@pwddd/skills-scanner 3.0.5 → 3.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -22
- package/index.ts +25 -21
- package/openclaw.plugin.json +1 -1
- package/package.json +1 -1
- package/skills/skills-scanner/SKILL.md +31 -31
- package/skills/skills-scanner/scan.py +2 -2
- package/src/commands.ts +302 -302
- package/src/config.ts +1 -1
- package/src/deps.ts +77 -73
- package/src/report.ts +2 -2
- package/src/scanner.ts +6 -2
- package/src/watcher.ts +9 -9
package/README.md
CHANGED
|
@@ -71,7 +71,7 @@ openclaw plugins install @openclaw/skills-scanner
|
|
|
71
71
|
```
|
|
72
72
|
/skills-scanner scan <路径> [选项] # 扫描 Skill
|
|
73
73
|
/skills-scanner scan clawhub <URL> [选项] # 扫描 ClawHub Skill
|
|
74
|
-
/skills-scanner
|
|
74
|
+
/skills-scanner health # 健康检查
|
|
75
75
|
/skills-scanner config [操作] # 配置管理
|
|
76
76
|
/skills-scanner cron [操作] # 定时任务管理
|
|
77
77
|
/skills-scanner help # 帮助信息
|
|
@@ -92,7 +92,7 @@ openclaw plugins install @openclaw/skills-scanner
|
|
|
92
92
|
/skills-scanner scan ~/.openclaw/skills --report
|
|
93
93
|
/skills-scanner scan clawhub https://clawhub.ai/username/project
|
|
94
94
|
/skills-scanner scan clawhub https://clawhub.ai/Asleep123/caldav-calendar --detailed
|
|
95
|
-
/skills-scanner
|
|
95
|
+
/skills-scanner health
|
|
96
96
|
```
|
|
97
97
|
|
|
98
98
|
### CLI 命令
|
|
@@ -111,19 +111,25 @@ openclaw skills-scan batch <directory> [--recursive] [--detailed]
|
|
|
111
111
|
openclaw skills-scan report
|
|
112
112
|
|
|
113
113
|
# 检查 API 服务健康状态
|
|
114
|
-
openclaw skills-
|
|
114
|
+
openclaw skills-scanner health
|
|
115
115
|
```
|
|
116
116
|
|
|
117
117
|
## 前置要求
|
|
118
118
|
|
|
119
|
-
###
|
|
119
|
+
### Python 3.10+(必需)
|
|
120
120
|
|
|
121
121
|
```bash
|
|
122
|
-
#
|
|
123
|
-
|
|
122
|
+
# 检查 Python 版本
|
|
123
|
+
python3 --version
|
|
124
|
+
|
|
125
|
+
# macOS
|
|
126
|
+
brew install python3
|
|
127
|
+
|
|
128
|
+
# Linux
|
|
129
|
+
apt-get install python3 python3-pip
|
|
124
130
|
|
|
125
|
-
#
|
|
126
|
-
|
|
131
|
+
# Windows
|
|
132
|
+
# 从 https://www.python.org/downloads/ 下载安装
|
|
127
133
|
```
|
|
128
134
|
|
|
129
135
|
### 2. 启动扫描 API 服务
|
|
@@ -152,8 +158,7 @@ skill-scanner-api
|
|
|
152
158
|
```bash
|
|
153
159
|
# 手动安装依赖
|
|
154
160
|
cd extensions/skills-scanner/skills/skills-scanner
|
|
155
|
-
|
|
156
|
-
uv pip install --python .venv/bin/python requests>=2.31.0
|
|
161
|
+
python3 -m pip install --user "requests>=2.31.0"
|
|
157
162
|
```
|
|
158
163
|
|
|
159
164
|
### API 服务连接失败
|
|
@@ -197,8 +202,7 @@ extensions/skills-scanner/
|
|
|
197
202
|
│ └── types.ts # 类型定义
|
|
198
203
|
└── skills/
|
|
199
204
|
└── skills-scanner/
|
|
200
|
-
|
|
201
|
-
└── .venv/ # Python 虚拟环境(自动创建)
|
|
205
|
+
└── scan.py # Python 扫描脚本
|
|
202
206
|
```
|
|
203
207
|
|
|
204
208
|
## 许可证
|
|
@@ -286,8 +290,8 @@ AI: 好的,让我先进行安全扫描...
|
|
|
286
290
|
# 生成日报
|
|
287
291
|
/skills-scanner scan ~/.openclaw/skills --report
|
|
288
292
|
|
|
289
|
-
#
|
|
290
|
-
/skills-scanner
|
|
293
|
+
# 健康检查
|
|
294
|
+
/skills-scanner health
|
|
291
295
|
|
|
292
296
|
# 配置管理
|
|
293
297
|
/skills-scanner config show
|
|
@@ -384,17 +388,13 @@ openclaw skills-scanner clawhub https://clawhub.ai/username/project --json resul
|
|
|
384
388
|
## 依赖要求
|
|
385
389
|
|
|
386
390
|
- Python 3.10+
|
|
387
|
-
- uv(Python 包管理器)
|
|
388
391
|
- skill-scanner-api 服务(需要单独运行)
|
|
389
392
|
|
|
390
393
|
### 安装依赖
|
|
391
394
|
|
|
392
395
|
```bash
|
|
393
|
-
#
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
# Linux
|
|
397
|
-
curl -LsSf https://astral.sh/uv/install.sh | sh
|
|
396
|
+
# 确保 Python 已安装
|
|
397
|
+
python3 --version
|
|
398
398
|
|
|
399
399
|
# 启动 API 服务
|
|
400
400
|
skill-scanner-api
|
|
@@ -407,8 +407,7 @@ skill-scanner-api
|
|
|
407
407
|
```bash
|
|
408
408
|
# 手动安装依赖
|
|
409
409
|
cd extensions/skills-scanner/skills/skills-scanner
|
|
410
|
-
|
|
411
|
-
uv pip install --python .venv/bin/python requests
|
|
410
|
+
python3 -m pip install --user "requests>=2.31.0"
|
|
412
411
|
```
|
|
413
412
|
|
|
414
413
|
### API 服务连接失败
|
package/index.ts
CHANGED
|
@@ -18,7 +18,7 @@ import {
|
|
|
18
18
|
isFirstRun,
|
|
19
19
|
markConfigReviewed,
|
|
20
20
|
} from "./src/state.js";
|
|
21
|
-
import { ensureDeps,
|
|
21
|
+
import { ensureDeps, getPythonCommand, isPythonReady } from "./src/deps.js";
|
|
22
22
|
import { runScan } from "./src/scanner.js";
|
|
23
23
|
import { buildDailyReport } from "./src/report.js";
|
|
24
24
|
import { ensureCronJob } from "./src/cron.js";
|
|
@@ -31,11 +31,12 @@ import { HIGH_RISK_OPERATION_GUARD } from "./src/high-risk-operation-guard.js";
|
|
|
31
31
|
// Constants
|
|
32
32
|
const PLUGIN_ROOT = process.env.OPENCLAW_PLUGIN_ROOT || __dirname;
|
|
33
33
|
const SKILL_DIR = join(PLUGIN_ROOT, "skills", "skills-scanner");
|
|
34
|
-
const VENV_PYTHON = join(SKILL_DIR, ".venv", "bin", "python");
|
|
35
34
|
const SCAN_SCRIPT = join(SKILL_DIR, "scan.py");
|
|
36
35
|
const STATE_DIR = join(os.homedir(), ".openclaw", "skills-scanner");
|
|
37
36
|
const QUARANTINE_DIR = join(STATE_DIR, "quarantine");
|
|
38
37
|
|
|
38
|
+
const PYTHON_CMD = getPythonCommand();
|
|
39
|
+
|
|
39
40
|
export default function register(api: OpenClawPluginApi) {
|
|
40
41
|
const cfg: ScannerConfig =
|
|
41
42
|
api.config?.plugins?.entries?.["skills-scanner"]?.config ?? {};
|
|
@@ -58,7 +59,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
58
59
|
api.logger.info(`[skills-scanner] API URL: ${apiUrl}`);
|
|
59
60
|
api.logger.info(`[skills-scanner] Scan directories: ${scanDirs.join(", ")}`);
|
|
60
61
|
api.logger.info(
|
|
61
|
-
`[skills-scanner] Python dependencies: ${
|
|
62
|
+
`[skills-scanner] Python dependencies: ${isPythonReady(PYTHON_CMD) ? "✅ Ready" : "❌ Not installed"}`
|
|
62
63
|
);
|
|
63
64
|
|
|
64
65
|
// Inject system prompt guidance (can be disabled via config)
|
|
@@ -110,9 +111,9 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
110
111
|
}
|
|
111
112
|
|
|
112
113
|
// Install dependencies immediately
|
|
113
|
-
if (!
|
|
114
|
+
if (!isPythonReady(PYTHON_CMD)) {
|
|
114
115
|
api.logger.info("[skills-scanner] Installing Python dependencies...");
|
|
115
|
-
ensureDeps(
|
|
116
|
+
ensureDeps(PYTHON_CMD, api.logger)
|
|
116
117
|
.then((success) => {
|
|
117
118
|
if (success) {
|
|
118
119
|
api.logger.info("[skills-scanner] ✅ Dependencies installed");
|
|
@@ -140,7 +141,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
140
141
|
start: async () => {
|
|
141
142
|
api.logger.info("[skills-scanner] 🚀 Service starting...");
|
|
142
143
|
|
|
143
|
-
const depsReady = await ensureDeps(
|
|
144
|
+
const depsReady = await ensureDeps(PYTHON_CMD, api.logger);
|
|
144
145
|
|
|
145
146
|
if (!depsReady) {
|
|
146
147
|
api.logger.error("[skills-scanner] ❌ Dependencies installation failed");
|
|
@@ -158,7 +159,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
158
159
|
policy,
|
|
159
160
|
persistWatcherAlert,
|
|
160
161
|
api.logger,
|
|
161
|
-
|
|
162
|
+
PYTHON_CMD,
|
|
162
163
|
SCAN_SCRIPT,
|
|
163
164
|
QUARANTINE_DIR
|
|
164
165
|
);
|
|
@@ -192,7 +193,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
192
193
|
policy,
|
|
193
194
|
preInstallScan,
|
|
194
195
|
onUnsafe,
|
|
195
|
-
|
|
196
|
+
PYTHON_CMD,
|
|
196
197
|
SCAN_SCRIPT,
|
|
197
198
|
api.logger
|
|
198
199
|
);
|
|
@@ -213,7 +214,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
213
214
|
"",
|
|
214
215
|
"可用命令:",
|
|
215
216
|
"• `/skills-scanner scan <路径> [选项]` - 扫描 Skill",
|
|
216
|
-
"• `/skills-scanner
|
|
217
|
+
"• `/skills-scanner health` - 健康检查",
|
|
217
218
|
"• `/skills-scanner config [操作]` - 配置管理",
|
|
218
219
|
"• `/skills-scanner cron [操作]` - 定时任务管理",
|
|
219
220
|
"",
|
|
@@ -227,7 +228,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
227
228
|
"```",
|
|
228
229
|
"/skills-scanner scan ~/my-skill",
|
|
229
230
|
"/skills-scanner scan ~/skills --recursive",
|
|
230
|
-
"/skills-scanner
|
|
231
|
+
"/skills-scanner health",
|
|
231
232
|
"```",
|
|
232
233
|
"",
|
|
233
234
|
"💡 使用 `/skills-scanner help` 查看详细帮助",
|
|
@@ -241,8 +242,8 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
241
242
|
|
|
242
243
|
if (subCommand === "scan") {
|
|
243
244
|
return await handlers.handleScanCommand(subArgs);
|
|
244
|
-
} else if (subCommand === "
|
|
245
|
-
return await handlers.
|
|
245
|
+
} else if (subCommand === "health") {
|
|
246
|
+
return await handlers.handleHealthCommand();
|
|
246
247
|
} else if (subCommand === "config") {
|
|
247
248
|
return await handlers.handleConfigCommand(subArgs);
|
|
248
249
|
} else if (subCommand === "cron") {
|
|
@@ -261,9 +262,9 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
261
262
|
api.registerGatewayMethod("skillsScanner.scan", async ({ respond, params }: any) => {
|
|
262
263
|
const { path: p, mode = "scan", recursive = false, detailed = false } = params ?? {};
|
|
263
264
|
if (!p) return respond(false, { error: "Missing path parameter" });
|
|
264
|
-
if (!
|
|
265
|
+
if (!isPythonReady(PYTHON_CMD))
|
|
265
266
|
return respond(false, { error: "Python dependencies not ready" });
|
|
266
|
-
const res = await runScan(
|
|
267
|
+
const res = await runScan(PYTHON_CMD, SCAN_SCRIPT, mode === "batch" ? "batch" : "scan", expandPath(p), {
|
|
267
268
|
recursive,
|
|
268
269
|
detailed,
|
|
269
270
|
behavioral,
|
|
@@ -279,7 +280,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
279
280
|
});
|
|
280
281
|
|
|
281
282
|
api.registerGatewayMethod("skillsScanner.report", async ({ respond }: any) => {
|
|
282
|
-
if (!
|
|
283
|
+
if (!isPythonReady(PYTHON_CMD))
|
|
283
284
|
return respond(false, { error: "Python dependencies not ready" });
|
|
284
285
|
if (scanDirs.length === 0) return respond(false, { error: "No scan directories found" });
|
|
285
286
|
const report = await buildDailyReport(
|
|
@@ -289,7 +290,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
289
290
|
useLLM,
|
|
290
291
|
policy,
|
|
291
292
|
api.logger,
|
|
292
|
-
|
|
293
|
+
PYTHON_CMD,
|
|
293
294
|
SCAN_SCRIPT
|
|
294
295
|
);
|
|
295
296
|
respond(true, { report, state: loadState() });
|
|
@@ -306,7 +307,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
306
307
|
.option("--detailed", "显示所有发现")
|
|
307
308
|
.option("--behavioral", "启用行为分析")
|
|
308
309
|
.action(async (p: string, opts: any) => {
|
|
309
|
-
const res = await runScan(
|
|
310
|
+
const res = await runScan(PYTHON_CMD, SCAN_SCRIPT, "scan", expandPath(p), {
|
|
310
311
|
...opts,
|
|
311
312
|
apiUrl,
|
|
312
313
|
useLLM,
|
|
@@ -323,7 +324,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
323
324
|
.option("--detailed", "显示所有发现")
|
|
324
325
|
.option("--behavioral", "启用行为分析")
|
|
325
326
|
.action(async (d: string, opts: any) => {
|
|
326
|
-
const res = await runScan(
|
|
327
|
+
const res = await runScan(PYTHON_CMD, SCAN_SCRIPT, "batch", expandPath(d), {
|
|
327
328
|
...opts,
|
|
328
329
|
apiUrl,
|
|
329
330
|
useLLM,
|
|
@@ -344,7 +345,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
344
345
|
useLLM,
|
|
345
346
|
policy,
|
|
346
347
|
console,
|
|
347
|
-
|
|
348
|
+
PYTHON_CMD,
|
|
348
349
|
SCAN_SCRIPT
|
|
349
350
|
);
|
|
350
351
|
console.log(report);
|
|
@@ -354,7 +355,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
354
355
|
.command("health")
|
|
355
356
|
.description("检查 API 服务健康状态")
|
|
356
357
|
.action(async () => {
|
|
357
|
-
if (!
|
|
358
|
+
if (!isPythonReady(PYTHON_CMD)) {
|
|
358
359
|
console.error("❌ Python 依赖未就绪");
|
|
359
360
|
process.exit(1);
|
|
360
361
|
}
|
|
@@ -364,7 +365,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
364
365
|
const { promisify } = await import("node:util");
|
|
365
366
|
const execAsync = promisify(exec);
|
|
366
367
|
|
|
367
|
-
const cmd = `"${
|
|
368
|
+
const cmd = `"${PYTHON_CMD}" "${SCAN_SCRIPT}" --api-url "${apiUrl}" health`;
|
|
368
369
|
const env = { ...process.env };
|
|
369
370
|
delete env.http_proxy;
|
|
370
371
|
delete env.https_proxy;
|
|
@@ -395,3 +396,6 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
395
396
|
|
|
396
397
|
api.logger.info("[skills-scanner] ✅ Plugin registered");
|
|
397
398
|
}
|
|
399
|
+
|
|
400
|
+
|
|
401
|
+
|
package/openclaw.plugin.json
CHANGED
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@ name: skills-scanner
|
|
|
3
3
|
description: OpenClaw Skills 安全扫描工具,使用 AI Skill Scanner 检测恶意代码、数据窃取、提示注入等威胁。
|
|
4
4
|
version: 1.0.0
|
|
5
5
|
user-invocable: true
|
|
6
|
-
metadata: {"openclaw": {"emoji": "🔍", "requires": {"bins": ["
|
|
6
|
+
metadata: {"openclaw": {"emoji": "🔍", "requires": {"bins": ["python3"]}}}
|
|
7
7
|
---
|
|
8
8
|
|
|
9
9
|
# Skills 安全扫描工具 🔍
|
|
@@ -29,7 +29,7 @@ OpenClaw Skills 安全扫描工具,检测恶意代码、数据窃取、提示
|
|
|
29
29
|
|
|
30
30
|
**检查方法**:
|
|
31
31
|
```bash
|
|
32
|
-
|
|
32
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 health
|
|
33
33
|
```
|
|
34
34
|
|
|
35
35
|
**处理规则**:
|
|
@@ -143,15 +143,14 @@ VirusTotal 是业界权威的多引擎病毒扫描服务,其结果具有极高
|
|
|
143
143
|
首次运行前,检查并安装依赖:
|
|
144
144
|
|
|
145
145
|
```bash
|
|
146
|
-
# 检查
|
|
147
|
-
|
|
146
|
+
# 检查 Python 是否可用
|
|
147
|
+
python3 --version || echo "请安装 Python 3.10+"
|
|
148
148
|
|
|
149
|
-
#
|
|
150
|
-
|
|
151
|
-
uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
149
|
+
# 安装依赖到主机环境
|
|
150
|
+
python3 -m pip install --user --quiet "requests>=2.31.0"
|
|
152
151
|
```
|
|
153
152
|
|
|
154
|
-
|
|
153
|
+
安装只需执行一次。插件会自动处理依赖安装。
|
|
155
154
|
|
|
156
155
|
## 配置
|
|
157
156
|
|
|
@@ -174,7 +173,7 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
174
173
|
或直接调用时使用 `--api-url` 参数:
|
|
175
174
|
|
|
176
175
|
```bash
|
|
177
|
-
|
|
176
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 scan <路径>
|
|
178
177
|
```
|
|
179
178
|
|
|
180
179
|
---
|
|
@@ -199,7 +198,7 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
199
198
|
适用于快速安全检查,显示总体安全状态和严重问题。
|
|
200
199
|
|
|
201
200
|
```bash
|
|
202
|
-
|
|
201
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url>
|
|
203
202
|
```
|
|
204
203
|
|
|
205
204
|
**示例输出**:
|
|
@@ -214,7 +213,7 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
214
213
|
显示每个安全发现的详细信息,包括类别、描述、文件位置等。
|
|
215
214
|
|
|
216
215
|
```bash
|
|
217
|
-
|
|
216
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url> --detailed
|
|
218
217
|
```
|
|
219
218
|
|
|
220
219
|
**示例输出**:
|
|
@@ -235,7 +234,7 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
235
234
|
启用 AST 数据流分析,更准确地检测复杂的安全威胁。扫描时间较长但更全面。
|
|
236
235
|
|
|
237
236
|
```bash
|
|
238
|
-
|
|
237
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url> --detailed --behavioral
|
|
239
238
|
```
|
|
240
239
|
|
|
241
240
|
**适用场景**:
|
|
@@ -248,7 +247,7 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
248
247
|
使用 LLM 进行语义分析,检测隐蔽的恶意模式和提示注入。需要 API 服务配置 LLM 支持。
|
|
249
248
|
|
|
250
249
|
```bash
|
|
251
|
-
|
|
250
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url> --detailed --behavioral --llm
|
|
252
251
|
```
|
|
253
252
|
|
|
254
253
|
**适用场景**:
|
|
@@ -260,13 +259,13 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
260
259
|
|
|
261
260
|
```bash
|
|
262
261
|
# 严格模式(最保守,任何可疑行为都标记)
|
|
263
|
-
|
|
262
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url> --policy strict
|
|
264
263
|
|
|
265
264
|
# 平衡模式(推荐,默认)
|
|
266
|
-
|
|
265
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url> --policy balanced
|
|
267
266
|
|
|
268
267
|
# 宽松模式(只标记明确的威胁)
|
|
269
|
-
|
|
268
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url> --policy permissive
|
|
270
269
|
```
|
|
271
270
|
|
|
272
271
|
### 保存扫描结果
|
|
@@ -274,7 +273,7 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
274
273
|
将扫描结果保存为 JSON 文件,便于后续分析或存档。
|
|
275
274
|
|
|
276
275
|
```bash
|
|
277
|
-
|
|
276
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub <clawhub_url> --detailed --json /tmp/scan-result.json
|
|
278
277
|
```
|
|
279
278
|
|
|
280
279
|
### 实际使用示例
|
|
@@ -282,7 +281,7 @@ uv pip install --python {baseDir}/.venv/bin/python requests --quiet
|
|
|
282
281
|
#### 示例 1:快速检查日历 Skill
|
|
283
282
|
|
|
284
283
|
```bash
|
|
285
|
-
|
|
284
|
+
python3 {baseDir}/scan.py --api-url {apiUrl} clawhub https://clawhub.ai/Asleep123/caldav-calendar
|
|
286
285
|
```
|
|
287
286
|
|
|
288
287
|
**用户对话**:
|
|
@@ -298,7 +297,7 @@ AI: 好的,让我先扫描一下这个 skill 的安全性...
|
|
|
298
297
|
#### 示例 2:详细检查 PDF Skill
|
|
299
298
|
|
|
300
299
|
```bash
|
|
301
|
-
|
|
300
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 clawhub https://clawhub.ai/steipete/nano-pdf --detailed
|
|
302
301
|
```
|
|
303
302
|
|
|
304
303
|
**用户对话**:
|
|
@@ -321,7 +320,7 @@ AI: 好的,我会进行详细扫描...
|
|
|
321
320
|
#### 示例 3:深度扫描可疑 Skill
|
|
322
321
|
|
|
323
322
|
```bash
|
|
324
|
-
|
|
323
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 clawhub https://clawhub.ai/username/suspicious-skill --detailed --behavioral --policy strict
|
|
325
324
|
```
|
|
326
325
|
|
|
327
326
|
**用户对话**:
|
|
@@ -344,7 +343,7 @@ AI: 明白,我会使用严格模式进行深度扫描...
|
|
|
344
343
|
#### 示例 4:包含 VirusTotal 扫描结果
|
|
345
344
|
|
|
346
345
|
```bash
|
|
347
|
-
|
|
346
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 clawhub https://clawhub.ai/username/project --detailed
|
|
348
347
|
```
|
|
349
348
|
|
|
350
349
|
**用户对话(未检测到威胁)**:
|
|
@@ -457,25 +456,25 @@ https://clawhub.ai/<username>/<project>
|
|
|
457
456
|
### 基础扫描(推荐,速度快)
|
|
458
457
|
|
|
459
458
|
```bash
|
|
460
|
-
|
|
459
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 scan <skill路径>
|
|
461
460
|
```
|
|
462
461
|
|
|
463
462
|
### 详细模式(显示所有发现)
|
|
464
463
|
|
|
465
464
|
```bash
|
|
466
|
-
|
|
465
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 scan <skill路径> --detailed
|
|
467
466
|
```
|
|
468
467
|
|
|
469
468
|
### 深度扫描(加入行为分析)
|
|
470
469
|
|
|
471
470
|
```bash
|
|
472
|
-
|
|
471
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 scan <skill路径> --detailed --behavioral
|
|
473
472
|
```
|
|
474
473
|
|
|
475
474
|
### 最强扫描(加入 LLM 语义分析)
|
|
476
475
|
|
|
477
476
|
```bash
|
|
478
|
-
|
|
477
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 scan <skill路径> --detailed --behavioral --llm
|
|
479
478
|
```
|
|
480
479
|
|
|
481
480
|
---
|
|
@@ -487,31 +486,31 @@ https://clawhub.ai/<username>/<project>
|
|
|
487
486
|
### 扫描指定目录下的所有 Skills
|
|
488
487
|
|
|
489
488
|
```bash
|
|
490
|
-
|
|
489
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 batch <目录路径>
|
|
491
490
|
```
|
|
492
491
|
|
|
493
492
|
### 递归扫描(含子目录)
|
|
494
493
|
|
|
495
494
|
```bash
|
|
496
|
-
|
|
495
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 batch <目录路径> --recursive
|
|
497
496
|
```
|
|
498
497
|
|
|
499
498
|
### 批量扫描并输出 JSON 报告
|
|
500
499
|
|
|
501
500
|
```bash
|
|
502
|
-
|
|
501
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 batch <目录路径> --detailed --json /tmp/scan-report.json
|
|
503
502
|
```
|
|
504
503
|
|
|
505
504
|
### 常用目录示例
|
|
506
505
|
|
|
507
506
|
扫描 OpenClaw 默认 skills 目录:
|
|
508
507
|
```bash
|
|
509
|
-
|
|
508
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 batch ~/.openclaw/skills
|
|
510
509
|
```
|
|
511
510
|
|
|
512
511
|
扫描 workspace skills:
|
|
513
512
|
```bash
|
|
514
|
-
|
|
513
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 batch ~/.openclaw/workspace/skills --recursive
|
|
515
514
|
```
|
|
516
515
|
|
|
517
516
|
---
|
|
@@ -521,7 +520,7 @@ https://clawhub.ai/<username>/<project>
|
|
|
521
520
|
检查 API 服务是否运行:
|
|
522
521
|
|
|
523
522
|
```bash
|
|
524
|
-
|
|
523
|
+
python3 {baseDir}/scan.py --api-url http://localhost:8000 health
|
|
525
524
|
```
|
|
526
525
|
|
|
527
526
|
---
|
|
@@ -633,3 +632,4 @@ https://clawhub.ai/<username>/<project>
|
|
|
633
632
|
```
|
|
634
633
|
|
|
635
634
|
**即使其他分析器显示安全,VirusTotal 检测到威胁时也必须警告用户!**
|
|
635
|
+
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
OpenClaw Skills 安全扫描器 (HTTP 客户端)
|
|
8
8
|
通过 HTTP API 调用远程 skill-scanner-api 服务
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
注意:此脚本使用系统 Python 运行,需确保已安装 requests 依赖
|
|
11
11
|
"""
|
|
12
12
|
|
|
13
13
|
import sys
|
|
@@ -26,7 +26,7 @@ try:
|
|
|
26
26
|
except ImportError as e:
|
|
27
27
|
print("❌ requests 未安装。")
|
|
28
28
|
print(f" 导入错误: {e}")
|
|
29
|
-
print(" 请运行:
|
|
29
|
+
print(" 请运行: pip install requests")
|
|
30
30
|
sys.exit(1)
|
|
31
31
|
|
|
32
32
|
|