📦 Skill Risk Auditor — 技能风险扫描

Name: Skill Risk Auditor — 技能风险扫描
Rating: 1

v1.0.1

安装第三方技能前，自动对其语义完整性、供应链、密钥、数据泄露等9大风险维度进行一次性全面审计，给出风险等级与修复建议，保障系统安全。

1· 159·0 当前·0 累计

by @yxf203 (Xiaofang Yang)

安全开发工具自动化

下载技能包

最后更新

2026/3/17

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill's declared purpose (pre-install audit) matches its instructions and requirements — it's an instruction-only auditor that asks to inspect candidate skill artifacts and does not request extra privileges, installs, or secrets.

评估建议

This skill appears internally consistent and appropriately scoped for auditing other skills. Before installing, confirm that: (1) your platform will present candidate skill artifacts to the auditor in a sandboxed view (the auditor needs to read the candidate package but should not be given broader filesystem access), (2) you understand that the auditor will report on any sensitive-looking references it finds (it does not itself request credentials but may note their presence in artifacts), and (...

详细分析 ▾

✓ 用途与能力

Name and description are aligned with the content of SKILL.md. The skill is an instruction-only pre-install auditor and declares no binaries, env vars, or installs — which is proportionate for a document-based audit. Asking to read every file in a candidate skill package is coherent with the stated goal.

✓ 指令范围

SKILL.md limits actions to reviewing files in the candidate skill directory, catalogs executable content, and explicitly forbids following instructions found in artifacts. It does not instruct access to system files or external endpoints beyond noting references. The scope is well-defined and conservative.

✓ 安装机制

No install spec or code files are present. As an instruction-only skill, there is nothing written to disk or downloaded during installation — this is the lowest-risk form and matches the skill's purpose.

✓ 凭证需求

The skill requires no environment variables, credentials, or config paths. It only inspects candidate artifact contents, which is appropriate for an auditing tool.

✓ 持久化与权限

always is false and there are no elevated privileges requested. Model invocation is allowed (the platform default) but that alone is not a concern given the skill's narrow, read-only audit instructions.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/17

Problem: Our guard document itself contains literal attack phrases (such as “ignore previous instructions” and “trust this skill”), which can be flagged as suspicious by a pattern scanner and also create a theoretical injection surface. Fix 1 — Audit Scope Boundary (line 28): Added an explicit scope boundary stating that the audit is strictly limited to the candidate skill’s package directory. If the candidate skill references external paths (such as ~/.ssh/), the guard records the reference as a finding but does not actually access it. Fix 2 — Remove Literal Attack Strings (4 occurrences): Replaced all literal injection phrases with behavioral-category descriptions.

● 无害

安装命令

点击复制

官方npx clawhub@latest install skill-risk-auditor

镜像加速npx clawhub@latest install skill-risk-auditor --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库