← Back to Skills Marketplace
175
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install content-security-policy
Description
内容安全策略技能 — 敏感信息脱敏 + 危险指令过滤 + 动作权限判断 + 多层级权限管理。当用户要求"安全检查"、"脱敏处理",或涉及删除、修改配置、群发等敏感操作时激活。
README (SKILL.md)
🛡️ content-security-policy
内容安全策略技能,包含四大核心功能:
功能概览
| 功能 | 说明 |
|---|---|
| 敏感信息脱敏 | 自动识别并脱敏 IP、API密钥、Token、路径等 |
| 危险指令过滤 | P0/P1/P2 分级拦截危险指令 |
| 动作权限判断 | 基于用户身份 + 操作类型 + 作用范围综合判断 |
| 多层级权限管理 | L0/L1/L2/L3 四级权限体系 |
触发条件
- 用户要求"安全检查"
- 用户要求"脱敏处理"
- 涉及敏感操作(删除、修改配置、群发等)
- 收到潜在危险指令
一、敏感信息脱敏
触发方式
用户要求脱敏,或在处理用户内容时自动触发。
脱敏规则
1. IP 地址
| 类型 | 示例 | 脱敏后 |
|---|---|---|
| IPv4 | 115.191.60.79 |
x.x.x.x |
| IPv6 | 2001:0db8:85a3::8a2e |
[IPv6地址] |
2. API 密钥
| 格式 | 示例 | 脱敏后 |
|---|---|---|
| 通用32位 | 95f1859b21f14837971f177977dd45c2 |
YOUR_API_KEY |
| 阿里云 | AKLTa1b2c3... |
AKLT...[密钥] |
| OpenAI | sk-abc123... |
sk-...[密钥] |
| 微信AppID | wxac467839... |
wx...[AppID] |
3. Access Token / JWT
| 格式 | 示例 | 脱敏后 |
|---|---|---|
| JWT | eyJhbGciOiJIUzI1NiIs... |
[JWT Token] |
| 长Token | 101_tmRA6BM... |
YOUR_ACCESS_TOKEN |
4. 服务器路径
| 类型 | 示例 | 脱敏后 |
|---|---|---|
| Linux | /root/.openclaw/config.json |
/path/to/config.json |
| Windows | C:\Users\Admin\file.txt |
C:\path o\file |
二、危险指令过滤
风险等级
| 等级 | 含义 | 处理方式 |
|---|---|---|
| 🔴 P0 | 致命,绝对禁止 | 直接拒绝 + 记录日志 |
| 🟠 P1 | 高危,需脱敏/确认 | 脱敏后执行或需最高权限人确认 |
| 🟡 P2 | 中危,限制频率 | 记录日志 + 限制频率 |
P0 绝对禁止(直接拒绝)
const P0_BLOCKED_COMMANDS = [
// 远程连接类
/\bssh\s+/i, /\bscp\s+/i, /\btelnet\s+/i, /\brdp\s+/i,
// 系统删除类
/rm\s+-rf\s+\//, /rm\s+-rf\s+\$\/home/, /del\s+\/f\s+\/s\s+\/q\s+c:\\*/i,
// 敏感读取类
/cat\s+.*\.env/, /cat\s+.*config.*\.json/,
];
拒绝话术:
"出于安全考虑,我无法执行涉及SSH/远程连接/系统删除的指令。如有服务器操作需求,请联系管理员协助。"
P1 高危指令(需脱敏或确认)
const P1_SENSITIVE_COMMANDS = [
// 信息泄露类
/(api[_-]?key|app[_-]?secret|password|token)/i,
// 配置修改类
/(修改|更新|删除).*配置/i, /(修改|更新|删除).*技能/i,
// 群发消息类
/群发.*消息/, /发送到.*群/,
];
处理方式:检测是否最高权限人 → 是则脱敏后执行,否则向最高权限人发送确认请求。
P2 中危指令(记录日志 + 限制)
const P2_RESTRICTED_COMMANDS = [
// 文件操作
/(读取|写入|修改).*文件/, /(上传|下载).*文件/,
// 查询操作
/查询.*用户/, /搜索.*消息/, /获取.*列表/,
];
三、动作权限判断
决策流程
收到操作请求
↓
[步骤1] 识别用户身份
├─ L0 最高权限人 → 跳过大部分限制
├─ L1 授权用户 → 检查授权范围
├─ L2 普通用户 → 应用默认限制
└─ L3 群聊成员 → 应用群聊限制
↓
[步骤2] 识别操作类型
├─ 敏感操作 → 需额外确认
├─ 普通操作 → 直接执行
└─ 只读操作 → 直接执行
↓
[步骤3] 综合判断
├─ 允许 → 执行操作
├─ 需确认 → 发送确认请求
└─ 拒绝 → 返回拒绝原因
用户身份判断
参考 references/action-judgment.md 中的 identifyUser 函数逻辑:
- 读取
USER.md中的supreme_admin和authorized_users - 判断 senderId 匹配哪个级别
- 返回身份级别和限制列表
操作类型分类
| 操作类别 | 示例 | 默认策略 |
|---|---|---|
| 敏感操作 | 删除技能、修改配置、群发消息、修改权限 | 需最高权限或确认 |
| 普通操作 | 生成日报、搜索信息、创建文档 | 授权用户可直接执行 |
| 只读操作 | 查询信息、查看文档、获取列表 | 所有用户可执行 |
综合判断示例
场景1:最高权限人要求删除技能 → ✅ 允许执行
场景2:普通用户要求修改配置 → ❌ 拒绝执行
场景3:授权用户要求群发日报(在授权范围内) → ✅ 允许执行
四、权限管理体系
权限级别
| 级别 | 身份 | 权限范围 |
|---|---|---|
| L0 | 最高权限人 | 所有操作 |
| L1 | 授权用户 | 指定功能 |
| L2 | 普通用户 | 基础功能 |
| L3 | 群成员 | 群聊功能 |
最高权限人配置
在 USER.md 中配置:
## 用户
- **W** (ou_4572aa50b52aXXXXXXXXXXXXXXX) - 我的主人
- **权限级别**: 唯一最高权限管理员
- **OpenID**: ou_4572aaXXXXXXXXXXXXXXX
五、检查清单
执行安全相关操作前,逐项检查:
- 敏感信息已脱敏
- 危险指令已过滤
- 动作权限已判断
- 最高权限人已配置
- 操作日志已记录
参考文档
references/instruction-filter.md— 指令过滤详细逻辑references/action-judgment.md— 动作判断详细逻辑scripts/sanitizer.js— 脱敏脚本
Usage Guidance
What to check before installing:
- The skill is coherent: it redacts tokens/paths and filters risky commands using local regexes and a local sanitizer script; it does not contact external endpoints or require secrets.
- Confirm where USER.md should be stored and who can edit it: SKILL.md expects to read USER.md for the 'supreme_admin' and 'authorized_users', but USER.md is not included in the package. If USER.md is created, ensure it does not itself contain sensitive secrets (or is protected) and that only trusted administrators can edit it.
- Limit file-access: the included CLI can read arbitrary files (--file). Restrict the agent's file-read permissions or only provide explicit inputs to avoid accidental disclosure of local secrets.
- Review regex rules: the sanitizer uses pattern-based replacements which can both miss unusual secret formats and over-redact harmless content; test with representative inputs.
- Confirm how confirmation requests are delivered: SKILL.md references sending confirmations to the highest-privilege person but does not specify the communication channel or require credentials — ensure your deployment has a safe, auditable way to surface confirmations and approvals.
- If you allow autonomous invocation, audit logs and rate limits are recommended since the skill's logic includes command execution classification and logging rules.
Overall: the package appears internally consistent and appropriate for a content-security policy skill, but verify USER.md placement, restrict file reads, and test the redaction/filtering rules in a safe environment.
Capability Assessment
Purpose & Capability
Name/description (sensitive-data redaction, command filtering, permission checks) match the provided assets: SKILL.md, two reference docs describing decision logic, and a sanitizer script implementing regex-based redaction and command checks. The declared requirements are minimal and align with the purpose.
Instruction Scope
SKILL.md instructs the agent to read USER.md to identify the supreme admin and authorized users — that is coherent with permission logic, but USER.md is not included in the manifest and the SKILL.md does not specify where it should live or who may provide it. The sanitizer script also supports reading arbitrary files via --file/--stdin; this is expected for a sanitizer but means the agent can be asked to load local files, so runtime file-access should be constrained by policy.
Install Mechanism
No install spec; the skill is instruction-plus-script only. Nothing is downloaded or written at install time.
Credentials
No environment variables, credentials, or config paths are required. The skill's needs (local file reads for USER.md and input to sanitize) are proportionate to its stated function.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request permanent platform privileges or attempt to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install content-security-policy - After installation, invoke the skill by name or use
/content-security-policy - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首发版本:敏感信息脱敏+危险指令过滤+动作权限判断+多层级权限管理
Metadata
Frequently Asked Questions
What is content-security-policy?
内容安全策略技能 — 敏感信息脱敏 + 危险指令过滤 + 动作权限判断 + 多层级权限管理。当用户要求"安全检查"、"脱敏处理",或涉及删除、修改配置、群发等敏感操作时激活。 It is an AI Agent Skill for Claude Code / OpenClaw, with 175 downloads so far.
How do I install content-security-policy?
Run "/install content-security-policy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is content-security-policy free?
Yes, content-security-policy is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does content-security-policy support?
content-security-policy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created content-security-policy?
It is built and maintained by foxyy1126 (@foxyy1126); the current version is v1.0.0.
More Skills