by 安全扫描
OpenClaw
安全
high confidenceThe skill is internally coherent for submitting scan jobs to an A.I.G server — it requires a base URL and runs a bundled Python client that posts tasks and may upload files; the main risk is trusting the configured AIG_BASE_URL (and any API key) because the tool will send data (including uploaded files and scan targets) to that server and is explicitly allowed to scan private/local addresses.
评估建议
This skill behaves like a remote scanner client: it will POST scan jobs, may upload local files, and is explicitly allowed to probe private/local IPs. Before enabling or using it, confirm the AIG_BASE_URL points to a trusted A.I.G deployment (do not point it at unknown third-party hosts). Do not provide sensitive files or credentials unless you trust the server, and avoid setting AIG_BASE_URL to a public/untrusted endpoint. If you need to scan internal services safely, run the scanner in an isol...详细分析 ▾
✓ 用途与能力
Name/description, declared primaryEnv (AIG_BASE_URL), required binary (python3), SKILL.md routing rules, and the provided Python CLI all align: the skill's purpose is to submit and query AI-Infra-Guard taskapi jobs and the code implements that.
ℹ 指令范围
Instructions limit runtime actions to running the bundled aeg_client.py and calling the A.I.G taskapi; they explicitly allow scanning local/private addresses and the script supports uploading local files to the A.I.G server. This is coherent for a scanner but means the agent may transmit local file contents and probe internal hosts — a privacy/security concern that the user should consider.
✓ 安装机制
No install spec — instruction-only with a bundled Python script. This is low-risk from an installation perspective because nothing is downloaded at runtime by the skill itself.
ℹ 凭证需求
Primary credential AIG_BASE_URL is appropriate. The script also reads optional AIG_API_KEY and AIG_USERNAME (documented in SKILL.md). The requested env access is minimal and relevant, but the API key (if provided) grants the remote server access to taskapi operations and should only be given to a trusted A.I.G endpoint.
✓ 持久化与权限
always is false and the skill does not request persistent/global privileges. It runs only when invoked and uses a local script; no modifications to other skills or global agent settings are present.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install aig-scanner
镜像加速npx clawhub@latest install aig-scanner --registry https://cn.longxiaskill.com 镜像可用
本土化适配说明
AIG Scanner — 漏洞扫描器 安装说明: 安装命令:["openclaw skills install aig-scanner","npx clawhub@latest install aig-scanner"]