ClawHub

Security Vulnerability Scanner

扫描代码中常见安全漏洞如SQL注入、XSS、硬编码密码,提供检测结果和安全评分建议。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 615 · 1 current installs · 1 all-time installs
by@HonestQiao
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (static vulnerability scanning) match the provided runtime instructions and patterns. The skill is instruction-only and expects code as input (scan_vulnerabilities(code, language)), which is consistent with its purpose.
Instruction Scope
Instructions implement simple regex-based checks embedded in SKILL.md/skill.yaml and do not direct the agent to read files, environment variables, or external endpoints. Note: the scan is purely pattern matching (JavaScript-oriented patterns) and lacks guidance on how code is supplied or on multi-language support; this limits coverage and may produce false positives/negatives.
Install Mechanism
No install spec or external downloads — lowest-risk configuration (instruction-only), nothing is written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths; this is proportionate for a static analyzer that operates on provided code strings.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed by default but is not combined with any broad credential access or persistent modification.
Assessment
This skill is a simple, local regex-based scanner that expects you to pass code as a string and returns pattern matches and a score. It does not request credentials or install software, so it is internally coherent. However, the detection rules are basic and JavaScript-centric — expect false positives and missed issues. Before relying on it for security decisions, review and extend its patterns for your languages, test it on known vulnerable/clean samples, and prefer established static analysis tools for critical codebases.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977z6zc108e0bz9f70npjbst581k3vcsecurityvk977z6zc108e0bz9f70npjbst581k3vcvulnerabilityvk977z6zc108e0bz9f70npjbst581k3vc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Security Vulnerability Scanner

扫描代码中的安全漏洞,提供修复建议。

功能

  • SQL 注入检测
  • XSS 跨站脚本检测
  • 硬编码密码/密钥检测
  • 不安全随机数检测
  • 命令注入检测
  • 敏感信息泄露检测
  • 安全评分

触发词

  • "安全扫描"
  • "漏洞检测"
  • "security scan"
  • "vulnerability"

检测模式

const patterns = {
  sqlInjection: /query\s*\(\s*['"`].*\$\{/,
  xss: /innerHTML\s*=|document\.write/,
  hardcodedSecret: /password\s*=\s*['"][^'"]+['"]/,
  insecureRandom: /Math\.random\(\)/,
  commandInjection: /exec\s*\(\s*\$\{/
};

输出示例

{
  "vulnerabilities": [
    {
      "type": "sql_injection",
      "line": 42,
      "severity": "high",
      "message": "检测到SQL注入风险"
    }
  ],
  "score": 65
}

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…