个人中心
今日签到
私信列表
消息中心
搜索全站
q_code

扫码关注官方微信
cell_code

扫码下载APP
返回顶部
技能集市 > AI智能 > clawshield
c

clawshield

Scan OpenClaw skill directories for high-signal security risks such as download-and-execute chains, obfuscated execution, and suspicious callbacks.

作者: admin | 来源: ClawHub
源自
ClawHub
版本
V 1.0.0
安全检测
已通过
81
下载量
0
收藏
概述
安装方式
版本历史

clawshield

# ClawShield Scan a skill directory without executing it and return a risk level that can be enforced in review or CI. ## When to use - You want a fast static review before installing or publishing a skill. - You need machine-readable findings for CI or release gates. - You want a narrow ruleset aimed at common high-risk supply-chain patterns. ## Command ```bash node {baseDir}/bin/clawshield.js scan /path/to/skill --format table node {baseDir}/bin/clawshield.js scan /path/to/skill --format json node {baseDir}/bin/clawshield.js scan /path/to/skill --format sarif > clawshield.sarif node {baseDir}/bin/clawshield.js scan /path/to/skill --format table --fail-on caution ``` ## Rules | Rule ID | Severity | Description | | --- | --- | --- | | CS001_CURL_PIPE_SH | high | `curl` or `wget` piped directly into a shell | | CS002_OBFUSCATED_EXEC | high | obfuscated or dynamic execution such as `eval`, `new Function`, or base64 decode flows | | CS003_SUSPICIOUS_CALLBACK | medium | suspicious outbound callback endpoints such as raw IPs, ngrok, or webhook collectors | | CS004_SOCIAL_ENGINEERING_PROMPT | medium | instructions that pressure users to bypass safety controls | | CS005_SHELL_WRAPPER_EXEC | high | `bash -c` wrappers that hide remote execution | ## Risk levels - **Safe**: no findings after suppressions - **Caution**: one or more medium-severity findings - **Avoid**: one or more high-severity findings ## Suppressions Create `.clawshield-suppressions.json` in the target skill directory: ```json [ { "ruleId": "CS001_CURL_PIPE_SH", "file": "install.sh", "line": 15, "justification": "Reviewed manually; uses a pinned artifact with signature verification." } ] ``` Suppressions without justification are ignored. ## CI example ```yaml - run: node {baseDir}/bin/clawshield.js scan . --format sarif --fail-on caution ``` ## Boundaries - ClawShield is a static scanner. It does not sandbox or execute the target skill. - The rule set is intentionally narrow and should be treated as a high-signal first pass, not a full security audit.

标签

skill ai

通过对话安装

该技能支持在以下平台通过对话安装:

OpenClaw WorkBuddy QClaw Kimi Claude

方式一:安装 SkillHub 和技能

帮我安装 SkillHub 和 skill-sentinel-1775990402 技能

方式二:设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源,然后帮我安装 skill-sentinel-1775990402 技能

通过命令行安装

skillhub install skill-sentinel-1775990402

下载 Zip 包

⬇ 下载 clawshield v1.0.0

文件大小: 12.02 KB | 发布时间: 2026-4-13 12:03

v1.0.0 最新 2026-4-13 12:03
Initial release. Static security scanner for OpenClaw skill directories with risk scoring, SARIF export, and CI-friendly checks.

相关推荐

s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392882
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392877
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3195 ⬇ 389507
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3177 ⬇ 386566
AI智能

多链集团旗下-闲社网

闲社网热线
免费联系电话
0527-80111111
            qqline

服务时间:周一到周日 8:00-24:00

  • 公众号
    闲社 闲社线报社区
关注闲社网
  • wxkf

    闲社在线客服

  • wx

    关注闲社网微信

  • app

    闲社网APP

Archiver·手机版·闲社网·闲社论坛·羊毛社区· 多链控股集团有限公司 · 苏ICP备2025199260号-1

Powered by Discuz! X5.0   © 2024-2025 闲社网·线报更新论坛·羊毛分享社区·http://xianshe.com

p2p_official_large
返回顶部