中文 EN

集成指南

将安全扫描
融入工作流

通过 REST API 将 ClawSafe 接入你的 CI/CD 流水线、自动化脚本或安全审查流程。

REST API

所有功能通过 REST API 暴露,支持 JSON 请求和响应。目前免费使用,带速率限制。

POST /api/scan

提交扫描任务。支持 URL(GitHub / ClawHub / ZIP)或文件上传(multipart)。

Request Body 
{
  "url": "https://github.com/user/skill-repo",
  "locale": "zh"
}
Response 
{
  "reportId": "abc123",
  "id": "abc123",
  "status": "completed",
  "verdict": "恶意",
  "verdictLevel": "malicious",
  "riskScore": { "score": 87 },
  "risk_score": 87,
  "report_url": "https://clawsafe.dev/report/abc123"
}
GET /api/report/:id

获取指定 ID 的完整报告,包含 findings 列表。

Response 
{
  "data": {
    "id": "abc123",
    "type": "scan-report",
    "attributes": {
      "verdictLevel": "malicious",
      "riskScore": { "score": 87 },
      "findings": [
        {
          "category": "data_exfiltration",
          "severity": "critical",
          "title": "检测到可疑的 C2 通信"
        }
      ]
    }
  }
}

GitHub Actions 示例

在 PR 合并前自动扫描技能,阻断高风险技能的部署。

GitHub Actions 
name: ClawSafe Security Scan

on:
  pull_request:
    paths:
      - 'skills/**'

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Scan skill with ClawSafe
        run: |
          RESULT=$(curl -s -X POST https://clawsafe.dev/api/scan \
            -H "Content-Type: application/json" \
            -d '{"url": "${{ github.server_url }}/${{ github.repository }}/tree/${{ github.sha }}/skills", "locale": "zh"}')

          VERDICT=$(echo $RESULT | jq -r '.verdictLevel')
          SCORE=$(echo $RESULT | jq -r '.riskScore.score')

          echo "Verdict: $VERDICT, Risk Score: $SCORE"

          if [ "$VERDICT" = "malicious" ] || [ "$VERDICT" = "high_risk" ]; then
            echo "::error::ClawSafe: Dangerous skill detected (score: $SCORE)"
            exit 1
          fi

Shell 脚本示例

在本地开发或 CI 环境中快速扫描技能。

bash 
#!/bin/bash
# clawsafe-scan.sh - 扫描本地技能目录

SKILL_DIR="$1"
API_BASE="https://clawsafe.dev/api"

if [ -z "$SKILL_DIR" ]; then
  echo "用法: ./clawsafe-scan.sh <skill-dir>"
  exit 1
fi

echo "正在扫描: $SKILL_DIR"

ARCHIVE=$(mktemp -t clawsafe-skill.XXXXXX.zip)
zip -rq "$ARCHIVE" "$SKILL_DIR"

RESPONSE=$(curl -s -X POST "$API_BASE/scan" \
  -F "file=@$ARCHIVE" \
  -F "locale=zh")

VERDICT=$(echo "$RESPONSE" | jq -r '.verdictLevel')
SCORE=$(echo "$RESPONSE" | jq -r '.riskScore.score')
REPORT_ID=$(echo "$RESPONSE" | jq -r '.reportId')

echo "Verdict: $VERDICT | Risk Score: $SCORE"
echo "报告: https://clawsafe.dev/report/$REPORT_ID"
rm -f "$ARCHIVE"

case "$VERDICT" in
  malicious|high_risk) exit 1 ;;
  *) exit 0 ;;
esac

速率限制

扫描 API(POST /api/scan) 每 IP 每小时 5 次
报告查询(GET /api/report) 不限
最大文件大小 10 MB

如需更高配额,请联系 [email protected]

查看完整 API 文档