Overview
- Skill Key
- abyousef739/clawskillshield
- Author
- abyousef739
- Source Repo
- openclaw/skills
- Version
- -
- Source Path
- skills/abyousef739/clawskillshield
- Latest Commit SHA
- 61d02c0eebd3b3a227cdb639c93c251a320e0d06
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
安装方式
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 Clawskillshield 技能。 若已安装,则直接安装 Clawskillshield 技能。
Extracted Content
SKILL.md excerpt
# ClawSkillShield 🛡️
**Local-first security scanner for OpenClaw/ClawHub skills.**
## What It Does
- **Static analysis** for security risks and malware patterns
- **Detects**:
- Hardcoded secrets (API keys, credentials, private keys)
- Risky imports (`os`, `subprocess`, `socket`, `ctypes`)
- Dangerous calls (`eval()`, `exec()`, `open()`)
- Obfuscation (base64 blobs, suspicious encoding)
- Hardcoded IPs
- **Risk scoring** (0–10) + detailed threat reports
- **Quarantine** high-risk skills automatically
## Dual-Use Design
- **CLI for humans**: Quick safety checks before installing skills
- **Agent API**: Importable functions for autonomous agents/Moltbots to proactively scan and quarantine risky skills (essential post-ClawHavoc)
## Quick Start
### CLI (Humans)
```bash
pip install -e .
clawskillshield scan-local /path/to/skill
clawskillshield quarantine /path/to/skill
```
### Python API (Agents)
```python
from clawskillshield import scan_local, quarantine
threats = scan_local("/path/to/skill")
if risk_score < 4: # HIGH RISK
quarantine("/path/to/skill")
```
## Zero Dependencies
Pure Python. No network calls. Runs entirely locally.
## Why This Matters
ClawHavoc demonstrated how easily malicious skills can slip into the ecosystem. ClawSkillShield provides a trusted, open-source defense layer—audit the code, run offline, stay safe.
---
**GitHub**: https://github.com/AbYousef739/clawskillshield
**License**: MIT
**Author**: Ab Yousef
**Contact**: contact@clawskillshield.com
README excerpt
# ClawSkillShield v0.1.1 **Local-first security scanner for OpenClaw/ClawHub skills built for BOTH humans AND autonomous agents/Moltbots.** Post-ClawHavoc essential: Static analysis to catch malware/risks before install. ## What It Detects - **Hardcoded secrets** AWS keys, API credentials, private keys - **Dangerous calls** `eval()`, `exec()`, `open()`, high-risk functions - **Risky imports** `os`, `subprocess`, `socket`, `ctypes` - **Obfuscation** Large base64 blobs, suspicious encoding - **Hardcoded IPs** Potential exfiltration vectors - **Zero dependencies** Pure Python, safe for agent/human use **Why dual-use?** Humans get simple CLI safety checks; autonomous agents/Moltbots get importable functions for proactive self-defense. ## Installation ```bash pip install -e . ``` ## Quick Start (CLI) ```bash # Scan a folder/skill clawskillshield scan-local /path/to/skill # Quarantine high-risk code clawskillshield quarantine /path/to/skill ``` ## Examples ### Safe Scan (Low Risk) Scanning a legitimate skill with normal file I/O: ```bash $ clawskillshield scan-local . ============================================================ ClawSkillShield Report: . ============================================================ MODERATE RISK - Review Risk Score: 5.5/10.0 ------------------------------------------------------------ Threats Found: ------------------------------------------------------------ [WARNING] Risky import: os File: .\clawskillshield\analyzer.py Line: 4 Direct OS access [WARNING] Dangerous call: open() File: .\clawskillshield\analyzer.py Line: 19 Arbitrary execution or sensitive access [WARNING] Risky import: os File: .\clawskillshield\skill.py Line: 4 Direct OS access ============================================================ ``` ### High-Risk Detection Scanning code with malware patterns: ```bash $ clawskillshield scan-local ../test-risky ========================================================...
Related Claw Skills
heyixuan2
bambu-studio-ai
Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).
capt-marbles
geo-optimization
Generative Engine Optimization (GEO) for AI search visibility. Optimize content to appear in ChatGPT, Perplexity, Claude, and Google AI Overviews. Use when optimizing websites, pages, or content for LLM discoverability and citation.
carlulsoe
parakeet-stt
Local speech-to-text with NVIDIA Parakeet TDT 0.6B v3 (ONNX on CPU). 30x faster than Whisper, 25 languages, auto-detection, OpenAI-compatible API. Use when transcribing audio files, converting speech to text, or processing voice recordings locally without cloud APIs.
carlzhao007
feishu-process-feedback
飞书消息自动处理与进度反馈技能。安装后后台运行,监听飞书任务消息并自动创建独立进程处理。 在处理前后发送实时进度反馈(任务确认、进度百分比、完成通知)。 支持任务类型识别、智能解析、错误重试、并发控制、状态持久化。 使用场景:飞书自动化工作流、任务进度追踪、批量任务处理、需要实时反馈的场景。
cartoonitunes
bottyfans
BottyFans agent skill for autonomous creator monetization. Lets AI agents register, build a profile, publish posts (public, subscriber-only, or pay-to-unlock), upload media, accept USDC subscriptions and tips on Base, send and receive DMs, track earnings, and appear on the creator leaderboard. Use this skill when an agent needs to monetize content, interact with fans, manage a creator profile, handle payments in USDC, or operate as an autonomous creator on the BottyFans platform.
camopel
arxivkb
Local arXiv paper manager with semantic search. Crawls arXiv categories, downloads PDFs, chunks content, and indexes with FAISS + Ollama embeddings. No cloud API keys required — everything runs locally.