Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install ai-skill-scanner或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install ai-skill-scanner⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/ai-skill-scanner/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: skill-scanner description: Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification. ---
Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.
# Scan a local skill folder
python3 scripts/scan.py /path/to/skill
# Verbose output (show matched lines)
python3 scripts/scan.py /path/to/skill --verbose
# JSON output (for automation)
python3 scripts/scan.py /path/to/skill --jsonpython3 scripts/scan.py --verbose | Score | Meaning | Recommendation | |-------|---------|----------------| | CLEAN | No issues found | Safe to install | | INFO | Minor notes only | Safe to install | | REVIEW | Medium-severity findings | Review manually before installing | | SUSPICIOUS | High-severity findings | Do NOT install without thorough manual review | | DANGEROUS | Critical findings detected | Do NOT install — likely malicious |
0 = CLEAN/INFO1 = REVIEW2 = SUSPICIOUS3 = DANGEROUSSee references/rules.md for full list of detection rules, severity levels, and whitelisted domains.
安装 AI Skill Scanner 后,可以对 AI 说这些话来触发它
Help me get started with AI Skill Scanner
Explains what AI Skill Scanner does, walks through the setup, and runs a quick demo based on your current project
Use AI Skill Scanner to scan OpenBot/Clawdbot skills for security vulnerabilities, maliciou...
Invokes AI Skill Scanner with the right parameters and returns the result directly in the conversation
What can I do with AI Skill Scanner in my developer & devops workflow?
Lists the top use cases for AI Skill Scanner, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/ai-skill-scanner/ 目录(个人级,所有项目可用),或 .claude/skills/ai-skill-scanner/(项目级)。重启 AI 客户端后,用 /ai-skill-scanner 主动调用,或让 AI 根据上下文自动发现并使用。
AI Skill Scanner 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
AI Skill Scanner 可免费安装使用。请查阅仓库了解许可证信息。
Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.
Automate my developer & devops tasks using AI Skill Scanner
Identifies repetitive steps in your workflow and sets up AI Skill Scanner to handle them automatically
AI Skill Scanner 属于「Developer & DevOps」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。