安全技能插座
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or updating third-party skills can add new instructions or capabilities to the agent environment.
The skill documents installing and bulk-updating skills from ClawHub, which can modify the agent's available capabilities. This is central to the stated hub purpose, but it depends on external skill provenance.
# 安装技能 clawhub install 技能名 # 更新所有技能 clawhub update --all
Review the source, permissions, and contents of any skill before installing it, and avoid bulk updates unless you trust the installed skill sources.
One skill's output could guide another skill's actions, which may broaden scans or analysis if the user does not set clear limits.
The skill explicitly supports chained use of multiple security skills. This is expected for a security hub, but chained scans or monitoring actions should remain scoped to user-approved targets.
当需要组合多个安全技能时,可以: 1. 先调用一个技能获取结果 2. 基于结果调用另一个技能 3. 汇总分析
Confirm the target systems, files, and allowed actions before running combined security workflows.