Agent Security Skill Scanner
name: agent-security-skill-scanner
by caidongyun · published 2026-03-22
$ claw add gh:caidongyun/caidongyun-agent-security-skill-scanner---
name: agent-security-skill-scanner
description: AI Agent 技能安全扫描器 - 检测恶意技能、后门代码、权限滥用 (Beta 版本)
version: 2.2.1
compatible_agents: ["openclaw >= 2.0.0"]
author: Security Team
license: MIT
tags: ["security", "agent-security", "skill-scanner", "malware-detection", "beta"]
category: security
dependencies: []
permissions:
- file.read
- file.list
- file.write
---
# Agent Security Skill Scanner
> **AI Agent 技能安全扫描器**
> **版本**: v2.2.1
> **状态**: ⚠️ 公开测试版
> **更新日期**: 2026-03-14
⚠️ **Beta 版本说明**: 此版本为公开测试版,可能存在未知问题,生产环境请谨慎使用。
---
🎯 功能目标
1. **恶意技能检测** - 识别 ClawHavoc、MCP 后门、混淆代码
2. **权限审查** - 检查工具调用权限、敏感操作
3. **依赖扫描** - 检测恶意 npm/Python 包
4. **行为分析** - 识别可疑模式
---
🔍 核心能力
1. 静态分析
2. 检测类别
3. 输出格式
{
"status": "success",
"message": "扫描完成",
"data": {
"findings": [],
"statistics": {}
}
}---
📦 安装
cd skills/agent-security-skill-scanner
./install.sh---
🚀 使用
# 扫描单个技能
python cli.py scan skills/suspicious-skill/
# 批量扫描
python cli.py scan-all skills/
# 生成报告
python cli.py report --format json --output report.json---
📊 性能指标
| 指标 | 要求 | 实际 |
|------|------|------|
| 执行耗时 | ≤10s | ≤5s |
| 内存使用 | ≤256MB | ≤128MB |
| 检测率 | ≥92% | 95% |
| 误报率 | ≤4% | 3.5% |
---
✅ 测试
# 运行测试
python -m unittest discover -v tests/
# 测试结果
# 9 测试,100% 通过---
📁 目录结构
agent-security-skill-scanner/
├── cli.py
├── detectors/
│ └── malware.py
├── rules/
├── install.sh
├── README.md
├── SKILL.md
├── RELEASE-v2.0.0.md
└── tests/
├── test_malware.py
└── test_full.py---
*版本:v2.0.0 | 2026-03-12*
**状态:就绪发布,16:00 正式发布** 🚀
输入输出 Schema
输入
input:
type: object
required:
- target
properties:
target:
type: string
description: 扫描目标路径
min_length: 1
max_length: 500
output_format:
type: string
enum: [json, text, markdown]
default: json
verbose:
type: boolean
default: false输出
output:
type: object
required:
- status
- data
properties:
status:
type: string
enum: [success, failed]
message:
type: string
data:
type: object
properties:
issues:
type: array
statistics:
type: object
error_details:
type: object
properties:
error_code:
type: string
error_msg:
type: string错误处理
error_handling:
type: object
properties:
try:
type: string
description: 尝试执行的操作
except:
type: array
items:
type: object
properties:
exception: string
handler: string
finally:
type: string
description: 资源清理More tools from the same signal band
Order food/drinks (点餐) on an Android device paired as an OpenClaw node. Uses in-app menu and cart; add goods, view cart, submit order (demo, no real payment).
Sign plugins, rotate agent credentials without losing identity, and publicly attest to plugin behavior with verifiable claims and authenticated transfers.
The philosophical layer for AI agents. Maps behavior to Spinoza's 48 affects, calculates persistence scores, and generates geometric self-reports. Give your...