by 安全扫描
OpenClaw
安全
medium confidenceThe skill's code, docs, and runtime instructions are coherent with a tool that vets other ClawHub skills; the prompt-injection patterns found are intentional for detection/training, but you should still follow the workflow and review findings manually before auto-approving any third-party skill.
评估建议
This skill appears to be what it claims: a local vetting tool that ships a regex-based scanner and an explicit review workflow. Pay attention to these points before using it to auto-approve skills:
- Treat the scanner output as advisory: the script uses regex rules (documented in references) and can produce false positives and false negatives; always manually inspect flagged lines in context.
- The SKILL.md contains text that will match prompt-injection detectors; this is intentional here (the ...详细分析 ▾
✓ 用途与能力
Name/description match implementation: the package contains a scanner (scripts/scan.py), pattern references, and a SKILL.md workflow that instructs downloading a skill zip and scanning it. No unexpected env vars or binaries are requested. Requiring no external credentials and including a local scanner is proportionate to the stated vetting purpose.
ℹ 指令范围
SKILL.md instructs the agent to download target skills into /tmp, run the included scanner, and manually inspect flagged files — all within the vetting scope. SKILL.md also contains explicit guidance addressing AI reviewers and immutable rules for not following in-file instructions; those lines match prompt-injection detection heuristics (pre-scan found 'ignore-previous-instructions'). This is expected for a vetting tool (it intentionally exemplifies and warns about injection), but it means you must ensure the vetting workflow itself (and any automated decisions) remain conservative and human-reviewed.
✓ 安装机制
No install spec (instruction-only) and the only code is the included scanner and documentation. That is low-risk compared with remote installers. The workflow directs users to download target skills from the ClawHub API (https://clawhub.ai/api/v1/download?slug=...), which is consistent with the tool's purpose; downloading and unzipping third-party zips is inherently risky but is the intended operation of a vetting tool and is mitigated by instructing use of /tmp and manual review.
✓ 凭证需求
The skill declares no required environment variables, no credentials, and no config paths. The scanner inspects files and uses regex patterns only; that level of access matches the vetting purpose and is appropriately minimal.
✓ 持久化与权限
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills. Autonomous invocation is allowed (platform default) but not raised by this skill's metadata. No elevated privileges are requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/2/2
Security: Expanded file scanning (html/env/ts/etc) + 5 new prompt injection patterns. Features: JSON output, severity levels, color-coded findings. Docs: AI reviewer hardening + defense architecture.
● 无害
安装命令
点击复制官方npx clawhub@latest install skill-vetting
镜像加速npx clawhub@latest install skill-vetting --registry https://cn.longxiaskill.com