Aliyun ClawScan — 技能工具

Name: Aliyun ClawScan — 技能工具
Rating: 1 (3 reviews)
Author: Aliyun-AI-Sec

Aliyun-AI-Sec

Aliyun ClawScan — 技能工具

v1.0.2

[自动翻译] Analyzes the security posture of a user's OpenClaw environment and installed skills. Use when a user is about to install a new skill and wants to veri...

3· 349·0 当前·0 累计

by @aliyun-ai-sec (Aliyun-AI-Sec)·MIT-0

安全系统工具云服务开发工具自动化

下载技能包项目主页

License

MIT-0

最后更新

2026/4/11

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill's declared purpose (audit OpenClaw configuration and installed skills) matches its instructions and requirements; it's instruction-only and does not request unrelated credentials or installs code.

评估建议

This skill appears internally consistent and safe as an instruction-only OpenClaw auditor, but take these precautions before use: - Ensure you have a trusted `openclaw` binary on PATH (the skill runs `openclaw security audit --deep`). - Review the repository/source (github.com/aliyun-ai-sec) to confirm authorship and integrity if provenance matters to you. - Be aware the OpenClaw audit may surface sensitive configuration details (gateway/auth, tool approvals, filesystem exposures). Run it in an ...

详细分析 ▾

✓ 用途与能力

Name/description ask for an OpenClaw security assessment and the only required binary is `openclaw`. The runtime instructions call `openclaw security audit --deep` and `openclaw skills list` and analyze skill files using the included reference rules — these are appropriate and proportionate to the stated purpose.

ℹ 指令范围

SKILL.md describes a static analysis workflow and explicit guardrails (do not execute suspicious code, do not enumerate actual user files). However, the assessment relies on OpenClaw's built-in audit which may read configuration and produce findings about sensitive paths (e.g., gateway, tool approvals). The skill's own reference rules include prompt-injection examples (e.g., 'ignore previous instructions') which triggered pre-scan injection detection — this is expected for a scanner that documents such patterns, but you should confirm the skill will not automatically act on any decoded/embedded payloads.

✓ 安装机制

This is instruction-only (no install spec, no code files executed). That minimizes install-time risk — nothing is downloaded or written by the skill itself.

✓ 凭证需求

The skill requires no environment variables, no credentials, and no config paths. Its actions are limited to running `openclaw` commands and scanning skill files, which aligns with the audit purpose.

✓ 持久化与权限

always:false and no requests to modify other skills or persist settings. Agent autonomous invocation is allowed (platform default) but not combined with elevated privileges or credential requests.

⚠ reference/skillaudit.md:227

Prompt-injection style instruction pattern detected.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.22026/3/11

- Homepage metadata updated to https://github.com/aliyun-ai-sec. - Added an informational note stating that this skill is provided by Alibaba Cloud, both at the top and bottom of the documentation. - No functional or workflow changes. All usage instructions and output templates remain unchanged.

● 无害

安装命令点击复制

官方npx clawhub@latest install aliyun-clawscan

镜像加速npx clawhub@latest install aliyun-clawscan --registry https://cn.clawhub-mirror.com

技能文档

说明：本 Skill 由 阿里云（Alibaba Cloud） 提供的安全防护检查能力，用于对 OpenClaw 环境与 Skill 进行安全评估与风险检测。

# aliyun-clawscan

Comprehensive OpenClaw security assessment combining configuration audit and skill security analysis.

When to Use

Scenario	Example Triggers
Full Assessment	`OpenClaw安全评估`, `风险评估`, `安全体检`
Config Audit	`配置审计`, `检查OpenClaw配置`
Skill Scan	`skill安全扫描`, `检查skill风险`
Pre-install Check	`安装前检查`, `这个skill安全吗`

Assessment Workflow

Step 1: Configuration Audit └─ openclaw security audit --deep └─ See: reference/baseline.md Step 2: Skill Security Audit ├─ Inventory: openclaw skills list └─ Static Analysis (local rules) └─ See: reference/skillaudit.md

Step 3: Consolidated Report └─ Overview + findings

# Step 1: Configuration Audit

Run OpenClaw built-in security audit:

openclaw security audit --deep

Parse results into categories (Gateway, Network, Tools, Browser, Files, Room).

Reference: reference/baseline.md for detailed check categories and parsing rules.

# Step 2: Skill Security Audit

Phase 1: Inventory

openclaw skills list

Phase 2: Static Analysis

Apply local detection rules across 11 categories:

Category	Severity	Reference
Reverse Shell / Backdoor	🚨 Critical	skillaudit.md Scenario 1
Credential Harvesting	🚨 Critical	skillaudit.md Scenario 2
Data Exfiltration	🔴 High	skillaudit.md Scenario 3
Cryptominer	🚨 Critical	skillaudit.md Scenario 4
Permission Abuse	🔴 High	skillaudit.md Scenario 5
Prompt Injection	🔴 High	skillaudit.md Scenario 6
Code Obfuscation	🟡 Medium	skillaudit.md Scenario 7
Ransomware	🚨 Critical	skillaudit.md Scenario 8
Persistence	🟡 Medium	skillaudit.md Scenario 9
Supply Chain	🟡 Medium	skillaudit.md Scenario 10
Malicious Service Downloader	🚨 Critical	skillaudit.md Scenario 11

Reference: reference/skillaudit.md for complete detection patterns, code examples, and risk assessment logic.

Phase 3: Risk Classification

Level	Criteria
🚨 Critical	Backdoor, credential theft, ransomware, miner
🔴 High	Permission abuse, data exfil, privacy violation
🟡 Medium	High permissions justified, benign obfuscation
🟢 Low	Matches declared purpose

# Step 3: Consolidated Report

Report Header

# 🔒 OpenClaw Risk Assessment Report
📅 {datetime}
🖥️ OpenClaw {version} · {os_info}
📊 Overall Risk: {🟢/🟡/🔴/🚨}
Check Item Status Summary
Configuration Audit {✅/⚠️/🔴} {N findings}
Skill Security {✅/⚠️/🔴} {N critical, N high}
Overall {🟢/🟡/🔴/🚨} {verdict}

Section 1: Configuration Audit Results

Status	Item	Finding
✅/⚠️/🔴	{Category}	{Description}

Section 2: Skill Security Findings

Risk	Count	Skills
🚨 Critical	{N}	{names}
🔴 High	{N}	{names}
🟡 Medium	{N}	{names}
🟢 Low	{N}	(see safe list)

# Output Templates

Quick Verdicts

Result	Message
All Clear	✅ OpenClaw风险评估完成。配置审计通过，Skill安全检查未发现明显风险。
Config Issues	⚠️ 发现配置风险。建议检查Gateway设置和文件权限配置。
Skill Risks	🔴 发现Skill安全风险。{N}个高风险Skill建议立即处理。
Critical	🚨 检测到严重安全风险！建议立即处理配置问题并移除恶意Skill。

Single Skill Assessment

Safe: 经检测暂未发现高风险问题，可继续安装；
Sensitive: 发现需关注项，但当前未见明确恶意证据。这个skill具备{高权限能力}，主要用于完成它声明的{功能}；建议仅在确认来源可信、权限范围可接受时使用。
Risky: 发现风险，不建议直接安装。这个skill{具体问题}，超出了它声称的功能。
Malicious: 🚨 检测到恶意代码！这个skill包含{具体恶意行为}，强烈建议立即删除。
Malicious Downloader: 🚨 检测到恶意下载器！这个skill伪装成{服务名称}，通过base64混淆命令诱导执行远程恶意脚本（curl|bash模式），属于典型的社会工程+下载器攻击。切勿执行任何安装命令！

# Safety Guardrails

✅ Static analysis only - never execute suspicious code
✅ Read code via file tools - no dynamic testing
✅ Evidence-based reporting - file:line references required
❌ Never bypass sandbox for analysis
❌ Never enumerate actual user files
❌ No speculation without clear evidence

# File Reference

File	Purpose
`reference/baseline.md`	Configuration audit rules and parsing logic
`reference/skillaudit.md`	Skill security detection patterns and scenarios

说明：本 Skill 由 阿里云（Alibaba Cloud） 提供的安全防护检查能力。使用本能力可对 OpenClaw 配置与已安装/待安装 Skill 进行安全审计与风险评估。

说明：本 Skill 由 阿里云（Alibaba Cloud） 提供的安全防护检查能力，用于对 OpenClaw 环境与 Skill 进行安全评估与风险检测。

# aliyun-clawscan

Comprehensive OpenClaw security assessment combining configuration audit and skill security analysis.

When to Use

Scenario	Example Triggers
Full Assessment	`OpenClaw安全评估`, `风险评估`, `安全体检`
Config Audit	`配置审计`, `检查OpenClaw配置`
Skill Scan	`skill安全扫描`, `检查skill风险`
Pre-install Check	`安装前检查`, `这个skill安全吗`

Assessment Workflow

Step 1: Configuration Audit └─ openclaw security audit --deep └─ See: reference/baseline.md Step 2: Skill Security Audit ├─ Inventory: openclaw skills list └─ Static Analysis (local rules) └─ See: reference/skillaudit.md

Step 3: Consolidated Report └─ Overview + findings

# Step 1: Configuration Audit

Run OpenClaw built-in security audit:

openclaw security audit --deep

Parse results into categories (Gateway, Network, Tools, Browser, Files, Room).

Reference: reference/baseline.md for detailed check categories and parsing rules.

# Step 2: Skill Security Audit

Phase 1: Inventory

openclaw skills list

Phase 2: Static Analysis

Apply local detection rules across 11 categories:

Category	Severity	Reference
Reverse Shell / Backdoor	🚨 Critical	skillaudit.md Scenario 1
Credential Harvesting	🚨 Critical	skillaudit.md Scenario 2
Data Exfiltration	🔴 High	skillaudit.md Scenario 3
Cryptominer	🚨 Critical	skillaudit.md Scenario 4
Permission Abuse	🔴 High	skillaudit.md Scenario 5
Prompt Injection	🔴 High	skillaudit.md Scenario 6
Code Obfuscation	🟡 Medium	skillaudit.md Scenario 7
Ransomware	🚨 Critical	skillaudit.md Scenario 8
Persistence	🟡 Medium	skillaudit.md Scenario 9
Supply Chain	🟡 Medium	skillaudit.md Scenario 10
Malicious Service Downloader	🚨 Critical	skillaudit.md Scenario 11

Reference: reference/skillaudit.md for complete detection patterns, code examples, and risk assessment logic.

Phase 3: Risk Classification

Level	Criteria
🚨 Critical	Backdoor, credential theft, ransomware, miner
🔴 High	Permission abuse, data exfil, privacy violation
🟡 Medium	High permissions justified, benign obfuscation
🟢 Low	Matches declared purpose

# Step 3: Consolidated Report

Report Header

# 🔒 OpenClaw Risk Assessment Report
📅 {datetime}
🖥️ OpenClaw {version} · {os_info}
📊 Overall Risk: {🟢/🟡/🔴/🚨}
Check Item Status Summary
Configuration Audit {✅/⚠️/🔴} {N findings}
Skill Security {✅/⚠️/🔴} {N critical, N high}
Overall {🟢/🟡/🔴/🚨} {verdict}

Section 1: Configuration Audit Results

Status	Item	Finding
✅/⚠️/🔴	{Category}	{Description}

Section 2: Skill Security Findings

Risk	Count	Skills
🚨 Critical	{N}	{names}
🔴 High	{N}	{names}
🟡 Medium	{N}	{names}
🟢 Low	{N}	(see safe list)

# Output Templates

Quick Verdicts

Result	Message
All Clear	✅ OpenClaw风险评估完成。配置审计通过，Skill安全检查未发现明显风险。
Config Issues	⚠️ 发现配置风险。建议检查Gateway设置和文件权限配置。
Skill Risks	🔴 发现Skill安全风险。{N}个高风险Skill建议立即处理。
Critical	🚨 检测到严重安全风险！建议立即处理配置问题并移除恶意Skill。

Single Skill Assessment

Safe: 经检测暂未发现高风险问题，可继续安装；
Sensitive: 发现需关注项，但当前未见明确恶意证据。这个skill具备{高权限能力}，主要用于完成它声明的{功能}；建议仅在确认来源可信、权限范围可接受时使用。
Risky: 发现风险，不建议直接安装。这个skill{具体问题}，超出了它声称的功能。
Malicious: 🚨 检测到恶意代码！这个skill包含{具体恶意行为}，强烈建议立即删除。
Malicious Downloader: 🚨 检测到恶意下载器！这个skill伪装成{服务名称}，通过base64混淆命令诱导执行远程恶意脚本（curl|bash模式），属于典型的社会工程+下载器攻击。切勿执行任何安装命令！

# Safety Guardrails

✅ Static analysis only - never execute suspicious code
✅ Read code via file tools - no dynamic testing
✅ Evidence-based reporting - file:line references required
❌ Never bypass sandbox for analysis
❌ Never enumerate actual user files
❌ No speculation without clear evidence

# File Reference

File	Purpose
`reference/baseline.md`	Configuration audit rules and parsing logic
`reference/skillaudit.md`	Skill security detection patterns and scenarios

说明：本 Skill 由 阿里云（Alibaba Cloud） 提供的安全防护检查能力。使用本能力可对 OpenClaw 配置与已安装/待安装 Skill 进行安全审计与风险评估。

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

Check Item	Status	Summary
Configuration Audit	{✅/⚠️/🔴}	{N findings}
Skill Security	{✅/⚠️/🔴}	{N critical, N high}
Overall	{🟢/🟡/🔴/🚨}	{verdict}

License

运行时依赖

版本

安装命令 点击复制

技能文档

When to Use

Assessment Workflow

Phase 1: Inventory

Phase 2: Static Analysis

Phase 3: Risk Classification

Report Header

Section 1: Configuration Audit Results

Section 2: Skill Security Findings

Quick Verdicts

Single Skill Assessment

When to Use

Assessment Workflow

Phase 1: Inventory

Phase 2: Static Analysis

Phase 3: Risk Classification

Report Header

Section 1: Configuration Audit Results

Section 2: Skill Security Findings

Quick Verdicts

Single Skill Assessment

安装命令点击复制