AgentSkillsCN

skill-scanner

在安装OpenBot/Clawdbot技能之前,先对其进行全面扫描,排查安全漏洞、恶意代码及可疑模式。当用户希望对某项技能进行安全审计、确认ClawHub上的技能是否安全、检测是否存在凭证外泄风险、防范提示词注入攻击,或对技能安全性进行深度审查时,此功能便能派上用场。该功能会在安全审计、技能安全检测、恶意软件扫描或信任度验证等场景中自动触发。

SKILL.md
--- frontmatter
name: skill-scanner
description: Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Skill Security Scanner

Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.

Quick Start

bash
# Scan a local skill folder
python3 scripts/scan.py /path/to/skill

# Verbose output (show matched lines)
python3 scripts/scan.py /path/to/skill --verbose

# JSON output (for automation)
python3 scripts/scan.py /path/to/skill --json

Workflow: Scan Before Install

  1. Download or locate the skill folder
  2. Run python3 scripts/scan.py <skill-path> --verbose
  3. Review findings by severity (CRITICAL/HIGH = do not install)
  4. Report results to user with recommendation

Score Interpretation

ScoreMeaningRecommendation
CLEANNo issues foundSafe to install
INFOMinor notes onlySafe to install
REVIEWMedium-severity findingsReview manually before installing
SUSPICIOUSHigh-severity findingsDo NOT install without thorough manual review
DANGEROUSCritical findings detectedDo NOT install — likely malicious

Exit Codes

  • 0 = CLEAN/INFO
  • 1 = REVIEW
  • 2 = SUSPICIOUS
  • 3 = DANGEROUS

Rules Reference

See references/rules.md for full list of detection rules, severity levels, and whitelisted domains.

Limitations

  • Pattern-based detection — cannot catch all obfuscation techniques
  • No runtime analysis — only static scanning
  • False positives possible for legitimate tools that access network/files
  • Always combine with manual review for HIGH/MEDIUM findings