ClawHub

AIG Scanner

v1.0.2

A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Us...

3· 144·0 current·0 all-time
by@aigsec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared primaryEnv (AIG_BASE_URL), required binary (python3), SKILL.md routing rules, and the provided Python CLI all align: the skill's purpose is to submit and query AI-Infra-Guard taskapi jobs and the code implements that.
Instruction Scope
Instructions limit runtime actions to running the bundled aeg_client.py and calling the A.I.G taskapi; they explicitly allow scanning local/private addresses and the script supports uploading local files to the A.I.G server. This is coherent for a scanner but means the agent may transmit local file contents and probe internal hosts — a privacy/security concern that the user should consider.
Install Mechanism
No install spec — instruction-only with a bundled Python script. This is low-risk from an installation perspective because nothing is downloaded at runtime by the skill itself.
Credentials
Primary credential AIG_BASE_URL is appropriate. The script also reads optional AIG_API_KEY and AIG_USERNAME (documented in SKILL.md). The requested env access is minimal and relevant, but the API key (if provided) grants the remote server access to taskapi operations and should only be given to a trusted A.I.G endpoint.
Persistence & Privilege
always is false and the skill does not request persistent/global privileges. It runs only when invoked and uses a local script; no modifications to other skills or global agent settings are present.
Assessment
This skill behaves like a remote scanner client: it will POST scan jobs, may upload local files, and is explicitly allowed to probe private/local IPs. Before enabling or using it, confirm the AIG_BASE_URL points to a trusted A.I.G deployment (do not point it at unknown third-party hosts). Do not provide sensitive files or credentials unless you trust the server, and avoid setting AIG_BASE_URL to a public/untrusted endpoint. If you need to scan internal services safely, run the scanner in an isolated environment or on a machine with no sensitive files. If concerned, review the bundled scripts/aig_client.py source yourself (it is included) before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk976scc2gpgw3wqtfy0kf7kjkh83qj39

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binspython3
Primary envAIG_BASE_URL

Comments