by 安全扫描
OpenClaw
安全
high confidenceThe skill's code and runtime instructions are consistent with a local security scanner: it scans files, checks for secrets, and checks dependencies without requesting credentials or installing remote code.
评估建议
This skill appears to be a local security scanner and is internally consistent, but note the following before running it:
- Running the bundled script executes arbitrary Python included in the skill. If you do not fully trust the author, review scripts/main.py line-by-line (it was provided) before execution.
- The scanner will read and enumerate files in the target directory (rglob('*')), which is expected for secret detection but means it will touch many repository files and print findings to ...详细分析 ▾
✓ 用途与能力
The name/description match the provided code and SKILL.md: the bundle includes a Python scanner (scripts/main.py) that implements scanning, dependency guidance, and secret detection. The requested resources (none) are proportional to a local scanner.
ℹ 指令范围
SKILL.md tells the agent to run the included Python script to scan files/directories and to integrate in CI. The instructions and script operate on local files (rglob over project files) which is expected for this purpose, but will enumerate/print secrets found to stdout. Minor mismatch: the CI example references skills/security/scripts/main.py while the distributed file path is scripts/main.py — this may be a packaging/path inconsistency to verify before use.
✓ 安装机制
No install spec is provided and the skill is instruction-only with a bundled script. Nothing is downloaded or written by an installer; the only code executed is the included Python file.
✓ 凭证需求
The skill requires no environment variables, credentials, or config paths. The scanner searches files for credentials (which is its purpose) but does not attempt to read unrelated environment variables or request external credentials.
✓ 持久化与权限
The skill does not set always:true, does not claim to persist or modify other skills, and has no install-time hooks. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/1
Security scanner for vulnerability detection and secret detection
● 无害
安装命令 点击复制
官方npx clawhub@latest install openclaw-secscan
镜像加速npx clawhub@latest install openclaw-secscan --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制