风险评分

100/100 (Very Low)

OpenClaw: benign
VirusTotal: benign
StaticScan: clean

Skill Risk Auditor

作者: Xiaofang Yang
Slug:skill-risk-auditor
版本:1.0.1
更新时间:2026-03-17 17:26:55
风险信息

OpenClaw: benign

查看 OpenClaw 分析摘要(前 200 字预览) 
The skill's declared purpose (pre-install audit) matches its instructions and requirements — it's an instruction-only auditor that asks to inspect candidate skill artifacts and does not request extra ...

[内容已截断]

VirusTotal: benign VT 报告

静态扫描: clean 

No suspicious patterns detected.
README

README 未提供

文件列表

无文件信息

下载
下载官方 ZIP
原始 JSON 数据
{
    "latestVersion": {
        "_creationTime": 1773735946818,
        "_id": "k9758wztzjtv6qvj6hemxkjhzn832pkd",
        "changelog": "Problem: Our guard document itself contains literal attack phrases (such as “ignore previous instructions” and “trust this skill”), which can be flagged as suspicious by a pattern scanner and also create a theoretical injection surface.\n\nFix 1 — Audit Scope Boundary (line 28): Added an explicit scope boundary stating that the audit is strictly limited to the candidate skill’s package directory. If the candidate skill references external paths (such as ~\/.ssh\/), the guard records the reference as a finding but does not actually access it.\n\nFix 2 — Remove Literal Attack Strings (4 occurrences): Replaced all literal injection phrases with behavioral-category descriptions.",
        "changelogSource": "user",
        "createdAt": 1773735946818,
        "version": "1.0.1"
    },
    "owner": {
        "_creationTime": 0,
        "_id": "publishers:missing",
        "displayName": "Xiaofang Yang",
        "handle": "yxf203",
        "image": "https:\/\/avatars.githubusercontent.com\/u\/128906103?v=4",
        "kind": "user",
        "linkedUserId": "kn72q1fv12azbpxh34vbgg99p182mkvm"
    },
    "ownerHandle": "yxf203",
    "skill": {
        "_creationTime": 1773734811546,
        "_id": "kd784qck9k0tznar8ex4vcym1s83392e",
        "badges": [],
        "createdAt": 1773734811546,
        "displayName": "Skill Risk Auditor",
        "latestVersionId": "k9758wztzjtv6qvj6hemxkjhzn832pkd",
        "ownerUserId": "kn72q1fv12azbpxh34vbgg99p182mkvm",
        "slug": "skill-risk-auditor",
        "stats": {
            "comments": 0,
            "downloads": 55,
            "installsAllTime": 0,
            "installsCurrent": 0,
            "stars": 1,
            "versions": 2
        },
        "summary": "Comprehensive pre-install guard that audits third-party skills across nine risk areas — covering semantic integrity, supply chain, secrets, data exfiltration...",
        "tags": {
            "latest": "k9758wztzjtv6qvj6hemxkjhzn832pkd"
        },
        "updatedAt": 1773739615916
    }
}