安全技能插座
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: security-skill-hub Version: 2.2.1 The skill bundle acts as a centralized 'Security Skill Hub' or registry, providing instructions for an AI agent to route requests to various security-related tools (e.g., vulnerability scanners, IOC validators, and malware analyzers). It includes metadata in `_meta.json` and organizational instructions in `SKILL.md` that define how to use a skill manager called `clawhub` to search and install additional capabilities from `clawhub.com`. No malicious code, data exfiltration logic, or harmful prompt injections were found; the bundle's behavior is entirely consistent with its stated purpose of managing security skills.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or updating third-party skills can add new instructions or capabilities to the agent environment.
The skill documents installing and bulk-updating skills from ClawHub, which can modify the agent's available capabilities. This is central to the stated hub purpose, but it depends on external skill provenance.
# 安装技能 clawhub install 技能名 # 更新所有技能 clawhub update --all
Review the source, permissions, and contents of any skill before installing it, and avoid bulk updates unless you trust the installed skill sources.
One skill's output could guide another skill's actions, which may broaden scans or analysis if the user does not set clear limits.
The skill explicitly supports chained use of multiple security skills. This is expected for a security hub, but chained scans or monitoring actions should remain scoped to user-approved targets.
当需要组合多个安全技能时,可以: 1. 先调用一个技能获取结果 2. 基于结果调用另一个技能 3. 汇总分析
Confirm the target systems, files, and allowed actions before running combined security workflows.