shoofly-plugin-scan

Pre-install plugin security scanner for OpenClaw plugins

作者: admin | 来源: ClawHub

源自

ClawHub

版本

V 0.1.0

安全检测

已通过

83
下载量

0
收藏

概述

安装方式

版本历史

shoofly-plugin-scan

# shoofly-plugin-scan Scans an OpenClaw plugin directory for security issues **before** installation. ## Usage ```bash shoofly-plugin-scan <path-to-plugin> ``` ## Checks 1. **Credential patterns** — API keys (sk-*, ghp_*, AKIA*), private keys 2. **Obfuscated code** — long hex/base64 strings, eval(), Function() constructor 3. **Unusual network calls** — URLs not in the trusted allowlist 4. **Sensitive path access** — ~/.ssh, ~/.aws, ~/.gnupg, /etc/passwd, credentials 5. **Exec patterns** — child_process.exec with variable args, shell: true ## Exit codes | Code | Meaning | |------|---------| | 0 | Clean — no findings | | 1 | Findings — review before installing | | 2 | Scan error | ## Allowlisted hosts github.com, npmjs.com, openclaw.ai, clawhub.com, shoofly.dev

通过对话安装

该技能支持在以下平台通过对话安装：

OpenClaw WorkBuddy QClaw Kimi Claude

方式一：安装 SkillHub 和技能

帮我安装 SkillHub 和 shoofly-plugin-scan-1776065008 技能

方式二：设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源，然后帮我安装 shoofly-plugin-scan-1776065008 技能

通过命令行安装

skillhub install shoofly-plugin-scan-1776065008

下载 Zip 包

⬇ 下载 shoofly-plugin-scan v0.1.0

文件大小: 1.22 KB | 发布时间: 2026-4-14 10:29

v0.1.0 最新 2026-4-14 10:29

Initial release. Pre-install security scanner for OpenClaw plugins — scans for credentials, obfuscated code, suspicious network calls, and exec injection before you install. Hardened: exec false-positive fix, base64 entropy gate, automated test suite.