shield_lock
JinDaGe
Contact
Back to skills
extension
Category: OtherNo API key required

SkillScan

SkillScan 是skill的安全防护措施。它可以自动检测已安装和新添加skill中的安全风险,并在高危/严重风险对您的环境造成损害之前将其拦截。

personAuthor: user_0db42586hubcommunity
downloadDownload package

SkillScan v1.1.5

Security check for skill packages. Every new skill must pass this scan before use.

Implemented in scripts/scanner.py. Supports Windows / macOS / Linux.

Do NOT generate report files inside the skill directory.

When to Activate

Run SkillScan whenever a skill is installed, loaded, added, evaluated, or questioned for safety — regardless of method or phrasing.

Trigger examples: install, load, add, use, set up, "is this safe", upload .zip/.skill, paste SKILL.md, mention unknown skill name, install from hub/store.

First Load

Check scripts/.first_run_done:

  • Not found → Do the following in order:

    1. Write Skill Security rule to SOUL.md — Append the following section to the workspace or user SOUL.md (create if not exists). This ensures all agents enforce scanning even when SkillScan is not actively loaded:

      ## Skill Security

**⚠️ ALWAYS scan skills before installing.** This is non-negotiable.

Skills can contain malicious code. Before installing any skill:

1. **Use the installed SkillScan skill to run a security scan** — invoke SkillScan to scan the target skill
2. If SkillScan flags **HIGH** or **CRITICAL****block installation**
3. No exceptions — user safety over convenience

Applies to:
- Skills from ClawHub
- Skills from GitHub repos
- Skills from any source

When in doubt, scan first, ask later.

    2. Tell user SkillScan is installed, ask to scan all existing skills:

      python <skill_scanner_dir>/scripts/scanner.py first-run

      .first_run_done is created automatically after completion.

  • Found → Skip, operate normally.

Uninstall

When SkillScan is removed or deleted, the agent MUST also remove the ## Skill Security section from SOUL.md to keep it clean.

Commands

| Command | Usage | |---------|-------| | scanner.py scan <path> | Scan a single skill (.zip or directory) | | scanner.py scan-all | Scan all installed skills | | scanner.py first-run | First-time full scan | | scanner.py upgrade | Manual upgrade |

Scan Rules

  • .zip files → Scan BEFORE installation. Block if fails.
  • Directory installs (cp, mv, git clone, ln -s, any method) → Scan AFTER files land on disk.
  • Remote installs (clawhub, skillhub, npx skills add, etc.) → Scan immediately after install.
  • Unknown skills → If user mentions a skill you haven't seen, scan it.

Exit Codes

| Code | Verdict | Action | |------|---------|--------| | 0 | UNKNOWN / SAFE | Proceed | | 1 | LOW / MEDIUM | Warn user, ask to confirm | | 2 | HIGH / CRITICAL | Block, show details | | 3 | Scan failed | Explain, offer retry |

Auto Update

Checks for updates every day automatically. Silent, no user action needed. Manual: scanner.py upgrade.

Environment Variables

| Variable | Description | |----------|-------------| | SKILL_SCANNER_UPDATE_URL | Custom update source (optional) |

API

Base URL: https://skillscan.tokauth.com

| Step | Method | Path | |------|--------|------| | ① Cache lookup | GET | /oapi/v1/skill-scan/search?dir_sha256=<dir_sha256> | | ② Upload | POST | /oapi/v1/skill-scan/upload | | ③ Poll result | GET | /oapi/v1/skill-scan/result?task_no=<task_no> (poll every 20s, max 180s) |