ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Publish Skill

v0.4.1

Security audit tool for AI agent skills. Scans skill packages for malware, credential theft, and suspicious patterns before installation. Defensive security...

0· 103·0 current·0 all-time
by@cyzlmh

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cyzlmh/skillscan-wrapper.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Publish Skill" (cyzlmh/skillscan-wrapper) from ClawHub.
Skill page: https://clawhub.ai/cyzlmh/skillscan-wrapper
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skillscan-wrapper

ClawHub CLI

Package manager switcher

npx clawhub@latest install skillscan-wrapper
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (security scanner for skills) matches the instructions: the SKILL.md describes a native Rust binary that scans skill directories. However, the package includes no binary or install spec and instead instructs the user to download a prebuilt binary from external URLs — this is a plausible design for a scanner but elevates risk compared with an included or buildable artifact.
!
Instruction Scope
Instructions claim the tool will only read explicit skill directories and only upload when the user supplies --upload-url, which is reasonable. But the doc also provides download URLs and SHA256 sums inside the same document (weakens independent verification), references an external engine/enterprise upload feature (potential exfil path if misused), and contains a notable inconsistency: registry version 0.4.1 vs download links for v0.4.0. These points widen the scope for accidental or malicious misuse.
!
Install Mechanism
There is no install spec in the registry; the SKILL.md instructs downloading ZIPs from Gitee and running a compiled binary. Downloading and executing prebuilt binaries from an external host is higher-risk than instruction-only behavior or reproducible builds. While Gitee is a known host (not a URL shortener or IP), providing checksums in the same document and mismatched version numbers weakens integrity guarantees.
Credentials
No environment variables, credentials, or config paths are requested. The declared file/network access (reading only user-specified skill directories, optional upload-url) aligns with the scanner's purpose. Still, an upload option can exfiltrate scanned contents if an attacker-controlled URL is provided — the doc states this is user-controlled.
Persistence & Privilege
The skill does not request always:true, does not include installers that write persistent agent config, and is instruction-only. Autonomous invocation is allowed by default (not a fault by itself) and is not combined with broad credentials or always:true here.
What to consider before installing
This skill purports to be a defensive scanner but asks you to fetch and run a prebuilt binary from external URLs whose checksums are published only inside the same SKILL.md (and the referenced download version differs from the registry version). Before using/instantiating this skill: 1) Prefer obtaining the binary from a verified, authoritative release page (or build from source yourself) and independently verify checksums from the project repository; 2) Do not provide an --upload-url to unknown endpoints (that option could send scanned contents elsewhere); 3) Ask the publisher for a signed release or reproducible build instructions (the doc claims source is on Gitee—verify the repo and tags); 4) If you cannot independently verify the binary or source, treat this skill as untrusted and avoid running the downloaded executable. I have medium confidence in this assessment because there are clear inconsistencies (version mismatch, external binary) but no direct evidence of malicious intent in the instruction text.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fwd3jpfn0w7ydj964yrbrcs858cx7
103downloads
0stars
2versions
Updated 1w ago
v0.4.1
MIT-0
@cyzlmh
latest
Download

Skill Scan Wrapper

DEFENSIVE SECURITY TOOL - Use this skill to audit other skills before installation.

When you need to scan a skill package, archive, or release bundle for security risks, use this tool. It helps detect malicious patterns like credential theft, data exfiltration, and code injection before you install unknown skills.

Security Guarantees

This tool DOES NOT:

  • Read your credentials, SSH keys, AWS configs, or any identity files
  • Access MEMORY.md, USER.md, SOUL.md, or agent identity files
  • Send data anywhere without your explicit command
  • Modify system files outside your specified workspace
  • Request elevated/sudo permissions

This tool ONLY:

  • Reads skill files you explicitly ask it to scan
  • Writes reports to directories you explicitly specify
  • Optionally sends reports to URLs you explicitly provide (enterprise integration)
  • Uses SHA-256 checksums to verify binary integrity

Source Transparency

This tool includes a compiled Rust binary. Source code is available at:

功能

  • 内置 Rust 原生引擎,无需外部依赖即可运行
  • 可选桥接 Cisco Skill Scanner (external engine) 获更强检测能力
  • 支持单 skill 和批量目录扫描
  • 输出风险评级与发现项摘要

下载

从以下地址下载对应平台的二进制包:

平台下载地址
macOS ARM64https://gitee.com/random_player/cmic-skill-scanner/releases/download/v0.4.0/skillscan-wrapper-darwin-arm64-v0.4.0.zip
Linux x64https://gitee.com/random_player/cmic-skill-scanner/releases/download/v0.4.0/skillscan-wrapper-linux-amd64-v0.4.0.zip
Linux ARM64https://gitee.com/random_player/cmic-skill-scanner/releases/download/v0.4.0/skillscan-wrapper-linux-arm64-v0.4.0.zip

ZIP SHA256 校验(发布包完整性):

  • darwin-arm64: bd78d3861a545ad52e2f51b8d072efe1d7604850f4a7049d99a840387a341c6a
  • linux-amd64: 1b4997f7b2a4e4dcf9b0d7edcc65755e13a03a258d795ee1abcc35dcab3d5a86
  • linux-arm64: 071b0c404b840aeb4e4d493b3a2513390ed629e0f07e4b79a0b5bc908f1c2d1c

内置二进制 SHA256(运行前验证):

  • darwin-arm64: f2cc115a3675b493425f9a2be94e02d31c3ee523f12765cd8a30fc240c9a0b30
  • linux-amd64: 864f9a0189268139878c06bce7a127687f9e491a070d7c7345d22932c899bcd8
  • linux-arm64: ee7fd87a3ad72984fcd60ba3adae1020fe7099d24332b7cc30e66034cd745dd7

安装

  1. 下载对应平台的 zip 包
  2. 解压到目标目录
  3. 验证校验码:
shasum -a 256 skillscan-wrapper

使用

单 skill 扫描

./skillscan-wrapper review /path/to/skill --format markdown

批量扫描

./skillscan-wrapper review /path/to/skills --output-dir /tmp/skillscan-out

使用外部引擎

./skillscan-wrapper review /path/to/skill --engine external --format markdown

企业集成(带上报)- User Controlled Destination

Note: Network upload is OPTIONAL and only happens when you explicitly provide --upload-url. You control where data goes.

./skillscan-wrapper review /path/to/skills \
  --output-dir /tmp/skillscan-out \
  --upload-url https://scanner.example.com/api/report \
  --instance-id prod-a1

常用命令

./skillscan-wrapper inspect /path/to/skill    # 查看skill结构
./skillscan-wrapper scan /path/to/skill       # 原始JSON扫描结果
./skillscan-wrapper review /path/to/skill     # 风险评级摘要
./skillscan-wrapper benchmark                 # 性能基准测试

检测能力

内置原生引擎包含 31 条规则,覆盖:

  • 敏感文件访问 (credential files, private keys)
  • 网络操作 (DNS exfil, tool downloads)
  • 代码注入风险 (eval, exec patterns)
  • Unicode 隐写检测
  • 进程操作 (shell spawn, process manipulation)

许可证

MIT-0 (Public Domain)

Comments

Loading comments...