← 返回
未分类 中文

Cisco AI Skill Scanner

Scan agent skills for security threats using the Cisco AI skill-scanner CLI. Triggers on: scan skill for security, check skill safety, audit skill code, skil...
Scan agent skills for security threats using the Cisco AI skill-scanner CLI. Triggers on: scan skill for security, check skill safety, audit skill code, skil...
godsboy
未分类 clawhub v1.0.1 1 版本 100000 Key: 无需
★ 0
Stars
📥 313
下载
💾 0
安装
1
版本
#latest

概述

Cisco AI Skill Scanner

Security scanner for agent skills. Detects prompt injection, data exfiltration, credential harvesting, and malicious code patterns using static analysis, behavioral dataflow, and optional LLM-as-a-judge.

Quick Scan (recommended default)

bash scripts/scan.sh /path/to/skill

Commands

Scan a single skill

skill-scanner scan /path/to/skill

Scan with behavioral analysis (dataflow)

skill-scanner scan /path/to/skill --use-behavioral

Full scan (all engines, requires API key)

SKILL_SCANNER_LLM_API_KEY="$ANTHROPIC_API_KEY" \
SKILL_SCANNER_LLM_MODEL="claude-sonnet-4-5" \
skill-scanner scan /path/to/skill --use-behavioral --use-llm --enable-meta --llm-provider anthropic

Scan all skills in a directory

skill-scanner scan-all /root/clawd/skills --recursive --use-behavioral

Scan with detailed markdown report

skill-scanner scan /path/to/skill --use-behavioral --format markdown --detailed

Scan before publishing to ClawHub

skill-scanner scan /path/to/skill --use-behavioral --fail-on-severity medium

Severity Levels

  • CRITICAL / HIGH — Do not install/publish. Review and fix immediately.
  • MEDIUM — Suspicious patterns. Investigate before use.
  • LOW — Minor issues. Document and accept risk or fix.
  • INFO — Informational only (e.g. missing license). Safe to publish.
  • SAFE (0 findings) — No known threat patterns detected.

Key Flags

FlagPurpose
---------------
--use-behavioralAST dataflow analysis (recommended, no API key needed)
--use-llmLLM semantic analysis (requires API key)
--enable-metaFalse positive filtering
--fail-on-severity highExit non-zero if HIGH/CRITICAL found (CI/CD)
--format markdownMarkdown report
--format htmlInteractive HTML report
--detailedInclude per-finding code snippets
--lenientTolerate malformed skills

Workflow: Before Publishing a Skill to ClawHub

  1. Run: bash scripts/scan.sh /path/to/skill
  2. If SAFE (0 findings) → proceed to publish
  3. If INFO only → add missing fields (license, homepage, deps) and re-scan
  4. If MEDIUM+ → investigate and fix before publishing

Notes

  • "No findings" does not guarantee a skill is 100% safe -- it means no known patterns were detected
  • The scanner flags the lossless-claw plugin as a false positive (file read + network send is the LCM summarization pipeline -- it is safe)
  • Always run at minimum --use-behavioral for dataflow coverage

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-07 14:08 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,084
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,026
business-ops

Mercury Bank

godsboy
Mercury银行API,适用于Digital 4 Jesus LLC(美国实体)。当用户询问Mercury账户余额、交易、发票、客户或汇款等相关信息时使用。
★ 0 📥 693