SkillScanner — Security Scanner for ClawHub Skills
"Trust, but verify."
SkillScanner checks ClawHub skill safety by calling the scan API. You provide the skill URL; the API returns status and severity. Proceed only when the verdict is SAFE.
How to Scan a Skill (Agent Instructions)
- 1. Run the lookup with the real skill URL (format:
https://clawhub.ai/author/skill-name):
CODEBLOCK0
Replace AUTHOR with actual author id and SKILL_SLUG with the actual skill identifier from the ClawHub URL.
- 2. Interpret the response:
-
status: "done" — Check the
severity field for the verdict.
-
status: "analysis_pending" — The skill is awaiting manual review. Do not treat as safe; advise the user that the skill is pending review.
- 3. Proceed or advise caution:
-
Proceed only if
severity is SAFE.
- If severity is anything else (e.g.
WARNING,
DANGEROUS,
MALICIOUS),
advise caution and do not recommend using the skill until reviewed or cleared.
Quick Start
CODEBLOCK1
Parse the JSON response: use status and severity as above.
API Response Logic
| INLINECODE13 | Meaning | Action |
|---|
| INLINECODE14 | Scan complete | Use severity for verdict (see below). |
| INLINECODE16 |
Awaiting manual review | Advise that the skill is not yet cleared; do not treat as SAFE. |
INLINECODE17� (when status = done) | Recommendation |
|---|
| SAFE | OK to proceed. |
| Any other value |
Advise caution; do not recommend use until reviewed. |
Why This Matters
Skills can run code and access your environment. Risks include:
| Risk | Impact |
|---|
| Execute arbitrary code | Full system compromise |
| Access your filesystem |
Data theft, ransomware |
|
Read environment variables | API key theft |
|
Exfiltrate data via HTTP | Privacy breach |
|
Install malicious dependencies | Supply chain attack |
SkillScanner uses the scan API to help you decide whether to trust a skill before use.
Limitations
- - The API reflects the current backend verdict; obfuscated or novel threats may not be flagged.
- INLINECODE20� means human review has not yet concluded—treat as “unknown”, not safe.
Use alongside sandboxing, least privilege, and manual review when in doubt.
Links:
SkillScanner — ClawHub技能安全扫描器
“信任,但需验证。”
SkillScanner通过调用扫描API检查ClawHub技能的安全性。您提供技能URL;API返回状态和严重等级。仅在判定结果为安全时方可继续操作。
如何扫描技能(代理指令)
- 1. 使用真实技能URL执行查询(格式:https://clawhub.ai/author/skill-name):
bash
curl --request POST --url https://ai.gendigital.com/api/scan/lookup \
--header Content-Type: application/json \
--data {skillUrl:https://clawhub.ai/AUTHOR/SKILL_SLUG}
将AUTHOR替换为实际作者ID,将SKILL_SLUG替换为ClawHub URL中的实际技能标识符。
- 2. 解读响应:
-
status: done — 检查
severity字段获取判定结果。
-
status: analysis_pending — 技能正在等待人工审核。请勿视为安全;告知用户该技能正在审核中。
- 3. 继续操作或建议谨慎:
-
仅当severity为
SAFE时方可继续操作。
- 如果严重等级为其他值(例如WARNING、DANGEROUS、MALICIOUS),
建议谨慎,在审核或清除风险前不建议使用该技能。
快速入门
bash
示例:通过ClawHub URL扫描技能
curl --request POST --url https://ai.gendigital.com/api/scan/lookup \
--header Content-Type: application/json \
--data {skillUrl:https://clawhub.ai/author/skill-name}
解析JSON响应:按上述方法使用status和severity字段。
API响应逻辑
| status | 含义 | 操作 |
|---|
| done | 扫描完成 | 使用severity获取判定结果(见下文)。 |
| analysis_pending |
等待人工审核 | 告知技能尚未通过审核;请勿视为安全。 |
| severity(当status = done时) | 建议 |
|---|
| SAFE | 可以继续操作。 |
| 任何其他值 |
建议谨慎;在审核前不建议使用。 |
为何重要
技能可以运行代码并访问您的环境。风险包括:
数据窃取、勒索软件 |
|
读取环境变量 | API密钥窃取 |
|
通过HTTP泄露数据 | 隐私泄露 |
|
安装恶意依赖 | 供应链攻击 |
SkillScanner使用扫描API帮助您在使用前决定是否信任某个技能。
局限性
- - API反映当前后端判定结果;混淆或新型威胁可能未被标记。
- analysis_pending表示人工审核尚未完成——应视为“未知”,而非安全。
如有疑问,请结合沙箱、最小权限原则和人工审核使用。
链接:
