Initial commit with translated description

2026-03-29 09:28:54 +08:00
commit bcd54f35ac
5 changed files with 929 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,192 @@
+# Skill Scanner
+
+Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.
+
+## Features
+
+- Detects **data exfiltration** patterns (env scraping, credential access, HTTP POST to unknown domains)
+- Identifies **system modification** attempts (dangerous rm, crontab changes, systemd persistence)
+- Catches **crypto-mining** indicators (xmrig, mining pools, wallet addresses)
+- Flags **arbitrary code execution** risks (eval, exec, download-and-execute)
+- Detects **backdoors** (reverse shells, socket servers)
+- Finds **obfuscation** techniques (base64 decode + exec)
+- Outputs **Markdown** or **JSON** reports
+- Returns exit codes for CI/CD integration
+
+## Installation
+
+```bash
+# Clone the repo
+git clone https://github.com/bvinci1-design/skill-scanner.git
+cd skill-scanner
+
+# No dependencies required - uses Python standard library only
+# Requires Python 3.7+
+```
+
+---
+
+## How to Run in Clawdbot
+
+Clawdbot users can run this scanner directly as a skill to audit other downloaded skills.
+
+### Quick Start (Clawdbot)
+
+1. **Download the scanner** from this repo to your Clawdbot skills folder:
+   ```bash
+   cd ~/.clawdbot/skills
+   git clone https://github.com/bvinci1-design/skill-scanner.git
+   ```
+
+2. **Scan any skill** by telling Clawdbot:
+   ```
+   "Scan the [skill-name] skill for security issues using skill-scanner"
+   ```
+   
+   Or run directly:
+   ```bash
+   python ~/.clawdbot/skills/skill-scanner/skill_scanner.py ~/.clawdbot/skills/[skill-name]
+   ```
+
+3. **Review the output** - Clawdbot will display:
+   - Verdict: APPROVED, CAUTION, or REJECT
+   - Any security findings with severity levels
+   - Specific file and line numbers for concerns
+
+### Example Clawdbot Commands
+
+```
+"Use skill-scanner to check the youtube-watcher skill"
+"Scan all my downloaded skills for malware"
+"Run a security audit on the remotion skill"
+```
+
+### Interpreting Results in Clawdbot
+
+| Verdict | Meaning | Action |
+|---------|---------|--------|
+| APPROVED | No security issues found | Safe to use |
+| CAUTION | Minor concerns detected | Review findings before use |
+| REJECT | Critical security issues | Do not use without careful review |
+
+---
+
+## How to Run on Any Device
+
+The scanner works on any system with Python 3.7+ installed.
+
+### Prerequisites
+
+- Python 3.7 or higher
+- Git (for cloning) or download ZIP from GitHub
+- No additional packages required (uses Python standard library)
+
+### Installation Options
+
+**Option 1: Clone with Git**
+```bash
+git clone https://github.com/bvinci1-design/skill-scanner.git
+cd skill-scanner
+```
+
+**Option 2: Download ZIP**
+1. Click "Code" button on GitHub
+2. Select "Download ZIP"
+3. Extract to desired location
+
+### Command Line Usage
+
+**Basic scan:**
+```bash
+python skill_scanner.py /path/to/skill-folder
+```
+
+**Output to file:**
+```bash
+python skill_scanner.py /path/to/skill-folder --output report.md
+```
+
+**JSON output:**
+```bash
+python skill_scanner.py /path/to/skill-folder --json
+```
+
+**Scan current directory:**
+```bash
+python skill_scanner.py .
+```
+
+### Web UI (Streamlit)
+
+For a user-friendly graphical interface:
+
+1. **Install Streamlit:**
+   ```bash
+   pip install streamlit
+   ```
+
+2. **Run the UI:**
+   ```bash
+   streamlit run streamlit_ui.py
+   ```
+
+3. **Open in browser** at `http://localhost:8501`
+
+4. **Features:**
+   - Drag-and-drop file upload
+   - Support for ZIP archives
+   - Paste code directly for scanning
+   - Visual severity indicators
+   - Export reports in Markdown or JSON
+
+---
+
+## Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Approved - no issues |
+| 1 | Caution - high-severity issues |
+| 2 | Reject - critical issues |
+
+## Threat Patterns Detected
+
+### Critical (auto-reject)
+- Credential path access (~/.ssh, ~/.aws, /etc/passwd)
+- Dangerous recursive delete (rm -rf /)
+- Systemd/launchd persistence
+- Crypto miners (xmrig, ethminer, stratum+tcp)
+- Download and execute (curl | sh)
+- Reverse shells (/dev/tcp, nc -e)
+- Base64 decode + exec obfuscation
+
+### High (caution)
+- Bulk environment variable access
+- Crontab modification
+- eval/exec dynamic code execution
+- Socket servers
+
+### Medium (informational)
+- Environment variable reads
+- HTTP POST to external endpoints
+
+## CI/CD Integration
+
+```yaml
+# GitHub Actions example
+- name: Scan skill for security issues
+  run: |
+    python skill_scanner.py ./my-skill --output scan-report.md
+    if [ $? -eq 2 ]; then
+      echo "CRITICAL issues found - blocking merge"
+      exit 1
+    fi
+```
+
+## Contributing
+
+Pull requests welcome! To add new threat patterns, edit the `THREAT_PATTERNS` list in `skill_scanner.py`.
+
+## License
+
+MIT License - see LICENSE file for details.