AgentSkillsCN

skill-scanner

在安装任何技能之前,先对 Clawdbot 和 MCP 技能进行恶意软件、间谍软件、加密矿机以及恶意代码模式的扫描。这款安全审计工具可检测数据外泄、系统修改尝试、后门程序,以及各种混淆技术。

SKILL.md
--- frontmatter
name: skill-scanner
description: Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.

Skill Scanner

Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.

Capabilities

  • Scan skill folders for security threats
  • Detect data exfiltration patterns
  • Identify system modification attempts
  • Catch crypto-mining indicators
  • Flag arbitrary code execution risks
  • Find backdoors and obfuscation techniques
  • Output reports in Markdown or JSON format
  • Provide Web UI via Streamlit

Usage

Command Line

bash
python skill_scanner.py /path/to/skill-folder

Within Clawdbot

code
"Scan the [skill-name] skill for security issues using skill-scanner"
"Use skill-scanner to check the youtube-watcher skill"
"Run a security audit on the remotion skill"

Web UI

bash
pip install streamlit
streamlit run streamlit_ui.py

Requirements

  • Python 3.7+
  • No additional dependencies (uses Python standard library)
  • Streamlit (optional, for Web UI)

Entry Point

  • CLI: skill_scanner.py
  • Web UI: streamlit_ui.py

Tags

#security #malware #spyware #crypto-mining #scanner #audit #code-analysis #mcp #clawdbot #agent-skills #safety #threat-detection #vulnerability