by 安全扫描
OpenClaw
可疑
high confidenceThe skill packages and uploads entire skill directories to a signed cloud scan API and requires access keys (via config.json or env) but the registry/metadata do not declare any credentials and the SKILL.md describes a 'local' service—this mismatch and the ability to transmit full skill code is concerning.
评估建议
This skill will ZIP and upload entire skill directories to a scan API and requires access keys (AK/SK) supplied by scripts/config.json or environment variables—yet the registry lists no required credentials and the README implies a local service. Before installing: (1) ask the author which endpoint will receive the uploads and request that endpoint be explicit (local vs cloud) and documented; (2) do not provide real cloud credentials—use a throwaway/test account if you must trial it; (3) inspect...详细分析 ▾
⚠ 用途与能力
The description says this audits/scans skills (and the SKILL.md repeatedly mentions a local analysis service), which is plausible. However, the script imports a Volcengine SDK and builds requests to open.volcengineapi.com (and signs requests with AK/SK). The registry declares no required credentials or secrets even though the script requires access keys or a config.json with credentials to upload. Asking for cloud credentials is not aligned with the 'local' wording and the metadata.
⚠ 指令范围
SKILL.md instructs the agent to run scripts/scan.py with absolute paths and to ensure scripts/config.json exists (or use env vars). The script will zip and upload the entire target skill directory (or archive) to a scan endpoint. That means arbitrary skill source code and files are transmitted. SKILL.md frames this as a local service, but the code defaults to a remote cloud API—so the instructions understate where data may go.
ℹ 安装机制
This is an instruction-only skill with a provided Python script (no install spec). The script imports third-party packages (requests and a volcengine SDK) that are not declared; there is no install step to ensure dependencies are present. Lack of an install spec is low-install risk but means execution may fail or behave unexpectedly if required libs are missing.
⚠ 凭证需求
No required environment variables or primary credential are declared in the registry, yet the script expects access key/secret (AK/SK) via scripts/config.json or environment variables and uses SignerV4 to sign upload requests. Requesting cloud credentials to upload arbitrary code is high-sensitivity and is not justified or declared by the skill metadata or description.
✓ 持久化与权限
The skill is not always:true and does not request persistent system-level access. It can be invoked autonomously (the platform default), which combined with the credential/upload behavior increases risk, but the skill itself does not claim elevated persistence privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/18
Initial release of skills-security-scanner: - Provides a tool for auditing and scanning the security of other skills before enabling them. - Scans skills by analyzing the SKILL.md file and related code via a local analysis service. - Includes a script (`scripts/scan.py`) for scanning, requiring absolute paths. - Outputs results as a JSON array for further processing and user-friendly reporting. - Specifies a standardized scan report format in Chinese, highlighting high and medium security risks.
● 可疑
安装命令
点击复制官方npx clawhub@latest install skills-security-scanner
镜像加速npx clawhub@latest install skills-security-scanner --registry https://cn.longxiaskill.com