my-test-skill
Intelligent code security scanner with hybrid local-cloud detection. Fingerprints packages, runs static behavioral analysis, and consults cloud threat intelligence (enabled by default, can be disabled) for confidence scoring.
Best for CI/CD pipelinesWorks with GitHub
⌘source
- author
@LeoYeAI- language
- Python
★2kstars
306forks
May 6, 2026
✦overview.md
Key Features
- ·Hybrid local-cloud detection
- ·Package fingerprinting
- ·Static behavioral analysis
- ·Cloud threat intelligence scoring
- ·Confidence scoring
- ·Configurable cloud analysis
Use Cases
- →Scanning third-party packages for known vulnerabilities before integration
- →Automated security check in CI/CD pipeline on dependency updates
- →Evaluating open-source libraries for suspicious behavior
Best for
- ✓CI/CD pipelines
- ✓dependency review
- ✓security teams
Not ideal for
- !One-off manual scans
- !Auditing proprietary code
FAQs
name
yidun-skill-sec
description
Intelligent code security scanner with hybrid local-cloud detection. Fingerprints packages, runs static behavioral analysis, and consults cloud threat intelligence (enabled by default, can be disabled) for confidence scoring.
version:0.0.1
homepage:https://clawhub.com
changelog:v0.0.1 - Initial release
metadata:{"openclaw":{"emoji":"⚡","requires":{"bins":["curl","jq","openssl"]},"os":["linux","darwin","win32"],"env":[{"name":"YIDUN_SKILL_SEC_CLOUD","description":"Enable or disable cloud threat intelligence. Default: true","required":false,"default":"true"},{"name":"YIDUN_SKILL_SEC_TRUSTED_REGISTRIES","description":"Comma-separated list of additional trusted registry hostnames","required":false}]}}
yidun-skill-sec ⚡
Hybrid local-cloud security scanner for third-party code packages. Scans fast, scores precisely, fails safely.
Security Disclosure
This skill uploads non-sensitive metadata (file hashes, behavior tag names, and extracted code snippets that triggered detections) to a Yidun threat intelligence endpoint for analysis. The following data is explicitly not uploaded: full source code, user credentials, environment variables, or any personal data.
The cloud endpoint (as.dun.163.com) is operated by NetEase Yidun, a licensed cybersecurity service provider. Cloud analysis is enabled by default and strongly recommended. It can be explicitly disabled by the user if network access is restricted or not desired.
What It Does
YidunClawSec fingerprints a code package, runs behavioral analysis locally, and consults cloud threat intelligence to produce a quantified safety score. It catches malware, data leaks, privilege abuse, and obfuscation — before anything gets installed.
How It Works — Four Phases
┌──────────────┐ ┌──────────────┐ ┌──────────────────┐ ┌────────────────┐
$install
1-click copynpx skills add LeoYeAI/openclaw-master-skills --skill my-test-skillSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
3/ 5
goodMostly clear, but there are still a few confusing or poorly structured parts.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
4/ 5
highMostly actionable with clear steps; only a few small gaps remain.