🦒 Giraffe Guard — 长颈鹿卫士
v3.1.0Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support.
⭐ 0· 664·2 current·2 all-time
by@lida408
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code (scripts/audit.sh and scripts/ast_analyzer.py) implements a supply-chain scanner consistent with the declared purpose. However, metadata lists 'no required binaries' while the textual docs and scripts expect common system tools (bash, grep, sed, find, awk, file, readlink, perl), optionally python3 for AST analysis, and git when using --pre-install. Also the SKILL.md claims 22 detection rules but README/scripts advertise many more (55+ rules / 38 grep + 17 AST). These mismatches are likely sloppy packaging/documentation but should be clarified before installation.
Instruction Scope
SKILL.md instructs the agent to run scripts/audit.sh against a target directory (or with --pre-install clone a repo). The runtime instructions are scoped to scanning files and producing reports. The script may read all files under the target directory (expected for a scanner). It does not appear to instruct modification of system-wide configs or to harvest agent secrets. Note: --pre-install triggers a git clone of a remote repo (network I/O).
Install Mechanism
There is no install spec (instruction-only with included scripts). No remote downloads or archive extraction are defined by the registry metadata. The code is present in the skill bundle and executed as local scripts, which is lower risk than an installer that fetches arbitrary code at install time.
Credentials
The skill declares no required environment variables or credentials (primary credential none), and the scripts do not request secrets. The scanner is designed to detect hardcoded keys in target code but does not require access to any external credentials. This is proportionate to its stated function.
Persistence & Privilege
The skill is not always:true and does not request permanent platform privileges. It does not appear to modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined with other privileged behaviors here.
What to consider before installing
This package is largely coherent with its claimed purpose (a local scanner), but there are a few things to check before installing or running it:
- Clarify the mismatches: SKILL.md mentions 22 rules while README and scripts indicate 55+ rules; confirm which rules will actually run.
- Ensure required system tools are available: the scripts assume standard Unix tools; python3 is optional but needed for deeper AST checks; git is used by --pre-install. The registry metadata did not list these binaries — don't rely solely on the metadata.
- Be cautious with --pre-install: it clones remote git URLs (network activity). When scanning untrusted repos, run the tool in an isolated environment (sandbox, container, or CI worker) to avoid any accidental execution of untrusted code.
- Review the included scripts yourself (audit.sh and ast_analyzer.py are provided) or run them on test data first. They are intended to scan for secrets and dangerous constructs but will read all files in the target directory — do not point it at sensitive home directories.
- If you need high assurance, request the publisher/source (homepage is missing) or prefer a scanner from a known repository; otherwise run in a disposable environment and inspect outputs carefully.
Confidence is medium because inconsistencies look like sloppy packaging rather than malicious intent, but the lack of declared runtime dependencies and the network-enabled pre-install mode increase risk until clarified.Like a lobster shell, security has layers — review code before you run it.
latestvk978s63883qyd0hk858wdntabd814x4g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.