← Back to Skills Marketplace

个人数字安全体检

Name: 个人数字安全体检
Author: freedompixels

by freedompixels · GitHub ↗ · v1.3.0 · MIT-0

cross-platform ✓ Security Clean

196

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install security-health-check

Description

检查邮箱泄露和密码强度，生成安全评分报告。

Usage Guidance

该 Skill 当前实现与其描述一致：本地运行的 Python 脚本会向 haveibeenpwned 的公开 API 查询邮箱泄露并对密码做本地强度与 k-匿名前缀查询（密码本身不会被上传）。在安装或使用前请注意： - 来源与维护者信息不完整（source=unknown、无主页），安装前最好审查脚本或仅在受信任环境/隔离容器中运行。 - 不要在不信任的环境中输入高价值的实时秘密（例如当前使用的工作密码）；尽量用测试密码或先审阅代码。 - 如果将来使用或升级到“Enterprise”计划，注意那些功能会需要额外权限（GitHub tokens、云/企业 API 凭据、内网扫描工具等）；只在完全信任且经过审批的情况下提供这些凭据。 - HIBP 有速率限制；如需频繁查询，配置个人 HIBP_API_KEY 并了解该密钥的存储/使用方式。

Capability Analysis

Type: OpenClaw Skill Name: security-health-check Version: 1.3.0 The skill bundle is a legitimate security utility for checking email breaches and password strength. The script `scripts/security_check.py` correctly implements k-anonymity for password checks by sending only the first five characters of a SHA1 hash to the Pwned Passwords API, ensuring the full password never leaves the local environment. It uses standard libraries and the official Have I Been Pwned (HIBP) API for email checks, with no evidence of data exfiltration, malicious execution, or prompt injection.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

Skill 名称/描述（邮箱泄露检查、密码强度分析、生成报告）与实际文件匹配：scripts/security_check.py 实现了 HIBP 邮箱泄露查询、pwned passwords k-匿名查询（发送 SHA1 前缀）和本地密码强度评分。README 与 SKILL.md 的依赖声明（certifi、可选 HIBP_API_KEY）也一致。

✓ Instruction Scope

SKILL.md 指示仅运行本地 Python 脚本并传入 --email/--password 等参数；脚本只访问 haveibeenpwned 的 API（breachedaccount 与 pwnedpasswords），并在本地计算密码熵与生成报告。没有发现指令或代码去读取与任务无关的系统路径、未申明的环境变量或向非声明服务发送数据。

✓ Install Mechanism

无 install spec（instruction-only + 附带的 Python 脚本），不会在安装阶段从不明 URL 下载或在系统写入未声明的二进制。运行时需要 Python 与少量 Python 包（certifi），属于低风险安装/执行模式。

ℹ Credentials

当前版本不要求任何必需环境变量；脚本可选读取 HIBP_API_KEY（用于提升速率配额），这一点与功能直接相关且合适。提示：ENTERPRISE_PLAN 文档列出了未来扩展（GitHub API、AWS、企业 OAuth 等），这些将需要额外凭据——在升级或安装更高级版本前，应确认并仅提供必要且可信的凭证。

✓ Persistence & Privilege

flags: always=false，默认允许用户调用且不会强制常驻；脚本也不修改其他技能或系统级配置。没有发现写入/持久化平台配置或自动开启自身的行为。

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install security-health-check
After installation, invoke the skill by name or use /security-health-check
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.3.0

v1.3.0: 文档优化，简化功能描述

v1.2.1

**Summary:** Minor update introducing enterprise plan information and simplifying documentation. - Added ENTERPRISE_PLAN.md file. - Simplified and shortened SKILL.md instructions and descriptions. - Kept core features: email breach check, password strength test, and security score report. - Clarified data privacy approach and usage examples.

v1.2.0

Fix SSL verification and HIBP API key handling

v1.1.1

移除未实现的飞书同步描述

v1.1.0

v1.1.0: 增加2FA检测、隐私评分、安全建议报告，增强安全评分逻辑

v1.0.0

Initial release: email breach check, password strength analysis, security scoring, personal security health report

Metadata

Slug security-health-check

Version 1.3.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 6

Frequently Asked Questions

What is 个人数字安全体检?

检查邮箱泄露和密码强度，生成安全评分报告。 It is an AI Agent Skill for Claude Code / OpenClaw, with 196 downloads so far.

How do I install 个人数字安全体检?

Run "/install security-health-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 个人数字安全体检 free?

Yes, 个人数字安全体检 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 个人数字安全体检 support?

个人数字安全体检 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 个人数字安全体检?

It is built and maintained by freedompixels (@freedompixels); the current version is v1.3.0.

More Skills