📦 litellm attack detector — 实用工具

Name: litellm attack detector — 实用工具
Rating: 1

v1.0.0

用于 compromised packages, malicious .pth files, backdoor persistence, suspicious network conne...

1· 143·0 当前·0 累计

by @tjefferson (Jeff)

AI模型访问网络工具文件处理开发工具安全

下载技能包

安全扫描

VirusTotal

Pending

查看报告

OpenClaw

安全

high confidence

The skill's code, instructions, and requested resources are consistent with a local, read-only detector for the LiteLLM supply-chain compromise; it does not request unrelated credentials or perform unexpected network exfiltration.

评估建议

This appears to be a legitimate, read-only detector; you can safely inspect and run it. Before running: (1) review the provided detect.sh (you already have it) to satisfy yourself it does only local checks; (2) run it on a trusted machine (or an isolated analysis host) because it reads local site-packages, caches, and Kubernetes state that may contain sensitive information; (3) note the script may call python3, pip, lsof/ss, host, kubectl and systemctl if present — these are optional and the scr...

详细分析 ▾

✓ 用途与能力

Name/description match the shipped script: the script implements version checks, .pth scanning, persistence-path checks, network/DNS checks, Kubernetes inspections, and dependency checks — all coherent with detecting the LiteLLM supply-chain compromise.

✓ 指令范围

SKILL.md directs running the included bash script. The script performs read-only scans of site-packages, caches, known backdoor paths, network sockets, DNS resolution, and kube-system pods. Those actions are within the stated detection scope; it does not attempt to send data to external endpoints or modify files.

✓ 安装机制

Instruction-only skill with an included shell script; no install/download mechanism is used and nothing is written to disk by an installer. This is low-risk for install-time code execution.

ℹ 凭证需求

No credentials or env vars are required. The script does read environment values (HOME, optional VIRTUAL_ENV) and may invoke local tools (python3, pip/pip3, find, lsof/ss, host, kubectl, systemctl) to collect telemetry — which is appropriate for a scanner. Minor mismatch: SKILL.md metadata only lists bash as a required binary, but the script relies on python3 and other optional utilities when available; the script gracefully skips checks if those utilities are missing.

✓ 持久化与权限

Skill is not always-enabled, does not install persistent components, and does not modify other skills or system configs. It may read sensitive local artifacts (kubeconfigs, caches), which is expected for incident-response tooling but means outputs can include sensitive info.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install litellm-attack-detector

镜像加速npx clawhub@latest install litellm-attack-detector --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库