风险评分

59/100 (Medium)

OpenClaw: suspicious
VirusTotal: benign
StaticScan: unknown

Bomb Dog Sniff

作者: LvcidPsyche
Slug:skill-bomb-dog-sniff
版本:0.1.0
更新时间:2026-03-01 11:37:49
风险信息

OpenClaw: suspicious

查看 OpenClaw 分析摘要(前 200 字预览) 
The skill is largely coherent with its stated purpose (a local scanner/downloader for skills) but contains a prompt‑injection indicator in SKILL.md and runs subprocesses (unzip, npx) and filesystem op...

[内容已截断]

VirusTotal: benign VT 报告

静态扫描: unknown

README

README 未提供

文件列表

无文件信息

下载
下载官方 ZIP
原始 JSON 数据
{
    "latestVersion": {
        "_creationTime": 1770530107924,
        "_id": "k971hartapjqp1tqfzb9d91ht980s1ge",
        "changelog": "bomb-dog-sniff v1.2.0 is a major security and detection upgrade for OpenClaw skill scanning.\n\n- Fixed command injection and added path traversal protection for safer downloads and scanning.\n- Quarantines skills in randomized, permission-locked directories before scanning.\n- Now detects and skips binary\/oversized files and restricts regex processing to prevent resource attacks.\n- Smarter detection: reduced false positives, added entropy analysis for encoded threats, awareness of test files, and per-finding confidence scoring.\n- Expanded to 13 detection categories, now including supply chain attacks, prototype pollution, and new script-based threats.\n- New detection patterns target credential and SSH key theft, browser and system persistence, and more.\n- All commands (scan, safe-install, audit, batch) documented with clear examples and risk scoring explanations.",
        "changelogSource": "auto",
        "createdAt": 1770530107924,
        "version": "0.1.0"
    },
    "owner": {
        "_creationTime": 0,
        "_id": "publishers:missing",
        "displayName": "LvcidPsyche",
        "handle": "lvcidpsyche",
        "image": "https:\/\/avatars.githubusercontent.com\/u\/160208855?v=4",
        "kind": "user",
        "linkedUserId": "kn76wdw44czc876jy6a8a6pcs9808dc4"
    },
    "ownerHandle": "lvcidpsyche",
    "skill": {
        "_creationTime": 1770530107924,
        "_id": "kd799k49ayxsb3q4m49xdg34h180rz8h",
        "badges": [],
        "createdAt": 1770530107924,
        "displayName": "Bomb Dog Sniff",
        "latestVersionId": "k971hartapjqp1tqfzb9d91ht980s1ge",
        "ownerUserId": "kn76wdw44czc876jy6a8a6pcs9808dc4",
        "slug": "skill-bomb-dog-sniff",
        "stats": {
            "comments": 0,
            "downloads": 1068,
            "installsAllTime": 1,
            "installsCurrent": 1,
            "stars": 2,
            "versions": 1
        },
        "summary": "Security-first skill management for OpenClaw - like a bomb-sniffing dog for skills.\nSniffs out malicious payloads (crypto stealers, keyloggers, reverse shells) before installation.\nQuarantine → Scan → Install only the safe ones.",
        "tags": {
            "latest": "k971hartapjqp1tqfzb9d91ht980s1ge"
        },
        "updatedAt": 1772336269243
    }
}