Cisco AI Skill Scanner — 漏洞扫描器

v1.0.1

用于安全性 threats 使用 Cisco AI 技能-scanner 命令行工具. Triggers : scan 技能用于安全性, check 技能 safety, audit 技能 code, skil...

0· 95·0 当前·0 累计

by @godsboy (Dewaldt Huysamen)

AI模型访问

使用场景：使用Cisco AI Skill Scanner — 漏洞扫描器进行AI模型访问使用Cisco AI Skill Scanner — 漏洞扫描器

下载技能包

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

The skill's declared purpose (scanning agent skills) matches its files, required binary, and runtime instructions; nothing requests unrelated credentials or installs arbitrary code outside a standard pip package.

评估建议

This skill appears coherent with its stated purpose, but review the following before installing: 1) Confirm you trust the pip package 'cisco-ai-skill-scanner' (inspect its GitHub repo/release artifacts) — installing packages from PyPI can execute code on your machine. 2) If you enable LLM analysis, scanned skill contents will be sent to the chosen LLM provider (e.g., Anthropic) — do not send sensitive secrets or private keys to external APIs. 3) The documented pip flag (--break-system-packages) ...

详细分析 ▾

✓ 用途与能力

Name/description, required binary (skill-scanner), example commands, and the included wrapper script all directly implement a skill-scanner. Required resources (skill-scanner binary, optional LLM API key) are appropriate for the stated purpose.

✓ 指令范围

SKILL.md and scripts/scan.sh limit actions to scanning skill directories, invoking the skill-scanner CLI, and optionally calling an external LLM provider when an API key is supplied. There are no instructions to read unrelated system credentials, exfiltrate data to unknown endpoints, or modify unrelated system configuration.

ℹ 安装机制

There is no platform-level install spec in the registry (instruction-only), but SKILL.md documents installing via pip (pip install cisco-ai-skill-scanner). Installing from PyPI is a common method; verify the pip package source/reputation before installing. The documented flag --break-system-packages is potentially impactful on some systems and should be used cautiously.

✓ 凭证需求

No required environment variables are declared. The only environment usage is optional: ANTHROPIC_API_KEY or SKILL_SCANNER_LLM_API_KEY for LLM-powered analysis — this is proportionate to the advertised 'use-llm' feature and is clearly documented.

✓ 持久化与权限

Skill is not always-enabled, does not request persistent system-wide privileges, and the included script does not modify other skills or global agent configuration. Autonomous invocation defaults are unchanged (normal).

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install cisco-skill-scanner

镜像加速npx clawhub@latest install cisco-skill-scanner --registry https://cn.longxiaskill.com 镜像可用

本土化适配说明

Cisco AI Skill Scanner — 漏洞扫描器安装说明：安装命令：["openclaw skills install cisco-skill-scanner","npx clawhub@latest install cisco-skill-scanner"]

需要定制？告诉我你的需求 →

运行时依赖

安装命令

本土化适配说明

相关技能推荐