搵技能.../

Code Safety | Skills Pool

技能檔案

Code Safety

Scan LLM-generated code for security vulnerabilities using language-aware pattern rules

framersai0 星標2026年3月30日

職業: 資訊安全分析師
分類: 代碼質素

技能內容

Code Safety Scanner

A guardrail automatically scans code in your responses for security vulnerabilities. You also have a tool for on-demand code scanning.

When to Use scan_code

Before writing code to files via write_file or create_file
Before executing code via shell_execute
When reviewing user-submitted code for security issues
Before presenting code examples that handle user input

What It Detects

Injection: eval(), exec(), os.system(), command injection
SQL Injection: string concatenation in SQL queries
XSS: innerHTML, document.write, dangerouslySetInnerHTML
Path Traversal: unsanitized ../ in file paths
Hardcoded Secrets: API keys, passwords, tokens in code
Weak Crypto: MD5/SHA1 for passwords, Math.random for security
: pickle.loads, yaml.load without SafeLoader

相關技能

快速安裝

Code Safety

npx skills add framersai/agentos-skills

下載 Skill 打開源碼倉庫

作者: framersai
星標: 0
更新時間: 2026年3月30日
職業

本頁內容

01Code Safety Scanner

Insecure Deserialization

SSRF: unvalidated URL construction from user input

Post-Approval Guardrail Override

When HITL (human-in-the-loop) is enabled with guardrailOverride: true (the default), the code-safety scanner runs after HITL approval as a post-approval guardrail. This means even actions approved by a human operator or LLM judge are scanned for destructive patterns before execution. This catches accidental approvals of dangerous commands like rm -rf / or DROP TABLE. See the hitl-safety skill for full HITL configuration.

Constraints

Regex-based detection — may have false positives on safe code patterns
Language detection from code fence tags or heuristics
Does not perform deep AST analysis

02

When to Use scancode

03What It Detects

04Post-Approval Guardrail Override

Openclaw Release Maintainer

Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.

Verify

Use when you want to validate changes before committing, or when you need to check all React contribution requirements.

Flow

Use when you need to run Flow type checking, or when seeing Flow type errors in React code.

自動化工具

Fix

Use when you have lint errors, formatting issues, or before committing code to ensure it passes CI.

Hygiene

Use when making code changes to ensure they pass VS Code's hygiene checks. Covers the pre-commit hook, unicode restrictions, string quoting rules, copyright headers, indentation, formatting, ESLint, and stylelint. Run the hygiene check before declaring work complete.

microsoft184.0k

Add Policy

Use when adding, modifying, or reviewing VS Code configuration policies. Covers the full policy lifecycle from registration to export to platform-specific artifacts. Run on ANY change that adds a `policy:` field to a configuration property.

microsoft184.0k

資訊安全分析師