by 安全扫描
OpenClaw
可疑
medium confidenceThe skill mostly does what it says (a local skill scanner) but includes surprising external-integration artifacts (a hard-coded Moltbook API key, upload/monitor scripts) and uses environment variables that are not declared — these mismatches warrant caution before installing or running it.
评估建议
This package appears to implement a legitimate local skill scanner, but it contains surprising external-integration code you should not run blindly. Key points to consider before installing or running: 1) upload_to_moltbook.py has a hard-coded Moltbook API token — treat that as sensitive and potentially active; do not run the uploader unless you trust the token and endpoint. 2) The guardian/monitor will query and (intended) post to an external service — run only in a sandbox and inspect network ...详细分析 ▾
ℹ 用途与能力
The name/description (skill security scanner) match the main scanner code (scripts/skillshield.py). However the package also contains Moltbook integration and an upload script which go beyond a pure local scanner; those integrations are plausible but not strictly required for the stated purpose. The manifest/metadata declared no required env vars or credentials, yet code expects a Moltbook API key. Also scripts/publish.py expects a _meta.json file that is not present in the manifest — another mismatch.
⚠ 指令范围
SKILL.md instructs running local scanner scripts and a 'guardian' daemon to monitor Moltbook. The code implements monitoring and an uploader that will POST content to an external Moltbook service. While scanning local skill files is expected, the included upload_to_moltbook.py will publish content to an external service (and includes a default API token). Running the guardian or upload script would transmit data externally; the README and scripts also reference absolute internal paths which may expose local information if posted.
✓ 安装机制
There is no install spec (instruction-only), so nothing is automatically downloaded or installed by the platform. The security surface is the included Python scripts. That reduces supply-chain install risk, but you still must inspect or sandbox those scripts before running them.
⚠ 凭证需求
Skill metadata declares no required environment variables or credentials, yet multiple scripts read MOLTBOOK_API_KEY from the environment. More importantly, upload_to_moltbook.py contains a hard-coded API key fallback ('moltbook_sk_JMb6t_WI-xq7SQapbAYXF9BFBPuXBuuM'), which is a secret embedded in the code — disproportionate and potentially exploitable. The presence of an embedded token that will be used to post to an external service is the main proportionality issue.
ℹ 持久化与权限
The skill is not marked always:true and does not request persistent system-wide privileges. The guardian supports a long-running monitor (user-invoked). Autonomous invocation of skills is enabled by default on the platform (not flagged here), but combined with the hard-coded API token and external posting, a running guardian could have a wider blast radius if started.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/11
Initial release of SkillShield 1.0.0 — a streamlined skill security scanner. - Added core scripts for scanning, verification, reporting, and Moltbook integration. - Introduced trust rating system (A+ ~ F) with security and permission analysis. - Detects credential theft, data exfiltration, unauthorized access, command execution, suspicious networking, and obfuscation. - JSON and detailed report output supported; triggers integration with agent ecosystems. - Moltbook guardian script allows automated monitoring of uploaded skills. - Removed legacy/test files for a minimal, production-focused codebase.
● Pending
安装命令 点击复制
官方npx clawhub@latest install skillshieldskill
镜像加速npx clawhub@latest install skillshieldskill --registry https://cn.clawhub-mirror.com
技能文档
# SkillShield 🛡️ - Skill 安全卫士 守护 AI Agent 生态的 skill 供应链安全。
快速开始
扫描本地 Skill
``bash
python3 ~/.agents/skills/skillshield/scripts/skillshield.py scan ./skill/
`
详细扫描报告
`bash
python3 ~/.agents/skills/skillshield/scripts/skillshield.py scan ./skill -v
`
深度扫描模式
`bash
python3 ~/.agents/skills/skillshield/scripts/skillshield.py scan ./skill --deep
`
JSON 格式输出
`bash
python3 ~/.agents/skills/skillshield/scripts/skillshield.py scan ./skill --format json
`
验证签名
`bash
python3 ~/.agents/skills/skillshield/scripts/skillshield.py verify ./skill/
`
信任评级系统
| 评级 | 风险等级 | 建议 |
|-----|---------|------|
| A+ | 极低 | 已验证作者,无警告,放心使用 |
| A | 低 | 无安全警告,放心使用 |
| B | 中低 | 有轻微权限请求,审查后使用 |
| C | 中等 | 有警告需关注,确认安全后使用 |
| D | 高 | 多个警告,建议避免使用 |
| F | 极高 | 确认恶意代码,不要安装 |
检测能力
已实现的检测
- ✅ 敏感文件访问 (~/.env, ~/.ssh, credentials)
- ✅ 网络请求分析 (HTTP/HTTPS)
- ✅ 系统命令执行 (os.system, subprocess)
- ✅ 数据窃取检测 (env + HTTP 组合)
- ✅ 可疑域名识别 (webhook, pastebin)
- ✅ 代码混淆检测 (base64, hex)
- ✅ 动态代码执行 (exec, eval)
- ✅ 隐藏文件检测
权限分析
自动提取 skill 需要的:
- 文件读写权限
- 网络访问域名
- 导入的 Python/Node 模块
- 系统命令调用
Moltbook 集成
自动监控 Moltbook 新上传的 skills:
`bash
# 启动守护进程
python3 ~/.agents/skills/skillshield/scripts/moltbook_guardian.py --monitor
`
示例输出
`
═══════════════════════════════════════════════════════════════
🛡️ SkillShield 安全扫描报告
═══════════════════════════════════════════════════════════════
📦 Skill 路径: ./my-skill
📅 扫描时间: 2026-02-26 14:30:00
📁 扫描文件: 5 个
📊 信任评级: 🟢 A (得分: 92/100)
⚡ 风险等级: 低
✅ 无警告 - 未发现明显安全问题
📋 权限清单:
🌐 网络访问:
- api.example.com
📁 文件访问:
- ~/.config/config.json
📦 导入模块:
- requests, os, json
💡 建议:
1. 没有发现特别的安全问题
📝 总结:
此 skill 看起来非常安全,没有发现明显风险,可以放心使用。
═══════════════════════════════════════════════════════════════
``
版本信息
- 版本: 1.0.0
- 作者: OpenClaw Community
- 许可证: MIT
- 仓库: https://github.com/openclaw/skillshield
保护 Agent 生态,从 SkillShield 开始! 🛡️
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制