中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
agent-security-skill-scanner
AI Agent 技能安全扫描器 - 检测恶意技能、后门代码、权限滥用
This is a legitimate AI Agent security scanning tool designed to detect malicious skills, backdoors, and permission abuse. The flagged 'rm -rf /' at line 333 is a test sample in the rule iterator's test data, not actual malicious code execution.
Skill Nameagent-security-skill-scanner
Duration79.5s
Enginepi
Safe to install
This skill is safe to use. It properly implements a security scanner with documented capabilities for detecting malware patterns, credential theft, and data exfiltration in target skills.

Findings 1 items

Severity Finding Location
Low
Minor subprocess usage not explicitly declared Doc Mismatch
scanner_cli.py uses subprocess.run() to invoke internal scripts, but SKILL.md only lists file permissions. This is low-risk since it's internal-only execution.
subprocess.run(cmd)
→ Consider documenting internal shell usage in SKILL.md for transparency
 scanner_cli.py:26
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned install.sh:44, cli.py:85
Shell NONE WRITE ✓ Aligned scanner_cli.py:26 subprocess.run() for internal scripts only
Network NONE NONE No external network connections detected
Environment NONE READ ✓ Aligned No credential harvesting - only env access patterns for detection
1 Critical 26 findings
💀
Critical Dangerous Command 危险 Shell 命令
rm -rf /
rule_iterator.py:333
🔗
Medium External URL 外部 URL
https://gitee.com/caidongyun/agent-security-skill-scanner
CAPABILITIES.md:468
🔗
Medium External URL 外部 URL
https://gitee.com/caidongyun/agent-security-skill-scanner/issues
I18N.md:221
🔗
Medium External URL 外部 URL
https://packaging.python.org
NPM_PUBLISH_PLAN.md:365
🔗
Medium External URL 外部 URL
https://docs.npmjs.com
NPM_PUBLISH_PLAN.md:366
🔗
Medium External URL 外部 URL
https://www.npmjs.com/package/agent-security-scanner
PUBLISH_CHANNELS.md:98
🔗
Medium External URL 外部 URL
https://www.npmjs.com
PUBLISH_CHANNELS.md:108
🔗
Medium External URL 外部 URL
https://clawhub.com
PUBLISH_CHANNELS.md:126
🔗
Medium External URL 外部 URL
https://huggingface.co/caidongyun
PUBLISH_CHANNELS.md:145
🔗
Medium External URL 外部 URL
https://huggingface.co
PUBLISH_CHANNELS.md:161
🔗
Medium External URL 外部 URL
https://modelscope.cn
PUBLISH_CHANNELS.md:182
🔗
Medium External URL 外部 URL
https://caidongyun.gitbook.io/agent-security-scanner
PUBLISH_CHANNELS.md:219
🔗
Medium External URL 外部 URL
https://gitbook.com
PUBLISH_CHANNELS.md:229
🔗
Medium External URL 外部 URL
https://agent-security-scanner.readthedocs.io
PUBLISH_CHANNELS.md:241
🔗
Medium External URL 外部 URL
https://readthedocs.org
PUBLISH_CHANNELS.md:253
🔗
Medium External URL 外部 URL
https://gitlab.com/caidongyun/agent-security-skill-scanner
PUBLISH_CHANNELS.md:267
🔗
Medium External URL 外部 URL
https://bitbucket.org
PUBLISH_CHANNELS.md:282
🔗
Medium External URL 外部 URL
https://www.producthunt.com
PUBLISH_CHANNELS.md:298
🔗
Medium External URL 外部 URL
https://news.ycombinator.com
PUBLISH_CHANNELS.md:312
🔗
Medium External URL 外部 URL
https://gitee.com
PUBLISH_CHANNELS.md:494
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/version-2.0.1-blue.svg
README.en.md:5
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/license-MIT-green.svg
README.en.md:6
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/python-3.8+-yellow.svg
README.en.md:7
🔗
Medium External URL 外部 URL
https://www.python.org/
README.en.md:7
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/version-2.2.1-blue.svg
README.md:5
🔗
Medium External URL 外部 URL
https://gitee.com/caidongyun/agent-security-skill-scanner/blob/master/README.md
clawhub.yaml:15

File Tree

66 files · 475.6 KB · 18216 lines
JSON 31f · 8705L Markdown 15f · 5270L Python 17f · 4115L Shell 1f · 65L YAML 2f · 61L
├─ 📁 data
│ ├─ 📁 whitelist
│ │ ├─ 📋 false_positive_whitelist.json JSON 262L · 5.9 KB
│ │ └─ 📋 local.json JSON 16L · 408 B
│ ├─ 📋 combo_detection_rules.json JSON 71L · 1.4 KB
│ └─ 📋 intent_detection_rules.json JSON 98L · 1.7 KB
├─ 📁 detectors
│ ├─ 🐍 __init__.py Python 8L · 152 B
│ ├─ 🐍 malware.py Python 117L · 4.2 KB
│ └─ 🐍 metadata.py Python 305L · 9.8 KB
├─ 📁 docs
│ ├─ 📝 CAPABILITIES.md Markdown 476L · 13.8 KB
│ ├─ 📝 PROJECT_BRIEF.md Markdown 119L · 3.2 KB
│ ├─ 📝 QUICK_GUIDE.md Markdown 230L · 3.9 KB
│ ├─ 📝 RELEASE_CHECKLIST.md Markdown 159L · 3.8 KB
│ └─ 📝 STATISTICS.md Markdown 343L · 10.2 KB
├─ 📁 npm-rules
│ ├─ 📋 detection_rules.json JSON 1197L · 29.6 KB
│ ├─ 📋 package.json JSON 41L · 1008 B
│ ├─ 📋 public.json JSON 64L · 2.1 KB
│ └─ 📝 README.md Markdown 617L · 17.3 KB
├─ 📁 reporters
│ ├─ 🐍 __init__.py Python 0 B
│ └─ 🐍 report_generator.py Python 369L · 11.8 KB
├─ 📁 reports
│ ├─ 📋 iteration_report_20260316_151810.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151812.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151814.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151816.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151819.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151822.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151825.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151827.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151830.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151833.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151835.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151838.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151841.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151844.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151846.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151849.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151852.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151854.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151856.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151858.json JSON 70L · 2.0 KB
│ ├─ 📋 iteration_report_20260316_151901.json JSON 70L · 2.0 KB
│ └─ 📋 iteration_report_20260316_151903.json JSON 70L · 2.0 KB
├─ 📁 scripts
│ ├─ 🐍 generate_report.py Python 191L · 6.2 KB
│ ├─ 🐍 pre_publish_check.py Python 289L · 10.5 KB
│ └─ 🐍 release_checker.py Python 211L · 6.7 KB
├─ 🐍 auto_iteration.py Python 349L · 11.4 KB
├─ 📝 CAPABILITIES.md Markdown 476L · 13.8 KB
├─ 📋 clawhub.yaml YAML 26L · 968 B
├─ 🐍 cli.py Python 230L · 6.9 KB
├─ 📋 detection_rules.json JSON 5352L · 113.5 KB
├─ 🐍 dynamic_detector.py Python 414L · 13.9 KB
├─ 📝 I18N.md Markdown 226L · 4.0 KB
├─ 🔧 install.sh Shell 65L · 1.4 KB
├─ 📝 NPM_PUBLISH_PLAN.md Markdown 371L · 6.6 KB
├─ 🐍 parallel_scanner.py Python 200L · 6.9 KB
├─ 📋 public.json JSON 64L · 2.1 KB
├─ 📝 PUBLISH_CHANNELS.md Markdown 506L · 9.9 KB
├─ 📝 README.en.md Markdown 396L · 11.6 KB
├─ 📝 README.md Markdown 694L · 19.4 KB
├─ 📝 RELEASE.md Markdown 98L · 1.7 KB
├─ 🐍 risk_scanner.py Python 445L · 14.3 KB
├─ 🐍 rule_iterator.py Python 341L · 11.7 KB
├─ 🐍 scanner_cli.py Python 205L · 6.3 KB
├─ 🐍 setup.py Python 41L · 1.6 KB
├─ 📝 SKILL.md Markdown 216L · 3.7 KB
├─ 📋 skill.yaml YAML 35L · 925 B
├─ 🐍 static_analyzer.py Python 400L · 14.5 KB
└─ 📝 STATISTICS.md Markdown 343L · 10.2 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
python3 >=3.8 system No No external Python dependencies
semgrep >=1.50.0 pip No Optional static analyzer (not used in core scanning)
click >=8.0 pip No CLI framework, no security implications

Security Positives

✓ Security scanning tool designed to protect AI agent ecosystem
✓ No actual credential theft or exfiltration detected
✓ No external network connections to untrusted hosts
✓ No hardcoded credentials or API keys found
✓ No C2 communication or data exfiltration patterns
✓ Subprocess calls limited to internal script invocations only
✓ Well-documented whitelist system for false positive handling
✓ No base64-encoded malicious payloads
✓ Comprehensive test coverage with proper sample handling
✓ MIT licensed with transparent source code