by 安全扫描
OpenClaw
可疑
medium confidenceAn instruction-only security scanner that asks you to fetch and run an external GitHub repo and to configure cron/guards, but it omits required credentials and claims to be 'deployed' without providing code — the pieces are inconsistent and warrant caution.
评估建议
This skill is an instruction-only wrapper that tells you to git clone and run a third-party repository. Before installing or running it: (1) review the referenced GitHub repository and its commit history yourself — do not blindly run scripts; (2) verify exactly what credentials/host services are required for Telegram/ClamAV/alerts and avoid providing tokens until you trust the code; (3) run the scanner in an isolated environment (container or sandbox) first, not on production hosts or with root ...详细分析 ▾
⚠ 用途与能力
The SKILL.md describes an enterprise scanner with ClamAV integration, Telegram alerting, hash-chained logs, and runtime guards, but the skill package contains no scanner code and declares no required credentials. Features like Telegram alerts and ClamAV integration imply external configuration/credentials that are not requested or documented in the skill metadata. The claim that the tool is already 'Deployed' on this instance is inconsistent with an instruction-only skill that contains no runnable code.
⚠ 指令范围
Runtime instructions explicitly tell the agent to git clone https://github.com/pfaria32/OpenClaw-Shield-Security into /home/node/.openclaw/workspace and run python3 projects/OpenClaw-Shield/src/scanner.py on arbitrary paths. That requires the agent to fetch and execute third-party code and to read files/paths provided for scanning (which may include sensitive locations such as workspace, home, or system config). The SKILL.md also suggests configuring cron jobs and enabling runtime guards — operations that change system state outside the skill's sandbox.
ℹ 安装机制
There is no formal install spec in the skill bundle; instead SKILL.md instructs cloning an external GitHub repository and running its Python scripts. Pulling and executing code from an external repo is a common installation pattern but is higher risk than an instruction-only skill that uses only packaged code. The referenced repo and owner are not verified by the skill metadata, creating supply-chain risk.
⚠ 凭证需求
The skill declares no required environment variables or credentials, yet mentions integrations (Telegram alerts, ClamAV) and may require tokens/keys or host-level services to function. The scanner itself will read files to detect secrets (e.g., ~/.ssh, ~/.aws), meaning it needs filesystem access; the absence of any declared required env/config is disproportionate and leaves unclear how alerting/configuration credentials are provided.
⚠ 持久化与权限
The instructions recommend creating daily cron jobs and deploying runtime guard components (openclaw-config.py). Those steps would give the scanner ongoing persistence and modify system configuration. The skill metadata does not declare always: true, but the SKILL.md’s suggested cron and deployment actions create persistence outside the platform's skill controls — the skill should explicitly document and require authorization for such changes.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install openclaw-shield
镜像加速npx clawhub@latest install openclaw-shield --registry https://cn.longxiaskill.com