SafeHub
SafeHub is a security scanner for OpenClaw skills. It runs static analysis (Semgrep) and optional sandbox execution (Docker) on any skill—by name, local path, or GitHub URL—and returns a trust score and a clear recommendation: safe to install, install with caution, or not safe.
Requirements
These binaries must be on your PATH (declared in registry metadata):
- - Node.js (18+) — required to run the CLI.
- Semgrep — required for the scan command (static analysis). Install with
brew install semgrep or npm install -g semgrep. - git — required when the scan target is a GitHub URL (used to clone the repo).
Optional:
- - Docker — used for sandbox execution. If Docker is not available, use
--no-sandbox for static-only scanning.
Environment variables
All of these are optional. No secrets or API tokens are required by default.
| Variable | Default | Effect |
|---|
| SAFEHUBRULESREPO | INLINECODE3 | GitHub repo (owner/repo) used by safehub update to fetch and overwrite local rule files in ./rules. Setting this to another repo makes the updater pull rules from that repo — use only repos you trust. |
| SAFEHUBRULESBRANCH |
main | Branch name used when fetching rules (with
SAFEHUB_RULES_REPO). |
|
SAFEHUBDATADIR |
~/.safehub | Directory for cached scan reports (e.g.
~/.safehub/reports). |
|
SAFEHUBSANDBOXIMAGE |
node:18-alpine | Docker image used for the sandbox when scanning. |
|
SAFEHUBSANDBOXTIMEOUT_MS |
30000 | Timeout (ms) for the sandbox run before the container is killed. |
|
SAFEHUBNOTYPING | (unset) | Set to
1 to disable the typing-effect output (e.g. in CI or pipes). |
Important: SAFEHUB_RULES_REPO controls where safehub update downloads rules from and overwrites local ./rules; only point it at a repo you trust.
Commands
All commands are run via the safehub CLI (e.g. safehub scan <target> or node index.js scan <target> from the skill directory).
scan
Scan a skill by ClawHub name, local path, or GitHub URL.
Examples:
CODEBLOCK0
Options:
- -
--no-sandbox — Skip Docker sandbox; run static analysis only (use when Docker is not installed).
report
Show the last scan report for a skill without rescanning.
Examples:
CODEBLOCK1
update
Pull the latest Semgrep scanner rules from the SafeHub GitHub repo (or your fork via SAFEHUB_RULES_REPO).
Examples:
CODEBLOCK2
Example output
After running safehub scan <target>, you’ll see:
- - Static analysis — Findings from Semgrep (network, filesystem, eval/exec, env, obfuscation).
- Sandbox behavior — Whether the skill attempted network access or suspicious actions (when Docker is used).
- Trust score (0–100) and recommendation: SAFE TO INSTALL, INSTALL WITH CAUTION, or NOT SAFE TO INSTALL.
Installation (users)
Install from ClawHub:
CODEBLOCK3
Or install the CLI globally from npm:
CODEBLOCK4
Then run safehub scan <target> (if the CLI is on PATH) or node index.js scan <target> from the skill directory.
SafeHub
SafeHub 是 OpenClaw 技能的安全扫描器。它通过名称、本地路径或 GitHub URL 对任何技能执行静态分析(Semgrep)和可选的沙箱执行(Docker),并返回信任分数和明确的建议:安全可安装、谨慎安装或不安全。
系统要求
以下二进制文件必须在您的 PATH 环境变量中(在注册表元数据中声明):
- - Node.js(18+)——运行 CLI 所必需。
- Semgrep——扫描命令(静态分析)所必需。使用 brew install semgrep 或 npm install -g semgrep 安装。
- git——当扫描目标为 GitHub URL 时必需(用于克隆仓库)。
可选:
- - Docker——用于沙箱执行。如果 Docker 不可用,请使用 --no-sandbox 进行仅静态扫描。
环境变量
以下所有变量均为可选。默认情况下不需要任何密钥或 API 令牌。
| 变量 | 默认值 | 作用 |
|---|
| SAFEHUBRULESREPO | safehub/safehub | safehub update 用于获取并覆盖 ./rules 中本地规则文件的 GitHub 仓库(owner/repo)。设置为其他仓库将使更新程序从该仓库拉取规则——仅使用您信任的仓库。 |
| SAFEHUBRULESBRANCH |
main | 获取规则时使用的分支名称(与 SAFEHUB
RULESREPO 配合使用)。 |
|
SAFEHUBDATADIR | ~/.safehub | 缓存扫描报告的目录(例如 ~/.safehub/reports)。 |
|
SAFEHUBSANDBOXIMAGE | node:18-alpine | 扫描时用于沙箱的 Docker 镜像。 |
|
SAFEHUBSANDBOXTIMEOUT_MS | 30000 | 沙箱运行超时时间(毫秒),超时后容器将被终止。 |
|
SAFEHUBNOTYPING | (未设置) | 设置为 1 可禁用打字效果输出(例如在 CI 或管道中)。 |
重要提示: SAFEHUBRULESREPO 控制 safehub update 从何处下载规则并覆盖本地 ./rules;请仅将其指向您信任的仓库。
命令
所有命令均通过 safehub CLI 运行(例如 safehub scan 或在技能目录中运行 node index.js scan )。
scan
通过 ClawHub 名称、本地路径或 GitHub URL 扫描技能。
示例:
bash
safehub scan web-scraper
safehub scan ./my-local-skill
safehub scan https://github.com/user/their-skill
safehub scan https://github.com/BenedictKing/tavily-web --no-sandbox
选项:
- - --no-sandbox — 跳过 Docker 沙箱;仅运行静态分析(当未安装 Docker 时使用)。
report
显示技能的最近一次扫描报告,无需重新扫描。
示例:
bash
safehub report web-scraper
safehub report risky-skill
update
从 SafeHub GitHub 仓库(或通过 SAFEHUBRULESREPO 指定的您的分支)拉取最新的 Semgrep 扫描器规则。
示例:
bash
safehub update
SAFEHUBRULESREPO=owner/repo safehub update
示例输出
运行 safehub scan 后,您将看到:
- - 静态分析 — Semgrep 的发现结果(网络、文件系统、eval/exec、环境变量、混淆)。
- 沙箱行为 — 技能是否尝试网络访问或可疑操作(使用 Docker 时)。
- 信任分数(0–100)和建议:安全可安装、谨慎安装或不安全。
安装(用户)
从 ClawHub 安装:
bash
clawhub install safehub
或从 npm 全局安装 CLI:
bash
npm install -g safehub
然后运行 safehub scan (如果 CLI 在 PATH 中)或在技能目录中运行 node index.js scan 。
