Clawscan Vigil

v0.2.0

安装前扫描 OpenClaw Skill 安全风险，静态+动态双重检测，识别恶意代码

⭐ 0· 205·0 current·0 all-time

by@jjj09090

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jjj09090/clawscan-vigil.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Clawscan Vigil" (jjj09090/clawscan-vigil) from ClawHub.
Skill page: https://clawhub.ai/jjj09090/clawscan-vigil
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3, pip
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawscan-vigil

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawscan-vigil

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's name and description (local pre-install scanner) align with the code: static_analysis + restricted dynamic execution + a CLI. However the registry metadata only requires 'python3' and 'pip' while the code imports many third-party Python packages (click, rich, RestrictedPython, tomllib (3.11+), etc.). There is no install spec to ensure those dependencies are installed. This mismatch (declaring only binaries but not Python package deps or an install step) is disproportionate and will cause runtime failures or require manual installation by the user.

ℹ

Instruction Scope

SKILL.md instructs running scans against local Skill directories and claims scans run fully locally with no uploads. The implementation appears consistent: the dynamic tracer uses RestrictedPython and a mock __import__ to avoid executing real network/file operations. Still, dynamic analysis intentionally skips code containing dangerous constructs (eval/exec, __import__, long loops), so it may produce false negatives for obfuscated or highly dynamic malicious code. The scanner also exposes JSON export and batch scanning features (Premium) that will write output files locally—contradicting any absolute claim that 'no results are collected' if the user requests exports.

Install Mechanism

There is no install spec in the registry. The package includes code that depends on multiple Python libraries (click, rich, RestrictedPython, tomllib (py3.11), etc.), but the registry only lists python3 and pip as required binaries. Because the skill doesn't provide an automated install step to install its Python dependencies, installation as-is may fail. Absence of a controlled install step increases friction and the chance users will run ad-hoc pip installs themselves, which expands the attack surface if they use untrusted package sources.

ℹ

Credentials

The skill does not request environment variables or external credentials. It stores license and usage files under a user directory (~/.clawscan), which is expected for a tool with a local license/quota model. No code paths were found that attempt to exfiltrate code or scanning results externally. Still, the presence of license activation/URLs and multiple placeholder links (e.g., github.com/yourname) is a trust concern: verify the upstream project and URLs before trusting license keys or following external links.

✓

Persistence & Privilege

always:false and normal autonomous invocation are used. The skill creates (and will write) a local config directory (~/.clawscan) and license/usage JSON files, which is reasonable for quota/license bookkeeping. There is no code that modifies other skills or global agent settings. No 'always: true' or elevated system-wide privileges are requested.

What to consider before installing

This package appears to implement a local scanner and does not attempt network exfiltration in the included code, but there are notable red flags you should address before installing: - Dependencies: The code imports click, rich, RestrictedPython, and other libraries, but the registry only lists python3 and pip and provides no install script. Expect to manually install required Python packages or packaging to fail. Prefer installing in an isolated virtualenv and inspect the packages you install. - RestrictedPython & dynamic analysis limits: Dynamic tracing runs code in a mock sandbox and purposely refuses to execute code containing constructs like eval/exec or __import__. Malicious code that obfuscates behavior or uses native extensions may evade detection—do not assume a clean scan guarantees safety. - Metadata inconsistencies: SKILL.md/README include placeholder or mismatched links (e.g., github.com/yourname, clawscan.dev). That could be a sign the project is incomplete or not from a well-maintained upstream. Verify the project homepage and repository history before trusting or paying for 'Premium' features. - Local writes: The tool will create ~/.clawscan and write license/usage files and can export JSON reports. If you need strict privacy, run scans in an isolated environment and review exported files. What would raise confidence: an explicit install spec (or pyproject/pip wheel) that lists and installs required Python packages from known sources; consistent, verifiable upstream repository and release artifacts (GitHub releases or PyPI); and clearer handling of RestrictedPython availability and tomllib fallback for Python <3.11.

✗

core/dynamic_tracer.py:122

Dynamic code execution detected.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis

OSLinux · macOS · Windows

Binspython3, pip

latestvk97ffm0yqy8zz7tz8wag82r9hn8377qz

205downloads

0stars

3versions

Updated 23h ago

v0.2.0

MIT-0

Linux, macOS, Windows

Skill: clawscan-vigil

🔍 OpenClaw Skill 安全扫描器

安装前扫描任意 Skill 的安全风险，静态 + 动态双重检测。

为什么需要 ClawScan？

341 个恶意 Skill 已被发现可窃取 API Key、加密货币钱包
ClawHub 审核机制薄弱，12% Skill 存在恶意行为
安装前无法判断代码安全性

版本对比

功能	免费版	Premium
静态代码分析	✅	✅
动态行为检测	✅	✅
扫描次数	5次/月	无限
依赖风险分析	❌	✅
批量扫描	❌	✅
优先支持	❌	✅
价格	免费	¥49/年

快速开始

# 安装
clawhub install clawscan

# 查看配额状态
clawscan status

# 扫描本地 Skill（消耗1次配额）
clawscan scan /path/to/skill

# 扫描已安装的 ClawHub Skill
clawscan check mcp-server-prompts

# 详细报告
clawscan scan /path/to/skill --verbose

# JSON 输出（用于脚本集成）
clawscan scan /path/to/skill --json

激活 Premium

# 获取 License: https://clawscan.dev
clawscan activate CLAW-XXXX-XXXX-XXXX

# 确认激活
clawscan status

风险分级

等级	图标	描述
🔴 高危	HIGH	网络请求、文件写入、命令执行
🟡 中危	MEDIUM	子进程导入、API Key 处理
🟢 低危	LOW	纯计算逻辑

示例输出

╭────────────────────────── Scan Summary ──────────────────────────╮
│ 🔴 malicious-skill                                               │
│                                                                  │
│ Overall Risk: HIGH                                               │
│ Files Scanned: 3                                                 │
│ Scan Duration: 15ms                                              │
│                                                                  │
│ Findings: 8 total                                                │
│   🔴 High: 4                                                     │
│   🟡 Medium: 3                                                   │
│   🟢 Low: 1                                                      │
╰──────────────────────────────────────────────────────────────────╯

🔴 HIGH RISK (4)
==================================================

network
  Network module imported: requests
  /skill/malicious.py:7

📦 Dependency Analysis (Premium)
==================================================
🔴 pyautogui (Potential keylogger/screenshot capability)
🟡 psutil (System access capabilities)

📋 Recommendations
==================================================
  🚨 This Skill can execute system commands...

退出码

Code	含义
0	低危
1	高危风险
2	中危风险
3	扫描错误
4	配额已用完

技术细节

静态分析：

AST 解析识别危险函数
7 类风险模式匹配（网络、文件、子进程、加密等）

动态分析：

RestrictedPython 沙箱执行
监控运行时导入和调用

依赖分析 (Premium)：

扫描 requirements.txt / pyproject.toml
识别已知风险包（pyautogui, browser-cookie3 等）

隐私说明

扫描完全本地执行，代码不会上传
License 验证可选离线模式
不收集 Skill 内容或扫描结果

支持与反馈

问题反馈：https://github.com/yourname/clawscan/issues
获取 License：https://clawscan.dev
邮件：support@clawscan.dev

License: MIT (Tool) + Commercial (Premium Features)

Comments

Loading comments...