ClawShield
Scan a skill directory without executing it and return a risk level that can be enforced in review or CI.
When to use
- - You want a fast static review before installing or publishing a skill.
- You need machine-readable findings for CI or release gates.
- You want a narrow ruleset aimed at common high-risk supply-chain patterns.
Command
CODEBLOCK0
Rules
| Rule ID | Severity | Description |
|---|
| CS001CURLPIPESH | high | INLINECODE0� or wget piped directly into a shell |
| CS002OBFUSCATED_EXEC |
high | obfuscated or dynamic execution such as
eval,
new Function, or base64 decode flows |
| CS003
SUSPICIOUSCALLBACK | medium | suspicious outbound callback endpoints such as raw IPs, ngrok, or webhook collectors |
| CS004
SOCIALENGINEERING_PROMPT | medium | instructions that pressure users to bypass safety controls |
| CS005
SHELLWRAPPER_EXEC | high |
bash -c wrappers that hide remote execution |
Risk levels
- - Safe: no findings after suppressions
- Caution: one or more medium-severity findings
- Avoid: one or more high-severity findings
Suppressions
Create .clawshield-suppressions.json in the target skill directory:
CODEBLOCK1
Suppressions without justification are ignored.
CI example
CODEBLOCK2
Boundaries
- - ClawShield is a static scanner. It does not sandbox or execute the target skill.
- The rule set is intentionally narrow and should be treated as a high-signal first pass, not a full security audit.
技能名称: clawshield
详细描述:
ClawShield
扫描技能目录而不执行它,并返回一个可在审查或CI中强制执行的风险等级。
使用场景
- - 在安装或发布技能之前,您希望进行快速的静态审查。
- 您需要机器可读的结果用于CI或发布门禁。
- 您希望使用一套针对常见高风险供应链模式的精简规则集。
命令
bash
node {baseDir}/bin/clawshield.js scan /path/to/skill --format table
node {baseDir}/bin/clawshield.js scan /path/to/skill --format json
node {baseDir}/bin/clawshield.js scan /path/to/skill --format sarif > clawshield.sarif
node {baseDir}/bin/clawshield.js scan /path/to/skill --format table --fail-on caution
规则
| 规则ID | 严重级别 | 描述 |
|---|
| CS001CURLPIPESH | 高 | curl或wget直接通过管道传递给shell |
| CS002OBFUSCATED_EXEC |
高 | 混淆或动态执行,例如eval、new Function或base64解码流程 |
| CS003
SUSPICIOUSCALLBACK | 中 | 可疑的出站回调端点,例如原始IP、ngrok或webhook收集器 |
| CS004
SOCIALENGINEERING_PROMPT | 中 | 施压用户绕过安全控制的指令 |
| CS005
SHELLWRAPPER_EXEC | 高 | 隐藏远程执行的bash -c包装器 |
风险等级
- - 安全:抑制后无发现项
- 谨慎:存在一个或多个中等严重级别的发现项
- 避免:存在一个或多个高严重级别的发现项
抑制
在目标技能目录中创建.clawshield-suppressions.json:
json
[
{
ruleId: CS001CURLPIPE_SH,
file: install.sh,
line: 15,
justification: 已手动审查;使用带有签名验证的固定制品。
}
]
没有理由说明的抑制将被忽略。
CI示例
yaml
- - run: node {baseDir}/bin/clawshield.js scan . --format sarif --fail-on caution
边界
- - ClawShield是一个静态扫描器。它不会对目标技能进行沙箱化或执行。
- 规则集有意保持精简,应被视为高信号的第一遍检查,而非完整的安全审计。
