ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

API Key Guardian

v1.0.0

API密钥和敏感信息安全扫描。检测代码库中泄露的API key、密码、token,支持git历史扫描,提供AI风险分析和修复建议。当需要检查项目安全性、防止密钥泄露时使用。

0· 278·0 current·0 all-time
by@xiaohuaishu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the Python scripts implement repo and git-history scanning and an optional AI analysis step. Requested runtime binary (python3) is appropriate. However, the code calls git via subprocess (git must exist) but the SKILL metadata only declared python3 — that's an omission. Also the script embeds a hard-coded API key and a local AI endpoint for the analysis step, which is unexpected for a scanner and not declared in requirements.
!
Instruction Scope
SKILL.md instructs running guardian.py and optionally enabling AI analysis. The code does exactly that, scanning files and git history. But the AI analysis function performs an HTTP POST to http://127.0.0.1:18790/anthropic/v1/messages using a hard-coded x-api-key value. The instructions do not mention this embedded key, the local proxy requirement, or what that key is for — creating a gap between documented behavior and actual network activity. The scanner will read arbitrary files in the repo (by design) and git history (also by design); that is expected but warrants caution on sensitive repos.
Install Mechanism
No install spec; the skill is provided as Python scripts and requires no external downloads. Nothing is written to disk beyond running the included scripts. This is the lowest-risk install mechanism.
!
Credentials
The manifest requests no environment variables or credentials, which is generally fine. But the code contains a hard-coded API key (x-api-key: "sk-RPBUoe2SH7KigJ0SZn6IPDirZtJ2fUaWSukEx1FwxjhWFx0G") used when contacting the local Anthropic-like endpoint. Embedding secrets in code is poor practice and increases risk. Also the script invokes git via subprocess but does not declare git as a required binary in metadata.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not modify other skills or system configuration. Autonomous invocation is allowed by default but is not combined here with other escalation indicators.
Scan Findings in Context
[hardcoded_api_key_literal] unexpected: guardian.py includes a hard-coded x-api-key string used in llm_analyze when calling the local AI endpoint. A secrets-scanning tool should not ship with an embedded API key; this is unexpected and increases risk.
[network_call_localhost_anthropic_path] expected: The AI analysis feature posts findings to http://127.0.0.1:18790/anthropic/v1/messages. Contacting a local agent/proxy is plausible for an 'AI analysis' feature, but this should be documented and should not rely on an embedded key.
[exec_subprocess_git] expected: The script invokes git via subprocess to scan commit diffs for secrets, which is coherent with the 'git history' scanning capability. However, the manifest did not list git as a required binary.
What to consider before installing
This skill implements a secret scanner and a built-in AI analysis step. Before running it on real repositories: 1) Inspect guardian.py and remove or rotate the hard-coded API key; do not deploy code containing embedded secrets. 2) If you plan to use the --ai option, verify what local service should be listening on 127.0.0.1:18790 and why a fixed x-api-key is present; prefer configuring an API key via environment variables or the OpenClaw agent rather than an in-file secret. 3) Ensure git is available (the script calls git) and consider running the scanner in an isolated environment (container/machine) when scanning sensitive repos. 4) If you cannot validate the embedded key or the local proxy, avoid using --ai and run the scanner only after manual review. 5) Prefer installing/using a well-audited scanner from a known source; lack of homepage/source and the embedded credential increase risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk973p4f4grdrn2erazkqz84z8d82mqad

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binspython3

Comments