Security scanner for OpenClaw agent skills. Static analysis for red flags.
node scripts/scanner.js <path-to-skill> [--verbose] [--json] [--summary] [--ignore <path>] [--include-self]
# Scan a downloaded skill folder before enabling it
clawhub inspect some-skill
node scripts/scanner.js ./skills/some-skill --verbose
# Scan your own skill before publishing
node scripts/scanner.js ./skills/my-skill
# JSON output for automation
node scripts/scanner.js ./skills/my-skill --json
# One-line summary output for heartbeat checks
node scripts/scanner.js ./skills/my-skill --summary
# Include scanner internals (off by default to reduce self-scan noise)
node scripts/scanner.js ./skills/skulk-skill-scanner --include-self
| Severity | Flags |
|---|---|
| ---------- | ------- |
| 🔴 Critical | Data exfiltration, credential access, safety overrides, destructive commands |
| 🟠 High | Obfuscation (base64/eval), unknown network access, env scanning, privilege escalation, hidden instructions |
| 🟡 Medium | Writes outside workspace, package installs (supply chain), messaging on user's behalf, persistent timers/automation |
| 🔵 Info | API key references, broad tool access requests |
Known legitimate API domains are allowlisted to reduce false positives on network-related rules. Edit the SAFE_DOMAINS array in scripts/scanner.js to customize.
This is static pattern matching — it catches obvious and moderately obfuscated attacks but cannot detect:
It's a first line of defense, not a guarantee. Always review skills manually before granting sensitive access.
共 1 个版本