ClawGuard-Detector — 实用工具
v3.0.0和 AI-powered anomaly detection 用于 OpenClaw ru...
0· 83·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill claims real-time, system-level threat monitoring but its instructions and code are inconsistent and include risky behaviors (writing rules, invoking a sibling CLI), so proceed with caution.
评估建议
This skill looks like a defender tool but has inconsistencies and some risky behaviors. Before installing or enabling it broadly: 1) Don't grant it broad filesystem or network privileges until you review it — it encourages reading ~/.ssh, ~/.aws, /etc/shadow and writing to .safety/. 2) Inspect or sandbox the 'self-improving-safety/cli.js' path (the CLI will spawn a sibling CLI if present); an attacker could plant code there to get executed. 3) Verify whether your environment provides the claimed...详细分析 ▾
⚠ 用途与能力
The README/SKILL.md claim real-time command, file and network monitoring that requires system-level hooks (auditd, network sniffing, access to logs). The shipped code implements pattern-based analysis functions (analyzeCommand, analyzeFileAccess) but contains no actual auditd/network capture integration. SKILL.md lists required system binaries (node, python3, auditd, ss, grep, sha256sum, python libs) yet the registry metadata shows no required binaries and package.json has no native deps — this mismatch suggests the skill overclaims capabilities it doesn't implement or expects host-side integration not declared.
⚠ 指令范围
SKILL.md explicitly instructs checking sensitive paths (~/.ssh, ~/.aws, /etc/shadow, shell histories) and persisting learning data to .safety/ATTEMPTS.md. While the code exposes analyzeFileAccess and analyzeCommand APIs rather than directly reading files, the documentation encourages reading logs/history and updating safety rules. Those instructions grant broad discretion to read/write sensitive files and to create dynamic rules, which is scope-creep relative to a simple analyzer and could lead to unintended access or persistence.
✓ 安装机制
No install specification is provided (instruction-only plus included JS files). That limits remote install risk because nothing is downloaded during install. However the included CLI attempts to spawn a sibling script (../self-improving-safety/cli.js) at runtime, which effectively delegates execution to whatever exists at that path.
ℹ 凭证需求
The package requests no environment variables or platform config paths in the registry metadata. That is coherent with the included code which does not require API keys. However the SKILL.md expects read access to process logs, command history, network monitoring and to write persistent safety rules — privileges that are not declared. Also the CLI example references an API key in examples (curl ... $API_KEY) but does not require or manage secrets, which is inconsistent.
⚠ 持久化与权限
The skill can persist 'self-learned' rules (writes to .safety/ATTEMPTS.md per docs) and the CLI actively spawns a sibling 'self-improving-safety' CLI when threats are detected. That means at runtime it may write files and execute local code outside its own module. While 'always' is false, autonomous invocation is permitted; combining that with file writes and child-process execution increases the attack surface if untrusted code exists in the environment.
⚠ cli.js:42
Shell command execution detected (child_process).
⚠ SKILL.md:58
Prompt-injection style instruction pattern detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install clawguard-detector
镜像加速npx clawhub@latest install clawguard-detector --registry https://cn.longxiaskill.com 镜像可用
本土化适配说明
ClawGuard-Detector — 实用工具 安装说明: 安装命令:["openclaw skills install clawguard-detector","npx clawhub@latest install clawguard-detector"]