← 返回
未分类 中文

DriftGuard Security Scanner+

DriftGuard Security Scanner+ is a local-first security drift scanner for repos, OpenClaw skills, and AI agent tools. Use to scan before trust, save trusted b...
DriftGuard安全扫描器+是一款本地优先的安全漂移扫描器,用于仓库、OpenClaw技能和AI代理工具。在信任前扫描,保存可信...
david90232 david90232 来源
未分类 clawhub v0.3.1 3 版本 100000 Key: 无需
★ 1
Stars
📥 729
下载
💾 0
安装
3
版本
#ai-agents#baseline#drift#integrity#latest#openclaw-skills#scanner#security

概述

DriftGuard Security Scanner+

Trust what you review. Compare what changed since trust.

Use this skill for local security/integrity checks and post-update drift detection on repos, installed skills, and AI agent tool folders.

This skill is intentionally narrower than a generic security scanner. Its best use is:

  • scan a local skill folder or repo before trust
  • save a trusted baseline after review, including approver, note, git commit, package version, risk snapshot, and finding summary
  • compare later to answer what changed since trust
  • highlight risky new capabilities like shell, network, sensitive file access, symlinks, dependencies, prompt-injection signals, obfuscation, or install hooks

Quick start

Run the scanner directly from the installed skill folder:

node {baseDir}/scripts/cli.js scan <path>

Save a trusted baseline after review:

node {baseDir}/scripts/cli.js trust <path>

Save a trusted baseline to a custom location:

node {baseDir}/scripts/cli.js trust <path> --baseline ./reports/skill-baseline.json

Compare a skill or repo against a saved baseline:

node {baseDir}/scripts/cli.js compare <path> --baseline ./reports/skill-baseline.json

Generate a reviewer approval ticket for a scan or comparison:

node {baseDir}/scripts/cli.js compare <path> --baseline ./reports/skill-baseline.json --review ./reports/review-ticket.md

Recommended workflow

1. Scan before trust

Review the candidate repo or skill first.

node {baseDir}/scripts/cli.js scan /path/to/skill

Treat high or critical output as a stop sign until manually reviewed.

2. Trust after review

If the findings are acceptable, save a trusted baseline.

node {baseDir}/scripts/cli.js trust /path/to/skill

3. Compare after updates

After the skill changes or updates, compare it to the saved baseline.

node {baseDir}/scripts/cli.js compare /path/to/skill --baseline ./reports/baseline.json

Look especially for:

  • newly added or changed files
  • new shell or network findings
  • dependency or install-hook drift
  • new symlinks or sensitive file references

4. Create a review ticket before re-trusting

For marketplace publishing, PR review, or team handoff, write a human approval checklist:

node {baseDir}/scripts/cli.js compare /path/to/skill --baseline ./reports/baseline.json --review ./reports/review-ticket.md

The ticket includes:

  • approve/reject/needs-review checkboxes
  • required security checks based on detected drift
  • trust recommendation and reasons
  • risk deltas and new capability categories
  • why each new finding received its severity and what the reviewer should check next
  • a copy-paste approval note for PRs or release notes

What it checks

  • risky shell execution patterns like curl | bash, eval, exec, subprocess, os.system
  • outbound network patterns like fetch, axios, requests, curl, webhook usage
  • references to sensitive files like .env, SSH keys, SOUL.md, MEMORY.md, OpenClaw config
  • prompt injection style content in SKILL.md, SOUL.md, MEMORY.md
  • obfuscation hints like base64 helpers and long encoded blobs
  • symlink drift without following symlinks
  • dependency drift in package.json, requirements.txt, and pyproject.toml
  • install-hook changes in package.json
  • combo risks like:
  • shell + network
  • network + sensitive files
  • shell + prompt-injection signals
  • obfuscation + active capabilities

Config suppressions

Prefer a reviewer-controlled config passed with --config .

By default, the scanner does not automatically honor .driftguard.json inside the target being scanned, because an untrusted target could suppress its own risky findings.

Use --use-target-config only after reviewing the target-provided suppressions.

Example:

{
  "ignorePaths": ["dist/", "fixtures/"],
  "ignoreRules": ["net.fetch", "shell.exec_generic", "shell.*"]
}

Use suppressions sparingly. If a rule is noisy, prefer narrowing it later instead of muting the whole category.

Exit codes

  • 0 for low risk and no drift
  • 1 for medium risk or drift detected
  • 2 for high or critical risk

Use this for CI or install gating.

Review tickets

Use --review when the output needs to be read by a human before refreshing trust.

This is the best default for publishing updates because it turns scanner output into an approval artifact instead of just a machine report.

Each finding should include severity rationale and reviewer guidance so users understand why something is high, medium, or low instead of treating the scanner as a black box.

Positioning

Use this skill when you want a transparent, local, deterministic trust workflow.

Do not use it as the sole authority for safety. It is a heuristic scanner plus drift guard, not a guarantee.

版本历史

共 3 个版本

  • v0.3.1 当前
    2026-05-07 03:33 安全 安全
  • v0.2.7
    2026-05-03 03:58 安全 安全
  • v0.2.4
    2026-05-01 09:38 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,367
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 473 📥 79,133
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 32,170