by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's instructions are broadly consistent with a local security scanner, but there are important mismatches and powerful update/modify behaviors (network fetch, pip install, overwriting local skill files, optional LLM/red-team uploads) that are not declared in the registry metadata and warrant caution.
评估建议
This SKILL.md largely matches the stated purpose (a security scanner) but contains several red flags you should consider before installing or running it:
- Inconsistency: The registry lists no required binaries or env vars, but the SKILL.md expects python>=3.9, a 'clawlock' pip package/binary, Node.js for optional red-team tests, and may use an LLM API key. Ask why the registry metadata is empty or incorrect.
- High-impact actions: The instructions include network version checks, pip install -U...详细分析 ▾
ℹ 用途与能力
The SKILL.md describes a legitimate security scanner/hardening tool that reasonably needs to read configs, find installations, and optionally call CVE/LLM/red-team services. However, the registry entry lists no required binaries, env vars, or install steps while the SKILL.md metadata explicitly references python>=3.9, a pip package ('clawlock') and a 'clawlock' binary. That mismatch between declared registry requirements and the skill's own instructions is inconsistent and unexplained.
⚠ 指令范围
The runtime instructions tell the agent to read Claw configuration files and system locations, perform local scans, optionally truncate and send code snippets to an external LLM if --llm is used, run optional promptfoo red-team tests (requires Node.js) and perform network version checks against PyPI/GitHub. They also instruct the agent to perform package updates (pip install -U clawlock) and to fetch and overwrite local SKILL.md files from GitHub. Those actions grant the skill broad discretion to modify local files and to send truncated code/prompts externally; the SKILL.md contains privacy promises but the agent instructions still allow powerful I/O and network behavior that must be explicitly authorized by the user.
⚠ 安装机制
No formal install spec is provided in the registry (instruction-only), yet the SKILL.md instructs using pip install (PyPI) and pulling skill files from GitHub, then running the installed binary. Installing from PyPI is a common pattern, but the skill also instructs to overwrite local skill files fetched from GitHub and to run updates inside the conversation — operations that write to disk and execute code. Those behaviors are higher risk and should be surfaced before allowing automatic execution.
⚠ 凭证需求
The registry declares no required environment variables or credentials, but the SKILL.md references an optional CLAWLOCK_CLOUD_URL and explicitly relies on user-provided LLM API keys when --llm is enabled. The skill will read local Claw config files (which may contain secrets) as part of scanning. The combination of reading potentially sensitive local configs plus optional external LLM/red-team uploads (if enabled) is powerful; the skill does not declare these env/credential needs in the registry metadata, which is disproportionate / inconsistent.
ℹ 持久化与权限
The skill is not always-included and does not request autonomous invocation privileges, which is good. However, its instructions allow it to install/upgrade the clawlock package and replace local skill files when the user consents. That grants the skill significant capability to change local skill code and installed packages; such actions should require explicit, informed user approval and preferably manual confirmation rather than fully automated in-conversation updates.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install clawlock
镜像加速npx clawhub@latest install clawlock --registry https://cn.longxiaskill.com 镜像可用