首页 / 技能 / Supply Chain Poison Detector — 供应链投毒检测器

📦 Supply Chain Poison Detector — 供应链投毒检测器

v1.0.1

帮助检测 AI 代理市场技能中的供应链投毒。扫描 Gene/Capsule 验证字段中的 shell 注入、出站请求和编码...

0· 457·0 当前·0 累计
andyxinweiminicloud 头像by @andyxinweiminicloud
网络工具安全智能体命令行工具金融科技
下载技能包
最后更新
2026/2/26
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
The skill's requested tools and instructions line up with a static scanning tool for marketplace skills; nothing requested or described is disproportionate to that purpose.
评估建议
This skill appears coherent for static supply-chain scanning, but keep these cautions in mind: 1) It will fetch remote assets if you give an EvoMap/URL — avoid giving it URLs that require authentication or that will trigger unintended operations. 2) Do not paste secrets or private files into the scanner input. 3) Because SKILL.md is high-level and provides no concrete script/regex, review the scanner's implementation (or run it in an isolated environment) before relying on results; false negativ...
详细分析 ▾
用途与能力
Name/description match the requested resources: a scanner that may fetch assets (curl) and run analysis (python3). No unrelated credentials, config paths, or binaries are requested.
指令范围
SKILL.md describes the scanner behavior and patterns to detect, and accepts pasted JSON/source or an EvoMap asset URL. It does not instruct the agent to read local files or env vars by default, but it will fetch remote assets if given a URL. The document is high-level and does not include an actual analysis script or exact regexes, so behavior depends on the agent's implementation (risk of inconsistent detection and false negatives/positives).
安装机制
Instruction-only skill with no install spec and no code files. This is the lowest-risk install posture.
凭证需求
No environment variables, secrets, or config paths are requested. Asking for curl and python3 is proportionate to fetching and analyzing remote assets.
持久化与权限
always:false and no special persistence requested. The skill can be invoked autonomously by default (platform normal), but it does not request force-inclusion or system-wide changes.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/2/22

Agent Card metadata update

无害

安装命令

点击复制
官方npx clawhub@latest install supply-chain-poison-detector
镜像加速npx clawhub@latest install supply-chain-poison-detector --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库