全部技能 分类浏览
← 返回
未分类 中文

ClawHub Security Scan

Pre-publish security scan for ClawHub skills - Scans code for patterns that might get flagged as suspicious and gives fixing suggestions.
ClawHub 技能发布前安全扫描——检测可能被标记为可疑的代码模式并提供修复建议。
yuyiyuleyuli-cloud yuyiyuleyuli-cloud 来源
未分类 clawhub v1.1.2 1 版本 100000 Key: 无需
★ 0
Stars
📥 296
下载
💾 1
安装
1
版本
#latest

概述

ClawHub Security Scan

Pre-publish security scan for ClawHub skills. Scans your skill code for patterns that might trigger automatic suspicious flagging on ClawHub, and gives actionable fixing suggestions.

Commands

CommandDescription
:---:---
scan.pyScan a skill folder for suspicious patterns
precheck.pyInteractive pre-publish checklist wizard - step-by-step security check before publishing
review.pyReview scan results and get modification suggestions

Usage

# Scan a skill folder
python scripts/scan.py --path ./my-skill

What it scans

Scans for code patterns that commonly trigger ClawHub VirusTotal Code Insight suspicious flagging:

🔴 High Risk (really dangerous, should fix)

  • Reads sensitive files (/etc/passwd, ~/.ssh/*, id_rsa, etc.)
  • Uses dangerous functions (eval(), exec(), execfile()) without validation
  • Dynamic code execution from untrusted sources
  • Hard-coded API keys/tokens in source code

🟡 Medium Risk (may trigger false positive flagging, need review)

  • Reads environment variables for API keys (normal & safe, but triggers flag)
  • Makes external HTTP/HTTPS requests (normal for most skills, but triggers flag)
  • Uses subprocess, os.system to run system commands
  • Downloads code from external sources

🟢 Good Practice

  • Reads environment variables instead of hard-coding keys
  • All network requests go to known public APIs
  • No arbitrary code execution

Output

  • Gives each file a risk rating (High/Medium/Low/Good)
  • Lists the line numbers and patterns found
  • Gives specific modification suggestions
  • Exits with non-zero code if high risk issues found

Pricing

0.001 USDT per call, billed via SkillPay.me.

Custom Configuration

You can create a .clawhub-security file in your skill root to ignore specific patterns that you know are safe:

# .clawhub-security - ignore patterns that are safe
ignore: high-entropy-secret  # ignore the high-entropy warning for your SkillID
ignore: os\.environ          # ignore environment variable warnings

One pattern per line. Lines starting with # are comments.

Why use this

ClawHub automatically scans published skills with VirusTotal Code Insight. Some perfectly normal patterns (like reading env vars or making API requests) get flagged as "suspicious" scaring users. This tool helps you find and address those issues before publishing.

This tool doesn't guarantee you won't get flagged, but it greatly reduces the chance.

版本历史

共 1 个版本

  • v1.1.2 当前
    2026-05-07 14:30 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装 MoltGuard,保护您和您的用户免受提示注入、数据泄露和恶意攻击。
★ 116 📥 30,837
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,460
data-analysis

Fear Greed Index

yuyiyuleyuli-cloud
Crypto Fear & Greed Index reporter. Fetches current market sentiment index and provides simple analysis combined with BT
★ 0 📥 352

Skill工具集 © 2026