← Back to Skills Marketplace
安全技能插座
by
caidongyun
· GitHub ↗
· v2.2.1
· MIT-0
260
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install security-skill-hub
Description
安全技能插座 - 统一的安全技能管理和调用平台 这是一个安全技能的"插座"框架,提供统一的安全能力入口。已集成以下技能: **全网技能搜索 (ClawHub)**: - clawhub: 从 clawhub.com 搜索安装全网技能 **信息收集类**: - collector-strategy: 采集策略Ski...
Usage Guidance
This skill is an aggregator that instructs the agent to download and run other security skills (via clawhub) and to read/write ~/.openclaw/workspace/skills. The metadata omits required binaries and provenance. Before installing: 1) Confirm the source repository or homepage and review its code/commits; 2) Ensure 'clawhub' is a trusted installer and inspect what it will download; 3) Do not run these tools with elevated privileges; 4) Prefer installing in an isolated/sandboxed environment and review each child skill's required credentials before granting them; 5) If the author cannot provide a verifiable source or a list of vetted skill packages, treat installs as high risk.
Capability Analysis
Type: OpenClaw Skill
Name: security-skill-hub
Version: 2.2.1
The skill bundle acts as a centralized 'Security Skill Hub' or registry, providing instructions for an AI agent to route requests to various security-related tools (e.g., vulnerability scanners, IOC validators, and malware analyzers). It includes metadata in `_meta.json` and organizational instructions in `SKILL.md` that define how to use a skill manager called `clawhub` to search and install additional capabilities from `clawhub.com`. No malicious code, data exfiltration logic, or harmful prompt injections were found; the bundle's behavior is entirely consistent with its stated purpose of managing security skills.
Capability Assessment
Purpose & Capability
The described purpose (a hub/plug-in manager for security skills) is coherent with the SKILL.md content. However, the instructions reference using the 'clawhub' CLI and managing files under ~/.openclaw/workspace/skills, yet the skill metadata declares no required binaries or config paths. That mismatch (declaring nothing required while the runtime doc expects a CLI and a workspace path) is unexplained.
Instruction Scope
SKILL.md tells the agent to search, install, update and compose third-party skills (e.g., using 'clawhub install', reading/writing ~/.openclaw/workspace/skills). Although the file itself doesn't include code, following these instructions will cause network downloads and filesystem writes and will enable running other skills with potentially broader privileges. There is no guidance about vetting, sandboxing, or limiting what gets installed.
Install Mechanism
There is no install spec (instruction-only), which is low-risk by itself, but the instructions explicitly rely on an external installer (clawhub) to download and install skills. That transfers install risk to clawhub and any skills it fetches; the hub provides no provenance, checksums, or trusted sources. The lack of declared dependency on the clawhub binary is inconsistent.
Credentials
The skill declares no required environment variables or credentials (which is reasonable for a hub). However, the hub is explicitly intended to install and orchestrate many downstream security skills—those child skills may request unrelated secrets/permissions. The hub gives no guidance about which credentials those downstream skills may require.
Persistence & Privilege
always:false (normal) and the skill does not request elevated privileges. It does assume a workspace path (~/.openclaw/workspace/skills) for storing skills, meaning it expects to write to the user's home directory. That behavior is plausible for a hub but should be explicit in metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install security-skill-hub - After installation, invoke the skill by name or use
/security-skill-hub - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.1
- 新增与完善了 SKILL.md 文档,详细梳理与分组所有已集成技能及其应用场景
- 扩展了说明文档,增加了调用示例、技能注册与扩展指引
- 明确了每类安全能力对应的技能及触发关键词,提升易用性
- 细化对 ClawHub 全网技能搜索与技能管理的使用说明
- 信息结构更清晰,便于查找与组合安全技能
Metadata
Frequently Asked Questions
What is 安全技能插座?
安全技能插座 - 统一的安全技能管理和调用平台 这是一个安全技能的"插座"框架,提供统一的安全能力入口。已集成以下技能: **全网技能搜索 (ClawHub)**: - clawhub: 从 clawhub.com 搜索安装全网技能 **信息收集类**: - collector-strategy: 采集策略Ski... It is an AI Agent Skill for Claude Code / OpenClaw, with 260 downloads so far.
How do I install 安全技能插座?
Run "/install security-skill-hub" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 安全技能插座 free?
Yes, 安全技能插座 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 安全技能插座 support?
安全技能插座 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 安全技能插座?
It is built and maintained by caidongyun (@caidongyun); the current version is v2.2.1.
More Skills