skills/bvinci1-design_skill-scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcd54f35ac3d392a63a959f35d713288a2f4c0d8
bvinci1-design_skill-scanner/README.md

193 lines
4.6 KiB
Markdown
Raw Blame History

# Skill Scanner
Security audit tool for Clawdbot/MCP skills - scans for malware, spyware, crypto-mining, and malicious patterns.
## Features
- Detects **data exfiltration** patterns (env scraping, credential access, HTTP POST to unknown domains)
- Identifies **system modification** attempts (dangerous rm, crontab changes, systemd persistence)
- Catches **crypto-mining** indicators (xmrig, mining pools, wallet addresses)
- Flags **arbitrary code execution** risks (eval, exec, download-and-execute)
- Detects **backdoors** (reverse shells, socket servers)
- Finds **obfuscation** techniques (base64 decode + exec)
- Outputs **Markdown** or **JSON** reports
- Returns exit codes for CI/CD integration
## Installation
```bash
# Clone the repo
git clone https://github.com/bvinci1-design/skill-scanner.git
cd skill-scanner
# No dependencies required - uses Python standard library only
# Requires Python 3.7+
```
---
## How to Run in Clawdbot
Clawdbot users can run this scanner directly as a skill to audit other downloaded skills.
### Quick Start (Clawdbot)
1. **Download the scanner** from this repo to your Clawdbot skills folder:
```bash
cd ~/.clawdbot/skills
git clone https://github.com/bvinci1-design/skill-scanner.git
```
2. **Scan any skill** by telling Clawdbot:
```
"Scan the [skill-name] skill for security issues using skill-scanner"
```
Or run directly:
```bash
python ~/.clawdbot/skills/skill-scanner/skill_scanner.py ~/.clawdbot/skills/[skill-name]
```
3. **Review the output** - Clawdbot will display:
- Verdict: APPROVED, CAUTION, or REJECT
- Any security findings with severity levels
- Specific file and line numbers for concerns
### Example Clawdbot Commands
```
"Use skill-scanner to check the youtube-watcher skill"
"Scan all my downloaded skills for malware"
"Run a security audit on the remotion skill"
```
### Interpreting Results in Clawdbot
| Verdict | Meaning | Action |
|---------|---------|--------|
| APPROVED | No security issues found | Safe to use |
| CAUTION | Minor concerns detected | Review findings before use |
| REJECT | Critical security issues | Do not use without careful review |
---
## How to Run on Any Device
The scanner works on any system with Python 3.7+ installed.
### Prerequisites
- Python 3.7 or higher
- Git (for cloning) or download ZIP from GitHub
- No additional packages required (uses Python standard library)
### Installation Options
**Option 1: Clone with Git**
```bash
git clone https://github.com/bvinci1-design/skill-scanner.git
cd skill-scanner
```
**Option 2: Download ZIP**
1. Click "Code" button on GitHub
2. Select "Download ZIP"
3. Extract to desired location
### Command Line Usage
**Basic scan:**
```bash
python skill_scanner.py /path/to/skill-folder
```
**Output to file:**
```bash
python skill_scanner.py /path/to/skill-folder --output report.md
```
**JSON output:**
```bash
python skill_scanner.py /path/to/skill-folder --json
```
**Scan current directory:**
```bash
python skill_scanner.py .
```
### Web UI (Streamlit)
For a user-friendly graphical interface:
1. **Install Streamlit:**
```bash
pip install streamlit
```
2. **Run the UI:**
```bash
streamlit run streamlit_ui.py
```
3. **Open in browser** at `http://localhost:8501`
4. **Features:**
- Drag-and-drop file upload
- Support for ZIP archives
- Paste code directly for scanning
- Visual severity indicators
- Export reports in Markdown or JSON
---
## Exit Codes
| Code | Meaning |
|------|---------|
| 0 | Approved - no issues |
| 1 | Caution - high-severity issues |
| 2 | Reject - critical issues |
## Threat Patterns Detected
### Critical (auto-reject)
- Credential path access (~/.ssh, ~/.aws, /etc/passwd)
- Dangerous recursive delete (rm -rf /)
- Systemd/launchd persistence
- Crypto miners (xmrig, ethminer, stratum+tcp)
- Download and execute (curl | sh)
- Reverse shells (/dev/tcp, nc -e)
- Base64 decode + exec obfuscation
### High (caution)
- Bulk environment variable access
- Crontab modification
- eval/exec dynamic code execution
- Socket servers
### Medium (informational)
- Environment variable reads
- HTTP POST to external endpoints
## CI/CD Integration
```yaml
# GitHub Actions example
- name: Scan skill for security issues
run: |
python skill_scanner.py ./my-skill --output scan-report.md
if [ $? -eq 2 ]; then
echo "CRITICAL issues found - blocking merge"
exit 1
fi
```
## Contributing
Pull requests welcome! To add new threat patterns, edit the `THREAT_PATTERNS` list in `skill_scanner.py`.
## License
MIT License - see LICENSE file for details.
Reference in New Issue View Git Blame Copy Permalink