ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

安全审核标准 - 自动化版

v1.0.0

自动扫描 workspace/skills 目录中多种文件,识别风险关键词,生成安全审计报告并给出安装建议。

0· 80·0 current·0 all-time
by@tlcyqj2023

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tlcyqj2023/skill-vetter-2.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "安全审核标准 - 自动化版" (tlcyqj2023/skill-vetter-2) from ClawHub.
Skill page: https://clawhub.ai/tlcyqj2023/skill-vetter-2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-vetter-2

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-vetter-2
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to scan the workspace/skills directory and produce a risk report; the provided scan_skills.py implements exactly that (os.walk over /workspace/skills, substring keyword checks, Markdown+JSON report). There are no extra env variables, binaries, or external services required.
Instruction Scope
Instructions and script read every file under /workspace/skills for listed extensions and produce local reports in /workspace. This is consistent with purpose but means the skill will read any sensitive data stored in that directory. Detection is done by simple substring matching (kw in content) rather than robust parsing, which causes likely false positives (comments/strings) and false negatives (obfuscated patterns). The whitelist logic is filename-based (SAFE_PATTERNS) and can be bypassed by a maliciously named file; the scanner does not attempt deeper static analysis or network sink detection.
Install Mechanism
No install spec and no external downloads. The skill is instruction-only with a bundled Python script that runs in-place. No packages are installed and no archives are fetched.
Credentials
The skill requests no credentials or env vars, which is proportional. However, it requires read access to /workspace/skills (and will open many files), which is necessary for its purpose but means it can see any secrets or tokens present in that directory. The SUSPICIOUS keyword list contains dangerous tokens (e.g., 'eval(', 'os.system') only as literals in the scanner — they are not executed by the scanner itself (expected).
Persistence & Privilege
Flags show always:false and normal autonomous invocation is allowed (platform default). The script writes only its own report files to /workspace and does not modify other skills or agent configuration. No elevated system privileges are requested.
Assessment
This skill appears to do what it claims: it reads files under /workspace/skills, searches for listed risky keywords, and writes a Markdown+JSON report to /workspace. Before installing or enabling it, consider: (1) it will read any secrets stored in /workspace/skills — ensure no sensitive credentials are there or rotate them after a scan; (2) substring matching is brittle: expect false positives (keywords in comments or docs) and some bypasses (obfuscated code or renamed files); (3) the filename-based whitelist can be abused by a file named to appear safe — review whitelist patterns if you rely on automatic exclusions; (4) run the scanner manually in a sandbox first (python3 scan_skills.py) to inspect the produced report and confirm it behaves as expected; (5) because it has read access to your skills directory, prefer running it in an environment with limited permissions or inspect its source (scan_skills.py) yourself — the code is short and readable. If you need, I can list exact lines where the scanner: (a) defines the keyword lists, (b) performs substring matching, and (c) writes the report so you can review them quickly.
scan_skills.py:18
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

auditvk979zxezrhyn10vt75xtrvgrss83pa0zautomationvk979zxezrhyn10vt75xtrvgrss83pa0zchinesevk979zxezrhyn10vt75xtrvgrss83pa0zlatestvk979zxezrhyn10vt75xtrvgrss83pa0zsecurityvk979zxezrhyn10vt75xtrvgrss83pa0zskillsvk979zxezrhyn10vt75xtrvgrss83pa0z
80downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@tlcyqj2023
auditautomationchineselatestsecurityskills
Download

安全审核标准 v2 — 自动化 Skill

元信息

  • name: 安全审核标准 v2
  • description: 自动扫描 workspace/skills 目录,对所有 Skill 文件进行安全审计、风险评分和安装建议
  • version: 2.0
  • author: 秦大虾
  • trigger: ["扫描技能", "批量检查技能", "安全审计", "风险分析", "安装建议", "自动化", "审核技能", "查漏洞"]

使用方式

用户说「扫描技能」或「安全审计」时,自动执行以下流程,无需额外参数。

核心逻辑

扫描目录

/workspace/skills/(含子目录)

文件类型

.py / .json / .js / .yaml / .yml / .sh

可疑关键词库(分级)

等级关键词扣分
严重eval(, exec(, os.system, subprocess.call, subprocess.run, __import__, importlib, pty.spawn-25
高危requests.get, requests.post, urllib.request, http.client, socket.create_connection, curl, wget-20
中危chmod, chown, sudo, chattr, ACL, passwd, shadow, /etc/passwd, .bashrc, .ssh/-15
低危open(, write, base64, gzip, zlib(单独出现不扣分,组合出现-5)-5

评分标准

风险评分风险等级建议
81-100🟢 低风险允许安装
61-80🟡 中风险谨慎安装,运行时监控
41-60🟠 较高风险沙箱测试,限制权限
21-40🔴 高风险禁止安装,查看源码
0-20⛔ 严重风险立即删除

输出格式

1. 总览摘要

📊 安全审计报告 | 扫描时间: YYYY-MM-DD HH:MM
目录: /workspace/skills/
共扫描: N 个文件 | 🟢 低风险: X | 🟡 中风险: Y | 🔴 高风险: Z

总体建议: [允许安装 / 需人工审核 / 建议撤下]

2. 分文件结果(每文件输出)

--- [文件名] ---
类型: [.py / .json / ...]
风险评分: XX/100 [🟢/🟡/🟠/🔴/⛔]
风险点:
  • [具体风险描述]
  • [若无风险则写: "未发现可疑代码"]
建议: [允许安装 / 需审核 / 禁止]

3. 汇总表

文件名类型风险分等级建议
skill.mdmarkdown95🟢允许

执行脚本伪代码

1. os.walk('/workspace/skills/')
2. 读取每个文件内容
3. 匹配SUSPICIOUS_KEYWORDS
4. 累加扣分
5. 判断风险等级
6. 生成 Markdown 报告
7. 保存到 /workspace/技能安全审计报告.md

安全原则

  1. 零误报不拦截安装 — 仅提示风险,不自动禁止
  2. 先审计后安装 — 风险分<40的文件,不输出任何安装指引
  3. 不修改原文件 — 只读扫描,不触碰 skills 目录
  4. 日志可追溯 — 每次扫描记录时间和结果

Comments

Loading comments...