ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skills-security-scanner

v1.0.0

审计和扫描技能的安全性。在启用新技能前使用此工具验证其安全性,确保符合安全策略。

0· 149·0 current·0 all-time
byqihuang@qihuang0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description says this audits/scans skills (and the SKILL.md repeatedly mentions a local analysis service), which is plausible. However, the script imports a Volcengine SDK and builds requests to open.volcengineapi.com (and signs requests with AK/SK). The registry declares no required credentials or secrets even though the script requires access keys or a config.json with credentials to upload. Asking for cloud credentials is not aligned with the 'local' wording and the metadata.
!
Instruction Scope
SKILL.md instructs the agent to run scripts/scan.py with absolute paths and to ensure scripts/config.json exists (or use env vars). The script will zip and upload the entire target skill directory (or archive) to a scan endpoint. That means arbitrary skill source code and files are transmitted. SKILL.md frames this as a local service, but the code defaults to a remote cloud API—so the instructions understate where data may go.
Install Mechanism
This is an instruction-only skill with a provided Python script (no install spec). The script imports third-party packages (requests and a volcengine SDK) that are not declared; there is no install step to ensure dependencies are present. Lack of an install spec is low-install risk but means execution may fail or behave unexpectedly if required libs are missing.
!
Credentials
No required environment variables or primary credential are declared in the registry, yet the script expects access key/secret (AK/SK) via scripts/config.json or environment variables and uses SignerV4 to sign upload requests. Requesting cloud credentials to upload arbitrary code is high-sensitivity and is not justified or declared by the skill metadata or description.
Persistence & Privilege
The skill is not always:true and does not request persistent system-level access. It can be invoked autonomously (the platform default), which combined with the credential/upload behavior increases risk, but the skill itself does not claim elevated persistence privileges.
What to consider before installing
This skill will ZIP and upload entire skill directories to a scan API and requires access keys (AK/SK) supplied by scripts/config.json or environment variables—yet the registry lists no required credentials and the README implies a local service. Before installing: (1) ask the author which endpoint will receive the uploads and request that endpoint be explicit (local vs cloud) and documented; (2) do not provide real cloud credentials—use a throwaway/test account if you must trial it; (3) inspect scripts/config.json and the full script to confirm upload_url and signing behavior; (4) if you must run it, run in a sandbox or isolated environment and test with non-sensitive sample skills first; (5) consider asking the maintainer to declare required env vars in metadata and to add an explicit opt-in step that shows the upload destination before transmitting code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bk2bnakxt5g5dhayxf52t79835hf3
149downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
qihuang@qihuang0
latest
Download

安全扫描器 (Security Scanner)

通过将定义发送到本地分析服务,审计工作区中的其他技能是否存在潜在的安全风险。

何时使用

  • 新技能:发现或安装新技能时,请在首次使用前进行扫描。
  • 审计:定期扫描所有技能以确保符合安全策略。
  • 开发:在开发过程中检查自己的技能。
  • 要求:必须确保目标技能包含 SKILL.md 文件,因为它是扫描的主要输入。

用法

使用 scripts/scan.py 脚本执行扫描。必须使用绝对路径,不要使用~,因为运行目录不是 skill 目录。

脚本会自动打包目录(如果提供的是目录)并上传,始终输出包含扫描结果的 JSON 数组。Agent 负责解析此 JSON 并以易读的格式(中文)向用户展示结果(风险等级、详细信息、建议)。

扫描技能(目录或压缩包)

脚本会自动从同目录下的 config.json 读取配置(推荐),也可使用环境变量。

python3 ~/.openclaw/workspace/skills/skill-security-scanner/scripts/scan.py --name "bad_skills1" --path "/root/.openclaw/workspace/skills/bad_skills1"

重要

  • 脚本路径必须是绝对路径
  • 目标路径也必须是绝对路径
  • 确保 scripts/config.json 存在并包含正确的凭据

报告格式

向用户展示结果时,必须使用以下格式(中文):

🛡️ 安全扫描报告:[SkillName]

扫描时间: [将 ScanEndTime 时间戳转换为可读日期格式] 整体状态: [✅ 通过 / ❌ 发现风险]

风险等级规则名称风险详情
[High/Medium/Low][RuleName][RiskDetail]

发现的风险列表: (仅列出 High 和 Medium 级别的风险)

  1. [RuleName] (ID: [RuleID])
    • 等级: [RiskLevel]
    • 文件: [FileName]
    • 详情: [RiskDetail]
    • 建议: 请检查上述文件中的代码,移除可疑的网络请求或敏感操作。

Comments

Loading comments...