51 lines
1.4 KiB
Markdown
51 lines
1.4 KiB
Markdown
|
---
|
|||
|
|
name: skill-scanner
|
|||
|
|
description: "在安装前扫描Clawdbot和MCP技能中的恶意软件、间谍软件、加密货币挖矿程序和恶意代码模式。安全审计工具,可检测数据泄露、系统修改尝试、后门和混淆技术。"
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
# Skill Scanner
|
|||
|
|
|
|||
|
|
Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.
|
|||
|
|
|
|||
|
|
## Capabilities
|
|||
|
|
- Scan skill folders for security threats
|
|||
|
|
- Detect data exfiltration patterns
|
|||
|
|
- Identify system modification attempts
|
|||
|
|
- Catch crypto-mining indicators
|
|||
|
|
- Flag arbitrary code execution risks
|
|||
|
|
- Find backdoors and obfuscation techniques
|
|||
|
|
- Output reports in Markdown or JSON format
|
|||
|
|
- Provide Web UI via Streamlit
|
|||
|
|
|
|||
|
|
## Usage
|
|||
|
|
|
|||
|
|
### Command Line
|
|||
|
|
```bash
|
|||
|
|
python skill_scanner.py /path/to/skill-folder
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### Within Clawdbot
|
|||
|
|
```
|
|||
|
|
"Scan the [skill-name] skill for security issues using skill-scanner"
|
|||
|
|
"Use skill-scanner to check the youtube-watcher skill"
|
|||
|
|
"Run a security audit on the remotion skill"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### Web UI
|
|||
|
|
```bash
|
|||
|
|
pip install streamlit
|
|||
|
|
streamlit run streamlit_ui.py
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## Requirements
|
|||
|
|
- Python 3.7+
|
|||
|
|
- No additional dependencies (uses Python standard library)
|
|||
|
|
- Streamlit (optional, for Web UI)
|
|||
|
|
|
|||
|
|
## Entry Point
|
|||
|
|
- **CLI:** `skill_scanner.py`
|
|||
|
|
- **Web UI:** `streamlit_ui.py`
|
|||
|
|
|
|||
|
|
## Tags
|
|||
|
|
#security #malware #spyware #crypto-mining #scanner #audit #code-analysis #mcp #clawdbot #agent-skills #safety #threat-detection #vulnerability
|