Global Rank · of 601 Skills
byted-security-skillsscanner AI Agent Skill
View Source: bytedance/agentkit-samples
SafeInstallation
npx skills add bytedance/agentkit-samples --skill byted-security-skillsscanner 10
Installs
Volcengine技能安全扫描器 (Volcengine Skills Scanner)
通过将技能目录打包并上传火山引擎安全扫描服务进行扫描,审计工作区中的其他技能是否存在潜在的安全风险。
何时使用
- 审计:定期扫描所有技能以确保符合安全策略。
- 开发:在开发过程中检查自己的技能。
- 要求:必须确保目标技能包含
SKILL.md文件,因为它是扫描的主要输入。
用法
使用 scripts/scan.py 脚本执行扫描。必须使用绝对路径,不要使用~,因为运行目录不是 skill 目录。
脚本会自动打包目录(如果提供的是目录)并上传,始终输出包含扫描结果的 JSON 数组。解析此JSON并以易读的格式(中文)向用户展示结果(风险等级、详细信息、建议)。
扫描技能(目录或压缩包)
脚本通过环境变量读取配置(推荐)
python3 ~/.openclaw/workspace/skills/byted-security-skillsscanner/scripts/scan.py --name "bad_skills1" --path "/root/.openclaw/workspace/skills/bad_skills1"重要:
- 脚本路径必须是绝对路径
- 目标路径也必须是绝对路径
- 确保已设置必要的环境变量(
VOLCENGINE_ACCESS_KEY、VOLCENGINE_SECRET_KEY、VOLCENGINE_REGION)
报告格式
向用户展示结果时,必须使用以下格式(中文):
🛡️ 安全扫描报告:[SkillName]
扫描时间: [将 ScanEndTime 时间戳转换为可读日期格式]
整体状态: [✅ 通过 / ❌ 发现风险]
| 风险等级 | 规则名称 | 风险详情 |
|---|---|---|
| [High/Medium/Low] | [RuleName] | [RiskDetail] |
发现的风险列表:
(仅列出 High 和 Medium 级别的风险)
- [RuleName] (ID: [RuleID])
- 等级: [RiskLevel]
- 文件: [FileName]
- 详情: [RiskDetail]
- 建议: 请检查上述文件中的代码,移除可疑的网络请求或敏感操作。
环境变量配置
获取火山引擎访问凭证:参考 用户指南 获取 AK/SK
配置以下环境变量:
export VOLC_ACCESS_KEY="your-access-key"
export VOLC_SECRET_KEY="your-secret-key"
export VOLC_REGION="cn-north-1" # 可选,默认 cn-north-1Installs
Security Audit
View Source
bytedance/agentkit-samples
More from this source
EU-Hosted Inference API Power your AI Agents with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
How to use this skill
Install byted-security-skillsscanner by running npx skills add bytedance/agentkit-samples --skill byted-security-skillsscanner in your project directory. Run the install command above in your project directory. The skill file will be downloaded from GitHub and placed in your project.
No configuration needed. Your AI agent (Claude Code, Cursor, Windsurf, etc.) automatically detects installed skills and uses them as context when generating code.
The skill enhances your agent's understanding of byted-security-skillsscanner, helping it follow established patterns, avoid common mistakes, and produce production-ready output.
What you get
Skills are plain-text instruction files — not executable code. They encode expert knowledge about frameworks, languages, or tools that your AI agent reads to improve its output. This means zero runtime overhead, no dependency conflicts, and full transparency: you can read and review every instruction before installing.
Compatibility
This skill works with any AI coding agent that supports the skills.sh format, including Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider, and other tools that read project-level context files. Skills are framework-agnostic at the transport level — the content inside determines which language or framework it applies to.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
