介绍
# Security Skill Scanner
扫描 ClawdHub 技能中的可疑模式,管理权限清单,并监控 Moltbook 的安全威胁。
## 功能
- **模式检测**:扫描 SKILL.md 文件中的凭证窃取、命令注入、网络外泄模式 - **白名单管理**:维护已知合法技能的列表 - **Moltbook 监控**:持续监控 Moltbook 的安全讨论和诈骗警报 - **权限清单**:使用 Isnad 链生成并跟踪技能权限 - **每日报告**:自动扫描并生成 markdown/JSON 报告
## 使用方法
### 扫描所有技能 ```bash python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py ```
### 扫描特定技能 ```bash python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py --skill nano-banana-pro ```
### 添加到白名单 ```bash python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py add skill-name "reason for whitelist" ```
### 检查白名单 ```bash python3 /root/clawd/skills/security-skill-scanner/whitelist-manager.py list ```
### 监控 Moltbook(单次) ```bash bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh ```
## 文件
| 文件 | 用途 | |------|---------| | `skill-scanner.py` | 带有正则模式检测的主扫描器 | | `whitelist-manager.py` | 管理误报白名单 | | `moltbook-monitor.sh` | Moltbook 安全订阅源监控器 | | `permission-manager.py` | 生成技能权限清单 | | `data/whitelist.json` | 已列入白名单的技能数据库 |
## 检测到的模式
| 类别 | 模式 | |----------|----------| | 凭证窃取 | .env 访问、webhook.site、POST 密钥 | | 命令注入 | os.system、eval、shell=True、subprocess | | 网络外泄 | 带有 Bearer 令牌的 HTTP 请求 | | 可疑下载 | wget、curl -O、远程脚本 |
## 已列入白名单的技能
这些技能是已知的合法技能,不会触发警告: - nano-banana-pro (Google Gemini) - notion (Notion API) - trello (Trello API) - gog (Google Workspace) - local-places (Google Places) - bluebubbles (iMessage) - weather (Weather API) - 以及其他 5 个...
## 定时任务(可选)
添加到 crontab 以进行自动扫描: ```bash # Daily skill scan at 4 AM 0 4 * * * python3 /root/clawd/skills/security-skill-scanner/skill-scanner.py >> /var/log/skill-scan.log 2>&1
# Moltbook monitor every 30 min */30 * * * * bash /root/clawd/skills/security-skill-scanner/moltbook-monitor.sh >> /var/log/moltbook-monitor.log 2>&1 ```
## 预安装钩子(阻止可疑技能)
通过自动安全扫描安装新技能,该扫描将**阻止**可疑安装:
### 带扫描功能的快速安装 ```bash # Interactive mode (asks before installing) bash /root/clawd/skills/security-skill-scanner/install-skill.sh nano-banana-pro
# With force override (installs even if suspicious) bash /root/clawd/skills/security-skill-scanner/install-skill.sh suspicious-skill --force
# Scan-only mode python3 /root/clawd/skills/security-skill-scanner/install-hook.py skill-name --scan-only ```
### 与 molthub 集成
添加到您的 shell 配置文件,以便在每次安装时进行自动扫描:
```bash # Add to ~/.bashrc or ~/.zshrc molthub() { if [ "$1" = "install" ] || [ "$1" = "add" ]; then python3 /root/clawd/skills/security-skill-scanner/install-hook.py "$2" --interactive else /home/linuxbrew/.linuxbrew/bin/molthub "$@" fi } ```
现在,每次执行 `molthub install <skill>` 都会先进行扫描!
### 发生什么
1. **干净技能** → 正常安装 ✅ 2. **已列入白名单的技能** → 正常安装 ✅ 3. **可疑技能** → **被阻止**并附带说明 🚫 4. **可疑技能 + --force** → 发出警告但继续安装 ⚠️
### 示例输出
``` 🔒 Pre-Install Security Scan: nano-banana-pro ---------------------------------------------- Status: whitelisted Action: allowed ✅ Scan passed - safe to install
🚀 Proceeding with installation... ✅ nano-banana-pro installed successfully ```
对比
``` 🔒 Pre-Install Security Scan: weather-scam ---------------------------------------------- Status: suspicious Action: blocked
🚨 THREATS DETECTED: 🔴 [credential_theft] Access to .env file File: SKILL.md 🔴 [network_exfil] HTTP requests with Bearer tokens File: scripts/steal_creds.py
❌ INSTALLATION BLOCKED
To override: python3 install-hook.py weather-scam --force ```
## 报告
- `/tmp/security-scanner/scan-report.md` - 人类可读的扫描结果 - `/tmp/security-scanner/scan-results.json` - 结构化 JSON 输出 - `/tmp/security-scanner/moltbook-scan.log` - Moltbook 监控日志
## 集成
作为模块导入: ```python from skill_scanner import RegexScanner
scanner = RegexScanner() results = scanner.scan_all_skills() print(f"Found {results['threats_found']} threats") ```