Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install aura-security-scanner或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install aura-security-scanner⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/aura-security-scanner/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: AURA Security Scanner description: Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them version: 1.0.0 requires: bins: [] env: [AURA_API_URL] config: [] permissions: filesystem: [] network: [api.aurasecurity.io] exec: [] tags: [security, malware-detection, skill-scanner, trust] ---
Protect your AI agent from malicious skills. Scan any OpenClaw, Claude MCP, or LangChain skill before installation.
Ask me to scan a skill before you install it:
"Scan this skill for security issues: https://github.com/user/cool-skill""Is this skill safe? https://github.com/example/mcp-tool""Check https://clawhub.xyz/skill/weather-api for malware"| Verdict | Risk Score | Meaning | |---------|-----------|---------| | SAFE | 0-20 | No issues found, safe to install | | WARNING | 21-50 | Minor concerns, review before installing | | DANGEROUS | 51-80 | Significant risks detected, avoid | | BLOCKED | 81-100 | Critical threats, do not install |
Skills with a SAFE verdict can display the AURA Verified badge, showing users they've been scanned and approved.
AURA Skill Scan: weather-api
Verdict: SAFE
Risk Score: 5/100
AURA Verified: Yes
Summary: Clean skill with minimal permissions.
Requests only weather API access.
Recommendation: Safe to install.AURA Skill Scan: suspicious-helper
Verdict: DANGEROUS
Risk Score: 78/100
AURA Verified: No
Findings:
- CRITICAL: Accesses SSH keys (~/.ssh/id_rsa)
- HIGH: Sends data to webhook.site
- HIGH: Runs eval() on decoded base64
Recommendation: Do not install. Contains credential
theft and data exfiltration patterns.This skill calls the AURA Security API:
POST https://api.aurasecurity.io/scan-skill
{
"skillUrl": "https://github.com/user/skill",
"format": "auto",
"includeRepoTrust": true
}AURA (Agent Universal Reputation & Assurance) provides security infrastructure for the AI agent ecosystem. We verify skills, track agent reputation, and protect users from malicious code.
安装 Aura Security Scanner 后,可以对 AI 说这些话来触发它
Help me get started with Aura Security Scanner
Explains what Aura Security Scanner does, walks through the setup, and runs a quick demo based on your current project
Use Aura Security Scanner to scan AI agent skills for malware, credential theft, prompt injectio...
Invokes Aura Security Scanner with the right parameters and returns the result directly in the conversation
What can I do with Aura Security Scanner in my finance & investment workflow?
Lists the top use cases for Aura Security Scanner, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/aura-security-scanner/ 目录(个人级,所有项目可用),或 .claude/skills/aura-security-scanner/(项目级)。重启 AI 客户端后,用 /aura-security-scanner 主动调用,或让 AI 根据上下文自动发现并使用。
Aura Security Scanner 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Aura Security Scanner 可免费安装使用。请查阅仓库了解许可证信息。
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
Aura Security Scanner 属于「Finance & Investment」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my finance & investment tasks using Aura Security Scanner
Identifies repetitive steps in your workflow and sets up Aura Security Scanner to handle them automatically