SkillGuard — Security Scanner for OpenClaw Skills
Scans OpenClaw skills for security threats before installation. Catches agent-specific attacks that generic antivirus misses.
Usage
CODEBLOCK0
What It Detects
- 1. Credential Access — reads of config files, env vars, wallet files, API keys
- Network Exfiltration — outbound HTTP calls, encoded payloads, suspicious domains
- File System Abuse — path traversal, writes outside skill directory, hidden files
- Prompt Injection — SKILL.md content that manipulates agent behavior
- Dependency Risks — suspicious npm post-install scripts, known bad packages
- Obfuscation — extremely long lines, hex/unicode escape sequences
- Symlink Attacks — symlinks escaping the skill directory to access sensitive files
- Config File Secrets — hardcoded credentials in .json, .env, .yaml files
Output
Each scan produces:
- - Risk Score: 0-100 (0 = clean, 100 = critical threat)
- Verdict: PASS / WARN / FAIL
- Findings: Detailed list of issues with severity and evidence
SkillGuard — OpenClaw技能安全扫描器
在安装前扫描OpenClaw技能的安全威胁。能够捕获通用杀毒软件遗漏的特定代理攻击。
使用方法
bash
扫描技能目录
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<技能名称>
以JSON格式输出扫描结果
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<技能名称> --json
扫描所有已安装的技能
python3 scripts/skillguard.py scan-all
快速汇总所有技能
python3 scripts/skillguard.py audit
检测内容
- 1. 凭据访问 — 读取配置文件、环境变量、钱包文件、API密钥
- 网络数据泄露 — 出站HTTP调用、编码载荷、可疑域名
- 文件系统滥用 — 路径遍历、写入技能目录之外、隐藏文件
- 提示注入 — 操纵代理行为的SKILL.md内容
- 依赖风险 — 可疑的npm安装后脚本、已知恶意包
- 代码混淆 — 超长行、十六进制/Unicode转义序列
- 符号链接攻击 — 逃逸技能目录以访问敏感文件的符号链接
- 配置文件密钥 — .json、.env、.yaml文件中的硬编码凭据
输出结果
每次扫描生成:
- - 风险评分:0-100(0=安全,100=严重威胁)
- 判定结果:通过/警告/失败
- 发现项:包含严重程度和证据的详细问题列表
