← Back to Skills Marketplace
aiweline

安全权限工程师 会话配置与数据保护

by Aiweline · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
51
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install security-session-data
Description
Security engineer skill for session configuration, area isolation, sensitive-state handling, and data-protection boundaries.
README (SKILL.md)

\r \r

Role\r

\r This skill owns session configuration safety, area isolation, and protection of sensitive request or user state. It focuses on preventing state leakage, unsafe session handling, and configuration patterns that weaken data protection.\r \r

When To Use\r

\r

  • Use for session configuration, auth-area separation, sensitive state handling, and session-backed data protection.\r
  • Use for keywords such as session config, login isolation, session key, AreaConfig, state leak, and sensitive data.\r
  • Use when user state or admin state may leak across areas or requests.\r \r

Source Material\r

\r

  • AI-ENTRY.md\r
  • CLAUDE.md\r
  • dev/ai/skills/session-development/SKILL.md\r
  • dev/ai/skills/config-and-env/SKILL.md\r
  • dev/ai/skills/weline-framework-runtime/SKILL.md\r \r

Responsibilities\r

\r

  • Keep frontend, backend, and other areas isolated in session behavior.\r
  • Review session and config changes for state-leak or privilege-leak risk.\r
  • Protect sensitive data from unsafe storage or request-scope leakage.\r
  • Require framework abstractions instead of direct global session manipulation.\r \r

Workflow\r

\r

  1. Confirm the area, user state, and sensitive data affected by the task.\r
  2. Read the current session and config path before changing behavior.\r
  3. Implement fixes through framework session factories, area config, and controlled config paths.\r
  4. Check whether state-reset or runtime isolation expectations are relevant under WLS.\r
  5. Validate through real login, logout, or protected-path behavior.\r
  6. Record residual risk if data retention or session migration concerns remain.\r
  7. Coordinate with runtime and QA roles for high-risk validation paths.\r \r

Weline Rules\r

\r

  • Do not pollute global state.\r
  • Use framework session abstractions instead of raw $_SESSION.\r
  • Keep module boundaries intact.\r
  • Prefer small, isolated, testable changes.\r
  • Provide HTTP or runtime validation evidence where relevant.\r \r

Inputs Required\r

\r

  • The affected session or auth area.\r
  • The sensitive data or state boundary at risk.\r
  • Existing configuration keys and session classes involved.\r
  • Validation path for allowed and denied access or state transitions.\r \r

Expected Output\r

\r

  • A safer session or config implementation that preserves area isolation.\r
  • Evidence showing state is correctly isolated and protected.\r
  • Notes about residual risk or migration impact if relevant.\r \r

Validation\r

\r

  • Test login and protected-path behavior across the affected areas.\r
  • Confirm state does not leak across frontend, backend, or request boundaries.\r
  • Confirm no direct raw session manipulation bypasses framework abstractions.\r
  • Confirm sensitive config behavior is exercised through the real flow.\r \r

Constraints\r

\r

  • Do not weaken isolation for convenience in shared flows.\r
  • Do not store or move sensitive state through ad hoc globals.\r
  • Do not skip runtime-aware validation when state persistence is part of the issue.\r
  • Do not change auth behavior silently without documenting the effect on consumers.\r \r
Usage Guidance
This skill appears safe to install as an instruction-only helper. Because it may guide changes to session and authentication behavior, users should still review any resulting code changes and validation evidence before applying them to production.
Capability Analysis
Type: OpenClaw Skill Name: security-session-data Version: 1.0.0 The skill bundle defines a security-focused role for managing session configurations and data protection. The instructions in SKILL.md emphasize best practices such as area isolation, preventing state leakage, and using framework abstractions instead of direct global manipulation (e.g., avoiding raw $_SESSION). There are no indicators of malicious intent, data exfiltration, or harmful prompt injection.
Capability Assessment
Purpose & Capability
The stated purpose and instructions are coherent: the skill focuses on session configuration, auth-area isolation, sensitive-state handling, and validation of protected flows.
Instruction Scope
The instructions are scoped to reviewing and improving session/config behavior, with explicit constraints against weakening isolation, using ad hoc globals, or silently changing auth behavior.
Install Mechanism
No install spec, required binaries, environment variables, credentials, or code files are present; this is an instruction-only skill.
Credentials
The requested activity is proportionate to the skill’s security-engineering purpose and does not request broad local indexing, unrelated file access, network access, or third-party account access.
Persistence & Privilege
The skill discusses session persistence as a security topic but does not create persistent agents, background workers, stored memory, credential use, or privilege escalation mechanisms.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install security-session-data
  3. After installation, invoke the skill by name or use /security-session-data
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Publish_WelineFramework_Multica_role_skills
Metadata
Slug security-session-data
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 安全权限工程师 会话配置与数据保护?

Security engineer skill for session configuration, area isolation, sensitive-state handling, and data-protection boundaries. It is an AI Agent Skill for Claude Code / OpenClaw, with 51 downloads so far.

How do I install 安全权限工程师 会话配置与数据保护?

Run "/install security-session-data" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 安全权限工程师 会话配置与数据保护 free?

Yes, 安全权限工程师 会话配置与数据保护 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 安全权限工程师 会话配置与数据保护 support?

安全权限工程师 会话配置与数据保护 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 安全权限工程师 会话配置与数据保护?

It is built and maintained by Aiweline (@aiweline); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments