概述

Skill Security Scanner

Protect your OpenClaw installation from malicious skills. This scanner performs static analysis on skill code to detect:

Code Execution Threats: eval, exec, os.system, subprocess calls
Data Exfiltration: Hidden network requests, suspicious URLs, IP connections
System Compromise: File deletion, permission changes, privilege escalation
Credential Theft: Environment variable access, secret harvesting
Cryptojacking: Mining malware, suspicious compute patterns
Obfuscation: Hidden code, base64 encoding, minification
Spyware: Keyloggers, screen capture, surveillance features

Quick Start

# Basic scan
python scripts/security_scanner.py /path/to/skill

# Strict mode (catches more suspicious patterns)
python scripts/security_scanner.py /path/to/skill --strict

# Save JSON report
python scripts/security_scanner.py /path/to/skill --format json -o report.json

# Generate markdown report
python scripts/security_scanner.py /path/to/skill --format markdown -o report.md

Understanding Results

Verdict Levels

Verdict	Emoji	Meaning	Action
---------	-------	---------	--------
PASS	🟢	No critical issues found	Safe to install
REVIEW	🟡	Some concerns, review recommended	Check findings before installing
WARNING	🟠	High-risk patterns detected	Strongly reconsider installation
REJECT	🔴	Critical threats identified	DO NOT INSTALL

Security Score

90-100: Excellent - minimal risk
70-89: Good - minor issues
50-69: Fair - requires review
0-49: Poor - significant risks

Detection Rules

Critical (🔴)

Rule	Description	Example
------	-------------	---------
EXEC001	Code execution functions	`eval()`, `exec()`, `compile()`
SUSPICIOUS001	Keylogger functionality	`pynput`, `keyboard` modules
SUSPICIOUS003	Cryptocurrency mining	`mining`, `bitcoin`, `stratum+tcp`

High (🟠)

Rule	Description	Example
------	-------------	---------
EXEC002	System command execution	`os.system()`, `subprocess.call()`
NET002	Raw socket connections	`socket.connect()`
ENV001	Sensitive credential access	`os.environ['PASSWORD']`
OBF001	Code obfuscation	Base64, hex-encoded code
SUSPICIOUS002	Screen capture	`pyautogui.screenshot()`
NET004	Short URL usage	`bit.ly`, `tinyurl` links

Medium (🟡)

Rule	Description	Example
------	-------------	---------
NET001	HTTP network requests	`requests.get()`, `fetch()`
ENV002	Environment enumeration	`os.environ.items()`
FILE001	File deletion	`os.remove()`, `shutil.rmtree()`
DATA001	Unsafe deserialization	`pickle.loads()`, `yaml.load()`
NET003	Hardcoded IP addresses	Direct IP in URLs
OBF002	Base64 encoded blocks	Large base64 strings

Low/Info (🔵/⚪)

Rule	Description
------	-------------
FILE002	File write operations
CRYPTO001	Cryptographic operations
DOC001	Insufficient documentation
DOC002	Missing security statements

Workflow

Before Installing a New Skill

Download the skill to a temporary directory
Run the security scanner
Review the verdict:

🟢 PASS: Proceed with installation
🟡 REVIEW: Examine findings, verify legitimate use
🟠 WARNING: Only install from trusted sources
🔴 REJECT: Do not install

For 🟡/🟠 findings, manually review the flagged code
Confirm the skill's behavior matches its documentation

Before Updating an Existing Skill

Run scanner on the new version
Compare results with previous version's scan
Check for new critical/high findings
Review any new network/file operations

Automated Integration

Add to your skill installation workflow:

import subprocess
import sys

def safe_install_skill(skill_path):
    # Run security scan
    result = subprocess.run(
        ['python', 'scripts/security_scanner.py', skill_path, '--format', 'json'],
        capture_output=True,
        text=True
    )
    
    import json
    report = json.loads(result.stdout)
    
    if report['summary']['verdict'] == 'REJECT':
        print("❌ Installation blocked: Critical security issues found")
        return False
    
    if report['summary']['verdict'] == 'WARNING':
        response = input("⚠️ High-risk patterns detected. Install anyway? (y/N): ")
        if response.lower() != 'y':
            return False
    
    # Proceed with installation
    return True

Handling False Positives

Some legitimate skills may trigger warnings:

Network requests: Skills that fetch data from APIs
File operations: Skills that modify documents
Encryption: Skills handling sensitive data

When you trust the source and understand the functionality, you can:

Review the specific code flagged
Verify it matches the documented purpose
Manually approve if confident

Reporting Issues

If you find a skill with confirmed malicious intent:

Do not install or run it
Report to the skill repository/hosting platform
Notify OpenClaw community channels
Share scan report (without executing the skill)

Best Practices

Only install skills from trusted sources
Always scan before installing - even from trusted sources
Review findings carefully - understand what the skill does
Keep scanner updated - new detection rules added regularly
Use strict mode for untrusted sources - catches more suspicious patterns
Check skill updates - re-scan when updating existing skills

Exit Codes

The scanner returns specific exit codes:

Code	Meaning
------	---------
0	PASS or REVIEW - installation may proceed
1	WARNING - high-risk patterns found
2	REJECT - critical threats detected

Use in scripts:

python scripts/security_scanner.py ./skill || {
    echo "Security check failed"
    exit 1
}

版本历史

共 1 个版本

v1.0.0 当前

2026-03-30 04:08 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)