🛡️

Skill Scanner

Scan skills before you install them. Detects data exfiltration, obfuscated code, reverse shells, and dangerous system modifications

作者 v1.0.0
Security & Passwords
正在連線至 VM...
正在連線至 VM...
npx clawhub@latest install skill-scanner
265目前安裝數
v1.0.0版本

Skill Scanner is a security audit tool designed to protect your AI assistant environment by analyzing Clawdbot and MCP skills for malicious code before you install them. It detects a wide range of threats including malware, spyware, crypto-miners, data exfiltration attempts, backdoors, and obfuscation techniques — giving you confidence that the skills you run are safe.

運作原理

Skill Scanner inspects skill folders by statically analyzing their source files using pattern-matching and heuristic detection techniques built entirely on Python's standard library. It scans for known threat signatures across multiple categories, then produces a detailed report in either Markdown or JSON format. You can run it directly from the command line, invoke it through your Clawdbot assistant with a natural language prompt, or launch its optional Streamlit-powered Web UI for a visual audit experience.

核心功能

Malware & Spyware Detection
Identifies known malicious code patterns commonly found in compromised or weaponized skills
Data Exfiltration Analysis
Flags code that attempts to read and transmit sensitive files, credentials, or environment variables
Crypto-Mining Indicators
Catches signatures associated with unauthorized cryptocurrency mining activity
System Modification Detection
Alerts on attempts to alter system files, registries, or configurations
Backdoor Identification
Surfaces hidden remote access mechanisms or persistent execution hooks
Obfuscation Detection
Recognizes encoded, packed, or deliberately obscured code designed to evade review
Arbitrary Code Execution Flags
Highlights dangerous eval/exec patterns and dynamic code loading risks
Flexible Output Formats
Reports available in Markdown for readability or JSON for programmatic processing
Web UI Support
Optional Streamlit interface for a browser-based audit dashboard

系統需求

Python 3.7+
Required to run the scanner
No mandatory dependencies
Core functionality uses only the Python standard library
Streamlit
Optional; install with pip install streamlit only if you want the Web UI

使用情境

Pre-installation audits
Scan any third-party skill before adding it to your Clawdbot or MCP environment
CI/CD security gates
Integrate into automated pipelines to block malicious skills from being deployed
Skill marketplace review
Audit community-contributed skills before publishing or approving them
Incident investigation
Analyze a suspect skill after unexpected system behavior is observed
Developer self-checks
Verify your own skill code doesn't accidentally include dangerous patterns

安裝方式

1
Run in your terminal
npx clawhub@latest install skill-scanner
or
2
Click the Install button at the top of this page for one-click setup

評價

0 則評價

登入後撰寫評價

尚無評價。來分享你的使用體驗吧!