clawscan-vigil 安全扫描报告 — 低风险 | ClawSafe

15 /100

clawscan-vigil

OpenClaw Skill Security Scanner - static and dynamic analysis

ClawScan is a legitimate security scanning tool for OpenClaw Skills with no malicious behavior detected. All capabilities align with documented functionality.

技能名称clawscan-vigil

分析耗时51.1s

引擎pi

✓

可以安装

Approve for installation. This is a genuine security tool that performs static and dynamic analysis of AI skills.

安全发现 2 项

严重性	安全发现	位置
低危	Client-side license validation License verification is performed locally without server verification. The 'verified' flag remains False even after activation. `'verified': False # Would be True after server verification` → Implement server-side license verification for production use	`core/license_manager.py:131`
提示	RestrictedPython sandbox limitations Dynamic analysis uses RestrictedPython which may not catch all runtime behaviors. Some malicious code patterns skip detection. `from RestrictedPython import compile_restricted, safe_globals` → Document sandbox limitations in SKILL.md	`core/dynamic_tracer.py:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Reads Python files in target skill directories for analysis
命令执行	`WRITE`	`WRITE`	✓ 一致	skill/skill_wrapper.py:17 uses subprocess.run() to invoke clawscan CLI
网络访问	`NONE`	`READ`	✓ 一致	requests library is a dependency but used only for legitimate external verificat…

8 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.ai/signup

PUBLISH.md:45

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/python-3.10+-blue.svg

README.md:3

🔗

中危外部 URL 外部 URL

https://www.python.org/downloads/

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:4

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/MIT

README.md:4

🔗

中危外部 URL 外部 URL

https://clawscan.dev

SKILL.md:73

🔗

中危外部 URL 外部 URL

https://docs.clawscan.dev

pyproject.toml:42

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:167

目录结构

16 文件 · 74.9 KB · 2421 行

Python 11f · 1751L Markdown 4f · 616L TOML 1f · 54L

├─ ▾ 📁 core

│ ├─ 🐍 __init__.py Python 5L · 176 B

│ ├─ 🐍 advanced_analyzer.py Python 230L · 8.1 KB

│ ├─ 🐍 batch_scanner.py Python 156L · 5.3 KB

│ ├─ 🐍 dynamic_tracer.py Python 249L · 9.0 KB

│ ├─ 🐍 license_manager.py Python 159L · 5.0 KB

│ ├─ 🐍 models.py Python 59L · 1.6 KB

│ ├─ 🐍 risk_engine.py Python 110L · 3.8 KB

│ ├─ 🐍 scanner.py Python 101L · 3.4 KB

│ └─ 🐍 static_analyzer.py Python 262L · 9.3 KB

├─ ▾ 📁 skill

│ ├─ 🐍 skill_wrapper.py Python 74L · 1.9 KB

│ └─ 📝 SKILL.md Markdown 171L · 4.2 KB

├─ 🐍 cli.py Python 346L · 11.0 KB

├─ 📝 PUBLISH.md Markdown 135L · 2.5 KB

├─ 📄 pyproject.toml TOML 54L · 1.3 KB

├─ 📝 README.md Markdown 139L · 4.0 KB

└─ 📝 SKILL.md Markdown 171L · 4.2 KB

依赖分析 4 项

包名	版本	来源	已知漏洞	备注
`click`	`>=8.0`	pyproject.toml	否	CLI framework - standard dependency
`requests`	`>=2.28`	pyproject.toml	否	HTTP library - expected for network security scanning
`RestrictedPython`	`>=7.0`	pyproject.toml	否	Security sandbox - core to this tool's safety model
`rich`	`>=13.0`	pyproject.toml	否	Terminal output - standard UI dependency

安全亮点

✓ Uses RestrictedPython sandbox for dynamic analysis

✓ AST-based static analysis detects dangerous patterns

✓ No credential harvesting or exfiltration code found

✓ No base64/eval patterns that could hide malicious behavior

✓ Subprocess usage is scoped to legitimate tool execution

✓ All declared capabilities match actual implementation

✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths

✓ Dependencies (click, rich, requests) are standard and legitimate