📦 Clawhub Publish — 安全扫描发布

v2.1.1

在上传至 LLM 前，用 7 层正则扫描 SKILL.md，拦截提示注入、反向 shell、内存篡改、编码绕过与信任滥用，确保技能文件安全无恶意代码。

0· 378·0 当前·0 累计

by @cyberxuan-xbx (cyber-X.B.X)·MIT

安全开发工具文件处理自动化 API工具

下载技能包

License

MIT

最后更新

2026/3/1

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

medium confidence

NULL

评估建议

This skill is internally consistent with being a local SKILL.md sanitizer: it has no network calls, no required credentials, and a single Python file using only standard library modules. Before installing or running it: 1) verify the source (registry metadata shows 'source: unknown' and no homepage in the registry entry—prefer a published repository or checksum), 2) inspect the full python file yourself (or run it in a sandbox) to confirm there are no hidden network calls in parts of the file yo...

详细分析 ▾

ℹ 用途与能力

The SKILL.md and Python scanner implement a 7-layer sanitizer as described and require no credentials or external services for basic operation. Minor inconsistency: the top-line name in the registry metadata is shown as "Clawhub Publish" while the skill's slug and SKILL.md call it "skill-sanitizer" — likely a packaging/label mismatch but worth verifying.

✓ 指令范围

SKILL.md instructions are narrowly scoped: run sanitize_skill on SKILL.md content or use the CLI to scan/test. The document intentionally contains example injection strings (e.g., 'ignore previous instructions') for demonstration; those are expected and not evidence of exfiltration. An optional semantic mode references a local Ollama model — that is explicitly noted and would require a local service if enabled.

✓ 安装机制

No install spec; the package is instruction-first with a single Python file using only standard library modules (unicodedata, re, base64, etc.). No downloads, no external package installs are declared.

✓ 凭证需求

The skill requests no environment variables, no credentials, and the code only scans for references to common env var names (Anthropic/OpenAI/AWS/etc.) as detection signals—not to read them. Declared requirements are proportionate to the stated purpose.

✓ 持久化与权限

Skill is not always-enabled and is user-invocable. There is no evidence it writes persistent agent configuration or requests elevated OS privileges. The code does logging/return of findings but not system-wide changes.

安全有层次，运行前请审查代码。

License

MIT

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv2.1.12026/3/1

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install skill-sanitizer

镜像加速npx clawhub@latest install skill-sanitizer --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库