← Back to Skills Marketplace

Byted Security Clawsentry

Name: Byted Security Clawsentry
Author: volcengine-skills

by volcengine-skills · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

167

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install byted-security-clawsentry

Description

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...

README (SKILL.md)

ClawSentry

Agent Rules

IMPORTANT: You MUST follow these steps EXACTLY when using this skill:

FIRST: Verify Node.js is installed on the system (version 14 or higher).
SECOND: Execute the script node {baseDir}/scripts/bundle.js.
THIRD: Verify the script executed successfully by checking:
- Check the script exit code: 0 means success, non-0 means failure
- Look for success output: "Login URL generated successfully:" in the script output
- Look for the line that starts with [LOGIN_URL]: in the script output
- Check if {baseDir}/.state/login_state.json file exists and contains a valid loginUrl field
- If the file doesn't exist, wait a few seconds and try again
- If you can't find the files, try looking in .openclaw/skills/ClawSentry/scripts/ directory
FOURTH: After confirming the script succeeded, get the login URL using ONE of these methods (in this priority order):
- Extract from the script output by looking for the line that starts with [LOGIN_URL]:
- Read from {baseDir}/.state/login_state.json file (look for the loginUrl field)
FIFTH: Send the login URL to the user along with this message: "After completing login, please send me a message saying you have successfully logged in (e.g., '我已经注册成功了', '我已经登录成功了', '我已经注册好了', '登录好了', '登录上了')."
SIXTH: After sending the login URL to the user, you MUST perform the following monitoring for 10 minutes (600 seconds): a. EVERY MINUTE, check if the process bundle.js --login-token is running using the command: ps aux | grep "bundle.js --login-token" b. If the process IS running: continue monitoring until the 10 minutes expire c. If the process IS NOT running: i. Read {baseDir}/.state/login_state.json file and check the enable field ii. If enable is true: END the conversation immediately iii. If enable is false: - Read loginToken and deviceFingerprint from {baseDir}/.state/login_state.json - Restart the process with: node {baseDir}/scripts/bundle.js --login-token [loginToken] --device-fingerprint [deviceFingerprint] d. Stop monitoring after 10 minutes have elapsed

DO NOT skip any steps. DO NOT modify the order of steps. ALWAYS verify the script succeeded before proceeding.

Use Cases

Use this skill when you need to install and prepare the ai-assistant-security-openclaw plugins for the OpenClaw environment on the current machine.
Trigger this skill when the user mentions requirements such as "install clawSentry / ai-assistant-security-openclaw plugin / install byted-security-clawsentry / 使用byted-security-clawsentry技能安装安全插件".

Steps

1. Verify Node.js is installed:

Ensure Node.js (version 14 or higher) is installed on the system. You can check with:

node --version

2. Execute the combined script to install plugin and generate login link:

node {baseDir}/scripts/bundle.js

After the script completes:

The script will display the login URL directly. You can also extract it from the output by looking for the line that starts with [LOGIN_URL]:
You can also read the login URL from {baseDir}/.state/login_state.json file (look for the loginUrl field). If the file doesn't exist, try reading it again after a few seconds. If you can't find the files, try looking in .openclaw/skills/ClawSentry/scripts/ directory.
Send the login URL to the user along with this message: "After completing login, please send me a message saying you have successfully logged in (e.g., '我已经注册成功了', '我已经登录成功了', '我已经注册好了', '登录好了', '登录上了')."

Usage Guidance

This skill bundles a minified Node script and instructs the agent to run it, read {baseDir}/.state/login_state.json (which contains loginUrl, loginToken, deviceFingerprint), send the login URL to the user, and monitor/restart a background process. Before installing: (1) Treat this as potentially high‑privilege — run only in an isolated/sandbox environment. (2) Inspect the full readable source of scripts/bundle.js (de‑minify if needed) to confirm where login URLs are sent and which network endpoints are contacted. (3) Verify the purpose of collecting machine identifiers and whether you consent to device fingerprinting. (4) Do not run on sensitive production hosts; prefer a disposable machine or container. (5) If you need this functionality, ask the publisher for an auditable non‑minified release, clear privacy/endpoint documentation, and exact list of files the skill will read/write.

Capability Analysis

Type: OpenClaw Skill Name: byted-security-clawsentry Version: 1.0.0 The bundle is a legitimate installer for 'ClawSentry', a security plugin from Volcengine (ByteDance). The `scripts/bundle.js` file automates the installation using the `openclaw` CLI, generates a unique hardware ID for device fingerprinting, and communicates with a dedicated backend (`llm-shield.omini-shield.com`) to facilitate user authentication. The `SKILL.md` file contains operational instructions for the AI agent to monitor the background configuration process and guide the user through a login flow, which is consistent with the stated purpose of setting up a security monitoring service.

Capability Assessment

⚠ Purpose & Capability

The skill claims to install and configure security plugins, which can legitimately require running an installer and performing an authorization flow. However, the bundled code and SKILL.md also access machine identifiers and local login tokens and instruct the agent to manage a persistent process, which goes beyond a simple installer and is not declared in the skill metadata.

⚠ Instruction Scope

SKILL.md explicitly instructs the agent to run a bundled script, read {baseDir}/.state/login_state.json (to extract loginUrl, loginToken, deviceFingerprint, and an enable flag), to send the login URL to the user, and to monitor/respawn a process for 10 minutes using shell commands (ps | grep and node ... --login-token ...). These steps require reading local files that may contain secrets and running arbitrary commands; the instructions are specific and extend the agent's access to local state and process management.

ℹ Install Mechanism

There is no external install spec (no network download), the skill is instruction‑only plus a bundled scripts/bundle.js. That reduces certain supply‑chain risks, but bundle.js is large and minified/packed which makes auditing difficult and hides behavior. The script includes child_process usage and OS-specific commands (execSync) in its bundle.

⚠ Credentials

The registry metadata declares no required env vars or config paths, yet the runtime instructions and bundled script read system identifiers (machine id via OS commands) and local state files containing loginToken and deviceFingerprint. Accessing these device identifiers and tokens is sensitive and not declared, creating a mismatch between claimed requirements and actual data access.

ℹ Persistence & Privilege

The skill does not set always:true and does not claim to persist in agent configuration, but it instructs starting and monitoring a long‑running process (bundle.js --login-token) and to restart it if it stops during a 10‑minute monitoring window. This grants transient process control but not permanent platform privileges; combined with access to tokens and device fingerprint it raises operational risk.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install byted-security-clawsentry
After installation, invoke the skill by name or use /byted-security-clawsentry
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

byted-security-clawsentry v1.0.0 - Initial release for installing and configuring security-related plugins required by OpenClaw, including ai-assistant-security-openclaw. - Provides a strict step-by-step process for installation, script execution, login URL extraction, and post-login monitoring. - Supports use cases for quickly setting up security plugins in OpenClaw environments. - Includes detailed operational instructions and agent rules to ensure reliable execution and user guidance.

Metadata

Slug byted-security-clawsentry

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Byted Security Clawsentry?

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want... It is an AI Agent Skill for Claude Code / OpenClaw, with 167 downloads so far.

How do I install Byted Security Clawsentry?

Run "/install byted-security-clawsentry" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Byted Security Clawsentry free?

Yes, Byted Security Clawsentry is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Byted Security Clawsentry support?

Byted Security Clawsentry is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Byted Security Clawsentry?

It is built and maintained by volcengine-skills (@volcengine-skills); the current version is v1.0.0.

More Skills