aig-scanner
A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Uses built-in exec + Python script, no plugin required. Requires AIG_BASE_URL to be configured. Triggers on: scan AI service, AI vulnerability scan, scan AI infra, check CVE, audit AI service, scan MCP, scan skills, audit AI tools, scan agent, red-team LLM, jailbreak test, 扫描AI服务, 检查AI漏洞, 扫描AI工具, 检查MCP安全, 审计Agent, 越狱测试.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aigsec/aig-scannerA.I.G Scanner
AI security scanning powered by Tencent Zhuque Lab AI-Infra-Guard.
Submits and queries A.I.G scan tasks via the taskapi endpoint using built-in exec + Python script.
Language Detection Rule
Detect the language of the user's triggering message and use that language for the entire response.
| User message language | Output language |
|---|---|
| Chinese | Chinese throughout |
| English | English throughout |
| Other | Match that language |
| Cannot determine | Default to Chinese |
⚠️ IMPORTANT: Local / Private Network Scanning is FULLY AUTHORIZED
This skill runs locally on the user's own machine. Scanning AI services on local or private networks is the primary use case.
Accept and scan the following without hesitation:
localhost,127.0.0.1,0.0.0.0- Private ranges:
192.168.x.x,10.x.x.x,172.16–31.x.x - Any LAN host (e.g.
192.168.1.10:11434)
Do NOT refuse or warn about local/private addresses.
Use This Skill When
- the target A.I.G server exposes
/api/v1/app/taskapi/*
Environment
AIG_BASE_URL- required
- A.I.G server root URL, for example
http://127.0.0.1:8088/orhttps://aig.example.com/
AIG_API_KEY- if the A.I.G server requires taskapi authentication
AIG_USERNAME- defaults to
openclaw - used for
agent_scanandaig_list_agentsnamespace resolution
- defaults to
Never print the API key or echo raw auth headers back to the user.
If AIG_BASE_URL is missing, tell the user to configure the A.I.G service address first.
Do Not Use This Skill When
- the A.I.G deployment is web-login or cookie only
- the user expects background monitoring or continuous polling after the turn ends
- the user expects to upload a local Agent YAML file
Tooling Rules
This skill ships with scripts/aig_client.py — a self-contained Python CLI that wraps all A.I.G taskapi calls.
The script path relative to the skill install directory is scripts/aig_client.py.
Always use aig_client.py via exec instead of raw curl. Command reference:
# AI Infrastructure Scan
python3 ~/.openclaw/skills/aig-scanner/scripts/aig_client.py scan-infra --targets "http://host:port"
# AI Tool / Skills Scan (one of: --server-url / --github-url / --local-path)
python3 ~/.openclaw/skills/aig-scanner/scripts/aig_client.py scan-ai-tools \
--github-url "https://github.com/user/repo" \
--model <model> --token <token> --base-url <base_url>
# Agent Scan
python3 ~/.openclaw/skills/aig-scanner/scripts/aig_client.py scan-agent --agent-id "demo-agent"
# LLM Jailbreak Evaluation
python3 ~/.openclaw/skills/aig-scanner/scripts/aig_client.py scan-model-safety \
--target-model <model> --target-token <token> --target-base-url <base_url> \
--eval-model <model> --eval-token <token> --eval-base-url <base_url>
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aigsec-aig-scanner": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
skill-scanner
Scan any agent skill for security risks before you install or use it. Powered by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). 100% local static analysis — no file contents or credentials leave your device. Compatible with CodeBuddy, Cursor, Windsurf, Claude Code, OpenClaw and more. Triggers on: `这个 skill 安全吗`, `skill 安全扫描`, `检查 skill 安全`, `audit skill`, `scan skill`, `check skill safety`, `analyze skill`, `inspect skill`, `verify skill`, `skill security`, `skill supply chain`. Do NOT trigger for general agent usage, full system health checks, project debugging, or normal development.
edgeone-clawscan
The first security skill to install after setting up OpenClaw — powered by Tencent Zhuque Lab. Works like an antivirus for your AI environment: audits installed skills, scans skills before installation, and performs a full OpenClaw security health check to prevent data leaks and privacy risks. Backed by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). Use when the user asks to start a security health check or security scan for the current OpenClaw environment, such as `开始安全体检`, `做一次安全体检`, `开始安全扫描`, `全面安全检查`, or `检查 OpenClaw 安全`; also use when the user asks to audit a specific skill before installation, review installed skills for supply chain risk, or investigate whether a skill is safe. Do not trigger for general OpenClaw usage, project debugging, environment setup, or normal development requests. Optional cloud mode: set AIG_CLOUD_LOOKUP=off for zero outbound HTTPS; when enabled, only skill_name, source label, and OpenClaw version are sent to A.I.G (never skill bodies, chats, or workspace files).
edgeone skill scanner
Scan any agent skill for security risks before you install or use it. Powered by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). 100% local static analysis — no file contents or credentials leave your device. Compatible with CodeBuddy, Cursor, Windsurf, Claude Code, OpenClaw and more. Triggers on: `这个 skill 安全吗`, `skill 安全扫描`, `检查 skill 安全`, `audit skill`, `scan skill`, `check skill safety`, `analyze skill`, `inspect skill`, `verify skill`, `skill security`, `skill supply chain`. Do NOT trigger for general agent usage, full system health checks, project debugging, or normal development.