📦 Openclaw

v1.0.0

技能检查器安装任何 AI agent 技能前的安全审查协议。可检测凭证窃取、代码混淆、数据外泄等风险信号。风险分级 L...

0· 18·1 当前·1 累计

by @mr-liu-lang (Mr-Liu-lang)

安全智能体网络安全检测工具

下载技能包

最后更新

2026/4/19

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

该技能是一份仅用于指导的审核清单，其要求与说明与其既定目的保持一致，且不会索取过多权限或机密信息。

评估建议

This skill appears to be what it claims: a human-/agent-led vetting checklist. Before using it: (1) run its checks in an isolated environment (temp dir, container, or VM) so 'clawhub install' or other client actions cannot execute unreviewed code on your main system; (2) manually verify any remote URLs the tool fetches (GitHub raw content, API endpoints); (3) be cautious that the tool’s quick-commands may invoke external tooling — prefer to fetch archives and inspect them rather than auto-runnin...

详细分析 ▾

✓ 用途与能力

Name, description, and runtime instructions all describe a vetting/checklist tool. Required binaries (curl, jq) are reasonable for the GitHub/HTTP checks shown in the SKILL.md.

ℹ 指令范围

Instructions focus on inspecting skill files, GitHub metadata, and running read-only commands to fetch/print files. This is appropriate for vetting, but some quick-commands (e.g., 'clawhub install') could invoke installer behavior — the SKILL.md does recommend installing to a temp dir for review, which mitigates risk. Also the vetting checklist mandates reading ALL files in the skill (which is appropriate) but does not instruct reading user home credential files; it flags those as red flags to reject if present.

✓ 安装机制

No install specification and no code files are included; it's instruction-only which minimizes disk writes and attack surface.

✓ 凭证需求

No environment variables, credentials, or config paths are requested. The SKILL.md explicitly treats access to ~/.ssh, ~/.aws, etc. as red flags, which is proportionate for a vetter.

✓ 持久化与权限

The skill is not marked always:true and does not request persistent or elevated privileges. It does not instruct modifying other skills or system-wide agent config.

安全有层次，运行前请审查代码。

运行时依赖

🖥️ OSLinux · macOS · Windows

版本

latestv1.0.02026/4/19

skill-vetter 初始发布——面向 AI agent skill 的安全审查协议。 - 针对凭据窃取、代码混淆、数据渗出等风险提供红旗检测。 - 采用多步审查流程：源码检查、代码审计、权限分析、风险分级。 - 输出结构化审查与风险分级报告（LOW/MEDIUM/HIGH/EXTREME）。 - 附带可执行清单与审查报告模板。 - 未经本审查流程，切勿安装不受信任的 skill。

● 无害

安装命令

点击复制

官方npx clawhub@latest install openclaw-skill-checker

镜像加速npx clawhub@latest install openclaw-skill-checker --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库