh or any scripts until you inspect them. 2) Check that the referenced binaries/scripts actually exist in the release you downloaded (asc-scan, install.sh, lingshun_scanner_daemon.py); if they are missing, do not follow the install steps that assume them. 3) Never export production LLM_API_KEY values; if you enable LLM analysis, use an isolated/test key or an on-prem/local model endpoint. 4) Review network-call code paths (LLM callers, webhook/email logic, redis/message-bus usage) to confirm where data would be sent. 5) Treat the daemon/cron suggestions as manual and optional — run scans in a VM/container or with network disabled until you audit the code. 6) Resolve the unicode-control character finding in SKILL.md (or get a clean upstream release) before trusting automated evaluation of the instructions. If you are not comfortable auditing the code yourself, do not install system-wide (avoid sudo ln -sf) and consider running the scanner only in an isolated environment.

✗

src/engine/smart_pattern_detector.py:21

Shell command execution detected (child_process).

✗

src/engine/smart_pattern_detector.py:21

Dynamic code execution detected.

✗

src/multi_language_scanner_v4.py:411

Dynamic code execution detected.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972eb3fv56xb70g40j4rspqn584rrwd

62downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

Agent Security Scanner v5.5.1

通用 AI Agent 安全扫描器 - 支持多语言检测、CLI 工具、恶意代码识别

🎯 核心能力

能力	说明	状态
CLI 工具	asc-scan 命令行扫描器	✅ v5.5
多语言检测	Python/JavaScript/YAML/Go/Shell	✅
183+ 检测规则	覆盖 10+ 攻击类型	✅
智能识别	自动识别 Skill/文件/NPM/GitHub	✅
分层输出	默认/高级/JSON	✅
白名单机制	降低误报率	✅

📊 性能指标

指标	值	说明
检测率	99%+	基于基准测试
误报率	<1%	白名单机制优化
扫描速度	>100 文件/分钟	单文件<100ms
支持语言	5 种	Python/JS/YAML/Go/Shell

🚀 快速开始

安装方式 1: 从 Gitee (中国大陆推荐)

# 克隆仓库
git clone https://gitee.com/caidongyun/agent-security-skill-scanner.git
cd agent-security-skill-scanner/release/v5.1.0

# 安装 CLI 工具
chmod +x asc-scan
sudo ln -sf $(pwd)/asc-scan /usr/local/bin/asc-scan

# 或使用安装脚本
./install.sh

安装方式 2: 从 GitHub (海外推荐)

# 克隆仓库
git clone https://github.com/caidongyun/agent-security-skill-scanner.git
cd agent-security-skill-scanner/release/v5.1.0

# 安装 CLI 工具
chmod +x asc-scan
sudo ln -sf $(pwd)/asc-scan /usr/local/bin/asc-scan

安装方式 3: 从 npm (待发布)

npm install -g asc-scan

🔧 基本使用

扫描 Skill

# ClawHub 技能
asc-scan agent-reach

# 本地 Skill
asc-scan ./local-skill

扫描文件

# Python 文件
asc-scan ./suspicious.py

# JavaScript 文件
asc-scan ./malicious.js

# YAML 配置
asc-scan ./deployment.yaml

详细输出

asc-scan <目标> --verbose
# 或
asc-scan <目标> --json

📋 环境变量说明

可选环境变量

名称	说明	必需	安全提示
`LLM_API_KEY`	LLM API 密钥	否	建议使用隔离的 API 密钥，不要使用主密钥
`LLM_API_URL`	LLM API 地址	否	优先使用本地/离线模型端点
`FEISHU_WEBHOOK`	飞书告警 Webhook	否	仅用于告警通知
`ALERT_EMAIL`	告警邮箱	否	仅用于邮件告警
`ENABLE_LLM_ANALYSIS`	启用 LLM 分析	否	默认 false，建议先在隔离环境测试

使用示例

# 启用 LLM 分析 (可选)
export ENABLE_LLM_ANALYSIS=true
export LLM_API_KEY=your_api_key  # 建议使用测试密钥
export LLM_API_URL=https://api.example.com/v1

# 运行扫描
asc-scan ./suspicious.py --verbose

安全提示:

⚠️ 不要使用生产环境的 API 密钥
⚠️ 优先使用本地/离线模型
⚠️ 在隔离环境测试后再启用

⚠️ 持久化行为声明

后台守护进程 (可选)

本技能提供可选的后台扫描守护进程：

# 启动守护进程 (可选，默认不启用)
nohup python3 lingshun_scanner_daemon.py > logs/daemon.log 2>&1 &

# 停止守护进程
pkill -f lingshun_scanner_daemon.py

注意:

⚠️ 守护进程会持续运行
⚠️ 可能发起网络调用 (LLM API/告警通知)
⚠️ 默认不启用，需手动启动
⚠️ 可通过 kill 命令停止

定时任务 (可选)

本技能提供可选的定时扫描任务：

# 添加 cron 任务 (可选，默认不启用)
crontab -e
# 每小时扫描一次
0 * * * * python3 /path/to/scanner.py

注意:

⚠️ 定时任务会定期执行
⚠️ 默认不启用，需手动配置
⚠️ 可通过 crontab -r 删除

网络调用 (可选)

本技能可能发起网络调用：

调用类型	目的地	用途	是否必需
LLM API	用户配置的 LLM_API_URL	LLM 深度分析	否
告警通知	用户配置的 FEISHU_WEBHOOK	告警通知	否
告警通知	用户配置的 ALERT_EMAIL	邮件告警	否

注意:

⚠️ 所有网络调用都是可选的
⚠️ 目的地由用户配置
⚠️ 可在代码中审查网络调用逻辑

🏗️ 仓库源说明

双仓库源策略

为确保全球用户都能正常访问，本技能提供双仓库源：

仓库	URL	适用地区	状态
Gitee (主)	https://gitee.com/caidongyun/agent-security-skill-scanner	中国大陆	✅ 推荐
GitHub (镜像)	https://github.com/caidongyun/agent-security-skill-scanner	海外	✅ 备用

选择建议:

🇨🇳 中国大陆用户：优先使用 Gitee (访问速度更快)
🌏 海外用户：优先使用 GitHub (访问更稳定)
🔄 如遇网络问题：切换到另一仓库源

验证官方仓库:

# 验证 Gitee 仓库
git remote -v
# 应显示：https://gitee.com/caidongyun/agent-security-skill-scanner

# 验证 GitHub 仓库
git remote -v
# 应显示：https://github.com/caidongyun/agent-security-skill-scanner

📊 风险等级说明

等级	分数范围	建议
🟢 低风险	0-19 分	可以安装/执行
🟡 中等风险	20-49 分	谨慎使用，审查代码
🔴 高风险	50-100 分	建议拒绝/删除

⚠️ 安全提示

安装前

验证官方仓库
- 检查仓库 URL 是否匹配
- 查看提交历史和作者
- 验证 Release 标签
审查代码
- 检查网络调用代码
- 检查敏感数据处理
- 移除 Unicode 控制字符
隔离测试
- 在 VM/容器中测试
- 限制网络访问
- 监控日志

使用时

环境变量安全
- 使用隔离的 API 密钥
- 不要使用生产密钥
- 定期轮换密钥
持久化行为
- 默认不启用守护进程
- 谨慎配置定时任务
- 定期审查运行状态
网络调用
- 审查网络调用目的地
- 使用防火墙限制
- 监控网络流量

📝 更新日志

v5.5.1 (2026-04-10)

修复:

✅ 添加环境变量声明
✅ 添加持久化行为声明
✅ 添加双仓库源声明
✅ 清理 Unicode 控制字符
✅ 统一仓库 URL

新增:

✅ asc-scan CLI 工具
✅ 智能目标识别
✅ 分层输出 (默认/高级/JSON)

v5.5.0 (2026-04-10)

新增:

✅ 通用 CLI 扫描器
✅ 支持 Skill/文件/NPM/GitHub
✅ 183+ 检测规则

📞 反馈与支持

报告问题

Gitee Issues: https://gitee.com/caidongyun/agent-security-skill-scanner/issues
GitHub Issues: https://github.com/caidongyun/agent-security-skill-scanner/issues

贡献代码

欢迎提交 Pull Request！

安全审计

如需第三方安全审计，请联系：agent-security@example.com

版本: v5.5.1
更新日期: 2026-04-10
许可: MIT
作者: Agent Security Team

Comments

Loading comments...