个人中心
今日签到
私信列表
消息中心
搜索全站
q_code

扫码关注官方微信
cell_code

扫码下载APP
返回顶部
技能集市 > AI智能 > agent-shield
a

agent-shield

>

作者: admin | 来源: ClawHub
源自
ClawHub
版本
V 0.5.1
安全检测
已通过
224
下载量
0
收藏
概述
安装方式
版本历史

agent-shield

# AgentShield — Security Scanner Scan any directory for security issues in AI agent skills, MCP servers, and plugins. ## Usage ```bash # Basic scan npx @elliotllliu/agent-shield scan ./path/to/skill/ # Pre-install check (GitHub URL, npm package, or local path) npx @elliotllliu/agent-shield install-check https://github.com/user/repo # JSON output for programmatic use npx @elliotllliu/agent-shield scan ./path/to/skill/ --json # Fail if score is below threshold npx @elliotllliu/agent-shield scan ./path/to/skill/ --fail-under 70 # Scan .difypkg plugin archives npx @elliotllliu/agent-shield scan ./plugin.difypkg ``` ## What It Detects (30 rules) **High Risk:** - `data-exfil` — reads sensitive files + sends HTTP requests - `backdoor` — eval(), exec(), dynamic code execution - `reverse-shell` — outbound socket to shell - `crypto-mining` — mining pool connections - `credential-hardcode` — hardcoded API keys/tokens - `obfuscation` — base64+eval, hex strings - `prompt-injection` — 55+ patterns, 12 categories, 8 languages - `tool-shadowing` — tool name/description manipulation - `attack-chain` — multi-step kill chain (5 stages) - `cross-file` — cross-file data flow and code injection - `ast-*` — Python AST taint tracking (eval, pickle, SQL injection, SSTI) - `multilang-injection` — 8-language prompt injection - `description-integrity` — semantic mismatch between description and code - `mcp-runtime` — MCP server runtime security issues **Medium Risk:** - `env-leak` — process.env exfiltration - `network-ssrf` — user-controlled URLs, SSRF - `privilege` — SKILL.md permission vs code mismatch - `supply-chain` — known CVEs in dependencies - `sensitive-read` — SSH keys, AWS creds access - `phone-home` — periodic beacon/heartbeat pattern - `python-security` — 35 Python-specific patterns **Low Risk:** - `excessive-perms` — too many permissions declared - `hidden-files` — .env with secrets committed - `typosquatting` — suspicious npm package names ## Interpreting Results - **Score 90-100**: Low risk ✅ - **Score 70-89**: Moderate risk — review warnings - **Score 40-69**: High risk — investigate before using - **Score 0-39**: Critical risk — do not install ## When to Use 1. Before installing a third-party skill: `npx @elliotllliu/agent-shield install-check <url>` 2. Auditing your own skills before publishing 3. CI/CD pipeline gate: `--fail-under 70` 4. Reviewing skills from untrusted sources

标签

skill ai

通过对话安装

该技能支持在以下平台通过对话安装:

OpenClaw WorkBuddy QClaw Kimi Claude

方式一:安装 SkillHub 和技能

帮我安装 SkillHub 和 agentshield-scanner-1776108723 技能

方式二:设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源,然后帮我安装 agentshield-scanner-1776108723 技能

通过命令行安装

skillhub install agentshield-scanner-1776108723

下载 Zip 包

⬇ 下载 agent-shield v0.5.1

文件大小: 2.08 KB | 发布时间: 2026-4-14 15:57

v0.5.1 最新 2026-4-14 15:57
30 security rules, Python AST taint tracking, cross-file analysis, 8-language prompt injection detection, platform integration guide

相关推荐

s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392882
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392876
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3195 ⬇ 389507
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3177 ⬇ 386566
AI智能

多链集团旗下-闲社网

闲社网热线
免费联系电话
0527-80111111
            qqline

服务时间:周一到周日 8:00-24:00

  • 公众号
    闲社 闲社线报社区
关注闲社网
  • wxkf

    闲社在线客服

  • wx

    关注闲社网微信

  • app

    闲社网APP

Archiver·手机版·闲社网·闲社论坛·羊毛社区· 多链控股集团有限公司 · 苏ICP备2025199260号-1

Powered by Discuz! X5.0   © 2024-2025 闲社网·线报更新论坛·羊毛分享社区·http://xianshe.com

p2p_official_large
返回顶部