ClawHub

Security Vulnerability Scanner

v1.0.0

扫描代码中常见安全漏洞如SQL注入、XSS、硬编码密码,提供检测结果和安全评分建议。

0· 895·3 current·3 all-time
by@honestqiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (static vulnerability scanning) match the provided runtime instructions and patterns. The skill is instruction-only and expects code as input (scan_vulnerabilities(code, language)), which is consistent with its purpose.
Instruction Scope
Instructions implement simple regex-based checks embedded in SKILL.md/skill.yaml and do not direct the agent to read files, environment variables, or external endpoints. Note: the scan is purely pattern matching (JavaScript-oriented patterns) and lacks guidance on how code is supplied or on multi-language support; this limits coverage and may produce false positives/negatives.
Install Mechanism
No install spec or external downloads — lowest-risk configuration (instruction-only), nothing is written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths; this is proportionate for a static analyzer that operates on provided code strings.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed by default but is not combined with any broad credential access or persistent modification.
Assessment
This skill is a simple, local regex-based scanner that expects you to pass code as a string and returns pattern matches and a score. It does not request credentials or install software, so it is internally coherent. However, the detection rules are basic and JavaScript-centric — expect false positives and missed issues. Before relying on it for security decisions, review and extend its patterns for your languages, test it on known vulnerable/clean samples, and prefer established static analysis tools for critical codebases.

Like a lobster shell, security has layers — review code before you run it.

latestvk977z6zc108e0bz9f70npjbst581k3vcsecurityvk977z6zc108e0bz9f70npjbst581k3vcvulnerabilityvk977z6zc108e0bz9f70npjbst581k3vc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments