📦 Skill Security Scanner by dxx — 技能安全扫描
v1.0.0一键扫描已安装的 OpenClaw 技能,智能识别危险命令、敏感路径与潜在漏洞,为系统安全保驾护航。
0· 86·0 当前·0 累计
by @ntaffffff下载技能包
最后更新
2026/4/8
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This script appears to be a straightforward local scanner. Before running it, inspect the skill_scan.py yourself (you already have the source) and confirm it contains no network calls or code-execution paths (it does not). Run it in a safe/test environment if any skills contain sensitive secrets, since the scanner will read files under ~/.openclaw/workspace/skills. If you use it regularly, consider improving false-positive handling and binary detection, and avoid trusting scanner output as a rep...详细分析 ▾
✓ 用途与能力
Name/description match behavior: the code scans ~/.openclaw/workspace/skills for dangerous commands, sensitive paths, and network-call patterns. The requested resources (none) align with a local scanner.
ℹ 指令范围
SKILL.md instructs running the included Python script from the skills directory which is consistent with its purpose. The scanner reads all non-ignored files under the skills tree (may read files that contain secrets), and it ignores some document filetypes; these are implementation choices (may cause false negatives/positives) but not scope creep.
✓ 安装机制
No install spec; the skill is instruction+script only. Nothing is downloaded or written to disk by an installer step beyond the existing skill files.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. The scanner only looks for sensitive path strings in other skills' files; it does not attempt to read external secrets or ask for unrelated credentials.
✓ 持久化与权限
always:false and user-invocable:true (normal). The skill does not modify other skills or global agent settings; it simply reads files under the skills directory.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/8
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install skill-security-scan-dxx
镜像加速npx clawhub@latest install skill-security-scan-dxx --registry https://cn.longxiaskill.com