Claude技能安装工具 - 从GitHub安全安装技能,内置恶意代码扫描 | SkillsMDClaude技能安装工具 - 从GitHub安全安装技能,内置恶意代码扫描
skill-install by cacr92/wereply
npx skills add https://github.com/cacr92/wereply --skill skill-install🇨🇳中文介绍
技能安装
概述
从 GitHub 仓库安装 Claude 技能,内置安全扫描功能,以防范恶意代码、后门和漏洞。
使用时机
当用户出现以下情况时触发此技能:
- 提供了 GitHub 仓库 URL 并希望安装技能
- 要求"从 GitHub 安装技能"
- 希望浏览并选择仓库中的技能
- 需要向他们的 Claude 环境添加新技能
工作流程
步骤 1:解析 GitHub URL
接受用户提供的 GitHub 仓库 URL。该 URL 应指向包含 skills/ 目录的仓库。
支持的 URL 格式:
https://github.com/user/repohttps://github.com/user/repo/tree/main/skillshttps://github.com/user/repo/tree/branch-name/skills
提取:
- 仓库所有者
- 仓库名称
- 分支(如果未指定,默认为
main)
步骤 2:获取技能列表
使用 WebFetch 工具从 GitHub 获取技能目录列表。
🇺🇸English
Skill Install
Overview
Install Claude skills from GitHub repositories with built-in security scanning to protect against malicious code, backdoors, and vulnerabilities.
When to Use
Trigger this skill when the user:
- Provides a GitHub repository URL and wants to install skills
- Asks to "install skills from GitHub"
- Wants to browse and select skills from a repository
- Needs to add new skills to their Claude environment
Workflow
Step 1: Parse GitHub URL
Accept a GitHub repository URL from the user. The URL should point to a repository containing a skills/ directory.
Supported URL formats:
https://github.com/user/repohttps://github.com/user/repo/tree/main/skillshttps://github.com/user/repo/tree/branch-name/skills
Extract:
广告位招租
在这里展示您的产品或服务
触达数万 AI 开发者,精准高效
https://api.github.com/repos/{owner}/{repo}/contents/skills?ref={branch}
- 技能目录名称
- 每个技能应是一个包含 SKILL.md 文件的子目录
步骤 3:向用户展示技能
使用 AskUserQuestion 工具让用户选择要安装哪些技能。
设置 multiSelect: true 以允许多选。
- 技能名称(目录名)
- 简要描述(如果 SKILL.md 的前置元数据中有提供)
步骤 4:获取技能内容
- 获取技能目录的文件树
- 下载所有文件(SKILL.md, scripts/, references/, assets/)
- 存储完整的技能内容以供安全分析
使用 WebFetch 和 GitHub API:
https://api.github.com/repos/{owner}/{repo}/contents/skills/{skill_name}?ref={branch}
https://raw.githubusercontent.com/{owner}/{repo}/{branch}/skills/{skill_name}/{file_path}
步骤 5:安全扫描
关键步骤: 在安装之前,对每个技能进行彻底的安全分析。
从 references/security_scan_prompt.md 读取安全扫描提示模板,并将其应用于分析技能内容。
- 恶意命令执行 - eval, exec, 使用 shell=True 的 subprocess
- 后门检测 - 混淆代码、可疑的网络请求
- 凭据窃取 - 访问 ~/.ssh, ~/.aws, 环境变量
- 未经授权的网络访问 - 向可疑域的外部请求
- 文件系统滥用 - 破坏性操作、未经授权的写入
- 权限提升 - sudo 尝试、系统修改
- 供应链攻击 - 可疑的软件包安装
- 安全状态:安全 / 警告 / 危险
- 风险等级:低 / 中 / 高 / 严重
- 详细发现,包含文件位置和严重性
- 建议:批准 / 带警告批准 / 拒绝
步骤 6:用户决策
- 向用户显示安全警告
- 使用 AskUserQuestion 进行确认:"检测到安全警告。您要继续安装吗?"
- 选项:"是,仍然安装" / "否,跳过此技能"
- 显示关键安全问题
- 拒绝安装
- 解释该技能为何危险
- 不要提供覆盖严重级别问题的选项
步骤 7:安装技能
对于已批准的技能,安装到 ~/.claude/skills/:
- 创建技能目录:
~/.claude/skills/{skill_name}/
- 写入所有技能文件,保持目录结构
- 确保适当的文件权限(脚本可执行)
- 验证 SKILL.md 存在且具有有效的前置元数据
步骤 8:确认
- 成功安装的技能列表
- 跳过的技能列表(如果有)及原因
- 位置:
~/.claude/skills/
- 后续步骤:"技能现已可用。重启 Claude 或直接使用它们。"
使用示例
- 从仓库获取技能列表
- 展示可用技能:"skill-a", "skill-b", "skill-c"
- 用户选择 "skill-a" 和 "skill-b"
- 对每个技能执行安全扫描
- skill-a:安全 - 继续安装
- skill-b:警告(发出 HTTP 请求)- 询问用户确认
- 将批准的技能安装到 ~/.claude/skills/
- 确认:"成功安装:skill-a, skill-b"
安全注意事项
- 切勿跳过安全扫描 - 安装前始终分析技能
- 保守原则 - 如有疑问,标记为警告并让用户决定
- 关键问题是阻塞性的 - 严重级别的发现无法被覆盖
- 透明度 - 始终向用户展示安全扫描中发现的内容
- 沙盒化 - 提醒用户技能运行时具有 Claude 的权限
资源
references/security_scan_prompt.md
- 要检查的完整安全类别列表
- 输出格式要求
- 安全、可疑和危险技能的示例分析
- 批准/拒绝建议的决策标准
main if not specified)Step 2: Fetch Skills List
Use the WebFetch tool to retrieve the skills directory listing from GitHub.
GitHub API endpoint pattern:
https://api.github.com/repos/{owner}/{repo}/contents/skills?ref={branch}
Parse the response to extract:
- Skill directory names
- Each skill should be a subdirectory containing a SKILL.md file
Step 3: Present Skills to User
Use the AskUserQuestion tool to let the user select which skills to install.
Set multiSelect: true to allow multiple selections.
- Skill name (directory name)
- Brief description (if available from SKILL.md frontmatter)
Step 4: Fetch Skill Content
For each selected skill, fetch all files in the skill directory:
- Get the file tree for the skill directory
- Download all files (SKILL.md, scripts/, references/, assets/)
- Store the complete skill content for security analysis
Use WebFetch with GitHub API:
https://api.github.com/repos/{owner}/{repo}/contents/skills/{skill_name}?ref={branch}
For each file, fetch the raw content:
https://raw.githubusercontent.com/{owner}/{repo}/{branch}/skills/{skill_name}/{file_path}
Step 5: Security Scan
CRITICAL: Before installation, perform a thorough security analysis of each skill.
Read the security scan prompt template from references/security_scan_prompt.md and apply it to analyze the skill content.
- Malicious Command Execution - eval, exec, subprocess with shell=True
- Backdoor Detection - obfuscated code, suspicious network requests
- Credential Theft - accessing ~/.ssh, ~/.aws, environment variables
- Unauthorized Network Access - external requests to suspicious domains
- File System Abuse - destructive operations, unauthorized writes
- Privilege Escalation - sudo attempts, system modifications
- Supply Chain Attacks - suspicious package installations
Output the security analysis with:
- Security Status: SAFE / WARNING / DANGEROUS
- Risk Level: LOW / MEDIUM / HIGH / CRITICAL
- Detailed findings with file locations and severity
- Recommendation: APPROVE / APPROVE_WITH_WARNINGS / REJECT
Step 6: User Decision
Based on the security scan results:
- Proceed directly to installation
If WARNING (APPROVE_WITH_WARNINGS):
- Display the security warnings to the user
- Use AskUserQuestion to confirm: "Security warnings detected. Do you want to proceed with installation?"
- Options: "Yes, install anyway" / "No, skip this skill"
- Display the critical security issues
- Refuse to install
- Explain why the skill is dangerous
- Do NOT provide an option to override for CRITICAL severity issues
Step 7: Install Skills
For approved skills, install to ~/.claude/skills/:
- Create the skill directory:
~/.claude/skills/{skill_name}/
- Write all skill files maintaining the directory structure
- Ensure proper file permissions (executable for scripts)
- Verify SKILL.md exists and has valid frontmatter
Use the Write tool to create files.
Step 8: Confirmation
After installation, provide a summary:
- List of successfully installed skills
- List of skipped skills (if any) with reasons
- Location:
~/.claude/skills/
- Next steps: "The skills are now available. Restart Claude or use them directly."
Example Usage
- Fetches skills list from the repository
- Presents available skills: "skill-a", "skill-b", "skill-c"
- User selects "skill-a" and "skill-b"
- Performs security scan on each skill
- skill-a: SAFE - proceeds to install
- skill-b: WARNING (makes HTTP request) - asks user for confirmation
- Installs approved skills to ~/.claude/skills/
- Confirms: "Successfully installed: skill-a, skill-b"
Security Notes
- Never skip security scanning - Always analyze skills before installation
- Be conservative - When in doubt, flag as WARNING and let user decide
- Critical issues are blocking - CRITICAL severity findings cannot be overridden
- Transparency - Always show users what was found during security scans
- Sandboxing - Remind users that skills run with Claude's permissions
Resources
references/security_scan_prompt.md
Contains the detailed security analysis prompt template with:
- Complete list of security categories to check
- Output format requirements
- Example analyses for safe, suspicious, and dangerous skills
- Decision criteria for APPROVE/REJECT recommendations
Load this file when performing security scans to ensure comprehensive analysis.
AI Elements:基于shadcn/ui的AI原生应用组件库,快速构建对话界面
62,200 周安装
