by 安全扫描
OpenClaw
可疑
medium confidenceThe skill claims to be a defensive scanner but asks you to download and run external binaries (from Gitee) and the SKILL.md has version/matrix inconsistencies that merit caution before trusting or executing anything.
评估建议
This skill purports to be a defensive scanner but asks you to fetch and run a prebuilt binary from external URLs whose checksums are published only inside the same SKILL.md (and the referenced download version differs from the registry version). Before using/instantiating this skill: 1) Prefer obtaining the binary from a verified, authoritative release page (or build from source yourself) and independently verify checksums from the project repository; 2) Do not provide an --upload-url to unknown...详细分析 ▾
ℹ 用途与能力
The declared purpose (security scanner for skills) matches the instructions: the SKILL.md describes a native Rust binary that scans skill directories. However, the package includes no binary or install spec and instead instructs the user to download a prebuilt binary from external URLs — this is a plausible design for a scanner but elevates risk compared with an included or buildable artifact.
⚠ 指令范围
Instructions claim the tool will only read explicit skill directories and only upload when the user supplies --upload-url, which is reasonable. But the doc also provides download URLs and SHA256 sums inside the same document (weakens independent verification), references an external engine/enterprise upload feature (potential exfil path if misused), and contains a notable inconsistency: registry version 0.4.1 vs download links for v0.4.0. These points widen the scope for accidental or malicious misuse.
⚠ 安装机制
There is no install spec in the registry; the SKILL.md instructs downloading ZIPs from Gitee and running a compiled binary. Downloading and executing prebuilt binaries from an external host is higher-risk than instruction-only behavior or reproducible builds. While Gitee is a known host (not a URL shortener or IP), providing checksums in the same document and mismatched version numbers weakens integrity guarantees.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. The declared file/network access (reading only user-specified skill directories, optional upload-url) aligns with the scanner's purpose. Still, an upload option can exfiltrate scanned contents if an attacker-controlled URL is provided — the doc states this is user-controlled.
✓ 持久化与权限
The skill does not request always:true, does not include installers that write persistent agent config, and is instruction-only. Autonomous invocation is allowed by default (not a fault by itself) and is not combined with broad credentials or always:true here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.4.12026/4/21
Updated description with security guarantees, permissions disclosure, and checksums
● 可疑
安装命令
点击复制官方npx clawhub@latest install skillscan-wrapper
镜像加速npx clawhub@latest install skillscan-wrapper --registry https://cn.longxiaskill.com镜像同步中