安全技能插座
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only security-skill hub is purpose-aligned, but users should review any ClawHub skill installs or bulk updates before allowing them.
This skill is an instruction-only directory for security tools. It appears benign, but treat ClawHub installs, updates, and multi-skill workflows as changes to your agent environment: review each external skill first, avoid unreviewed bulk updates, and keep scan or monitoring targets clearly scoped.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or updating third-party skills can add new instructions or capabilities to the agent environment.
The skill documents installing and bulk-updating skills from ClawHub, which can modify the agent's available capabilities. This is central to the stated hub purpose, but it depends on external skill provenance.
# 安装技能 clawhub install 技能名 # 更新所有技能 clawhub update --all
Review the source, permissions, and contents of any skill before installing it, and avoid bulk updates unless you trust the installed skill sources.
One skill's output could guide another skill's actions, which may broaden scans or analysis if the user does not set clear limits.
The skill explicitly supports chained use of multiple security skills. This is expected for a security hub, but chained scans or monitoring actions should remain scoped to user-approved targets.
当需要组合多个安全技能时,可以: 1. 先调用一个技能获取结果 2. 基于结果调用另一个技能 3. 汇总分析
Confirm the target systems, files, and allowed actions before running combined security workflows.