🛡️ SkillGate Governance — 供应链治理

v0.1.2

为 OpenClaw 技能提供供应链治理：自动扫描、风险评估、隔离与恢复，保障技能生态安全与合规。

0· 534·0 当前·0 累计

by @liyecom

安全开发工具自动化

下载技能包项目主页

最后更新

2026/2/26

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill appears to do what it says: it runs an npm-scoped scanner to inspect a directory and can quarantine skills by moving files in the directory you pass. Before running it, consider: (1) prefer the pinned version shown in SKILL.md and run the provided npm view / dist.integrity verification to confirm package provenance; (2) run scans read-only where possible and only use quarantine/restore when you trust the tool; (3) be aware npx will fetch and execute code from the npm registry — if you...

详细分析 ▾

✓ 用途与能力

Name/description state supply-chain governance for OpenClaw skills and the SKILL.md instructs the agent to run an npm-scoped package (@skillgate/...) via npx. The declared required binaries (node, npm) match that need; no unrelated credentials, binaries, or config paths are requested.

ℹ 指令范围

Instructions focus on scanning a provided directory and explain quarantine/restore as operations on the target directory. They recommend using npx with a pinned version and show verification steps. Important operational note: npx will download and execute code from the npm registry (network fetch on first run) and quarantine operations can move/modify files inside the directory you pass — both are expected for this purpose but are material security actions the user should be aware of.

ℹ 安装机制

There is no install spec for the skill itself, but runtime instructions rely on npx to fetch and run @skillgate/openclaw-skillgate@0.1.3 from npm. This is a standard mechanism for Node tools but implies executing remote package code (moderate risk); the SKILL.md provides sensible verification commands (npm view, repo URL) to mitigate that risk.

✓ 凭证需求

The skill requests no environment variables, credentials, or config paths — consistent with a local governance scanner that only needs node/npm and operates on a user-supplied directory.

✓ 持久化与权限

always is false and the skill does not request persistent platform privileges. The only elevated action described is quarantining (moving/marking) files inside a target directory, which is appropriate for the stated functionality and scoped to the user-specified target.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.22026/2/22

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install skillgate-gov

镜像加速npx clawhub@latest install skillgate-gov --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库