胖叔 Skill 安全审查
v1.0.0Security vetting for agent skills before installation. Scans skill code for dangerous Bash commands, sensitive file access, network exfiltration, obfuscated...
⭐ 0· 12·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (a pre-install vetter) match the included artifact (scripts/vetter.py) and SKILL.md. The skill requires no env vars, binaries, or external services, which is appropriate for a local static scanner. The SKILL.md's claim that the vetter can be invoked automatically via OpenClaw hooks is an integration suggestion rather than an implicit platform entitlement; the registry metadata does not force automatic inclusion.
Instruction Scope
Runtime instructions tell the agent to run the bundled Python script against a skill directory. The scanner reads files under the provided skill_path and reports pattern matches — this is expected. Minor caveats: the scanner skips non-code markdown outside fenced code blocks and skips certain directories (node_modules, .git, __pycache__, .venv), which could allow malicious payloads to hide in skipped locations or plain text. The SKILL.md suggests auto-hooking; enabling that requires administrator configuration.
Install Mechanism
No install spec is present (instruction-only with one local script). Nothing is downloaded or written to system locations by the skill itself. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables, credentials, or config paths. The internal scanner looks for mentions of credentials (e.g., .env, ~/.aws) but does not itself access external secrets or require credentials — this is proportionate to its stated purpose.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or system settings. It can be configured to run as a pre-install hook, but that integration is opt-in and requires administrator configuration; the skill itself does not force persistent or privileged presence.
Assessment
This skill appears to do what it says: a local pattern-based scanner implemented in Python. Before installing or enabling automatic pre-install hooks: 1) Review the vetter code yourself (it's included) to confirm the pattern rules meet your needs. 2) Be aware it is a heuristic scanner — it can produce false positives and false negatives and can be evaded by obfuscation or placing payloads in skipped paths (e.g., node_modules or markdown outside fenced code blocks). 3) Only enable automatic pre-install invocation (hooks) with admin oversight; restrict the hook configuration so the vetter runs in a sandboxed environment with access only to the incoming skill directory. 4) Consider complementing this tool with manual review or more robust static analysis, and do not assume a clean vetter report guarantees safety. If you want higher assurance, ask the author for test cases demonstrating detection of common evasion techniques or request addition of configurable scan scopes and reporting (no external uploads).Like a lobster shell, security has layers — review code before you run it.
latestvk9772mf06nhaxc9k79bf0m5h9s8485kn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.