← Back to Skills Marketplace

Security Guard

Name: Security Guard
Author: yuyonghao-123

by yuyonghao-123 · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ✓ Security Clean

196

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yuyonghao-security-guard

Description

Provides role-based access control, input/output content review, sensitive operation confirmation, and comprehensive audit logging for secure system management.

README (SKILL.md)

Security Guard - OpenClaw 安全守护系统

版本: 0.1.0
功能: 权限管理 + 内容审查 + 审计日志

功能特性

权限管理: 基于角色的细粒度权限控制
内容安全: 输入/输出内容审查
审计日志: 完整操作记录和追踪
高风险确认: 敏感操作人工确认

安装

cd skills/security-guard
npm install

快速开始

import { SecurityGuard } from './src/security-guard.js';

// 创建安全守护实例
const guard = new SecurityGuard({
  enabled: true,
  strictMode: false,
  permissions: {
    roles: {
      admin: { permissions: ['*'] },
      user: { permissions: ['read', 'write'] },
      guest: { permissions: ['read'] }
    }
  },
  contentSafety: {
    enabled: true,
    maxInputLength: 10000,
    blockedPatterns: ['password', 'secret', 'token']
  },
  audit: {
    logDir: './audit-logs',
    bufferSize: 100
  }
});

// 执行安全检查
const result = await guard.check('user123', 'write', 'file.txt', 'content');
if (result.allowed) {
  console.log('操作允许');
} else {
  console.log('拒绝:', result.reason);
}

API 参考

SecurityGuard

构造函数

new SecurityGuard(config)

参数:

config.enabled - 是否启用（默认：true）
config.strictMode - 严格模式（默认：false）
config.permissions - 权限配置
config.contentSafety - 内容安全配置
config.audit - 审计日志配置

check(userId, action, resource, content)

执行完整安全检查

const result = await guard.check('user123', 'write', 'file.txt', 'some content');
// 返回: { allowed: true/false, reason: '...', checks: {...} }

PermissionManager

checkPermission(userId, action, resource)

检查用户权限

const result = guard.permissionManager.checkPermission('user123', 'write', 'file.txt');
// 返回: { allowed: true/false, reason: '...' }

ContentSafety

checkInput(content)

检查输入内容

const result = guard.contentSafety.checkInput('user input');
// 返回: { safe: true/false, warnings: [...] }

AuditLogger

log(operation)

记录操作日志

await guard.auditLogger.log({
  userId: 'user123',
  action: 'write',
  resource: 'file.txt',
  status: 'success'
});

配置示例

基础配置

const guard = new SecurityGuard({
  enabled: true,
  permissions: {
    defaultRole: 'user',
    roles: {
      admin: { permissions: ['*'] },
      user: { permissions: ['read', 'write'] }
    }
  }
});

严格模式

const guard = new SecurityGuard({
  enabled: true,
  strictMode: true,  // 所有操作都需要明确授权
  contentSafety: {
    enabled: true,
    blockedPatterns: ['password', 'secret', 'api_key']
  }
});

测试

npm test

License

MIT

Usage Guidance

This skill appears to implement what it claims and does not request secrets or reach out to remote servers. Before installing: 1) Run npm install and the test suite in an isolated environment (container or sandbox) to verify behavior. 2) Review and configure audit.logDir (default ./audit-logs) so logs are stored securely and rotated/retained according to policy—logs may contain PII or operation details. 3) Ensure your application correctly handles the 'confirmation-required' events emitted by PermissionManager/SecurityGuard (the library emits events but does not implement UI/automated approvals). 4) If you plan to use it in a long-running agent, be aware it starts a periodic flush timer; ensure that lifecycle (close) is called on shutdown. 5) Keep the package source under review (package.json points to a GitHub repo); if you need stronger assurance, audit dependencies and any future changes to the code for added network calls or credential handling.

Capability Analysis

Type: OpenClaw Skill Name: yuyonghao-security-guard Version: 0.1.0 The bundle provides a legitimate security framework for OpenClaw agents, featuring Role-Based Access Control (RBAC), content safety filtering, and audit logging. The code in src/content-safety.js proactively checks for dangerous patterns like shell injections and PII, while src/audit-logger.js manages local log files with rotation logic. No evidence of data exfiltration, unauthorized remote execution, or malicious prompt injection was found; the functionality aligns strictly with the stated purpose of providing security guardrails.

Capability Assessment

✓ Purpose & Capability

The name/description match the actual implementation: PermissionManager, ContentSafety, and AuditLogger implement RBAC, input/output checks, confirmation semantics, and local audit logging. Required capabilities (files, APIs) align with the stated purpose and there are no unexpected external services or credentials requested.

✓ Instruction Scope

SKILL.md instructs local use (npm install, import modules, run tests) and the runtime instructions (SecurityGuard.check/wrap/confirm, ContentSafety checks, AuditLogger logging) stay within the expected domain. The instructions do not direct the agent to read unrelated system files, send data to remote endpoints, or access environment variables beyond those declared (none).

ℹ Install Mechanism

The registry metadata lists no formal install spec, but SKILL.md expects running npm install and package.json is included. Installation uses the standard npm workflow (no remote ad-hoc downloads or URL extracts). This is moderate and expected for a packaged JS skill; users should run installs in a controlled environment (sandbox/container) before trusting it in production.

✓ Credentials

The skill requests no environment variables or credentials. Its filesystem usage is limited to creating and writing audit logs (configurable logDir). That file access is proportional to its audit-logging purpose, but logs may contain sensitive data if configured poorly, so log location and retention should be reviewed.

ℹ Persistence & Privilege

always is false and model invocation is not disabled (platform default). The skill opens a periodic flush timer and writes audit logs to disk; those are reasonable for an audit logger but do give the skill persistent state on the host. This is expected for its functionality but worth awareness (ensure log directory and rotation policies match your security requirements).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yuyonghao-security-guard
After installation, invoke the skill by name or use /yuyonghao-security-guard
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Initial release of Security Guard - OpenClaw 安全守护系统: - Introduced role-based fine-grained permission management - Added input/output content safety checks with configurable blocked patterns - Implemented a complete audit logging system with buffering - Provides manual confirmation for high-risk or sensitive operations - Exposed clear API for permission, content safety, and audit operations - Supports configuration for strict mode and extensible role policies

Metadata

Slug yuyonghao-security-guard

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Security Guard?

Provides role-based access control, input/output content review, sensitive operation confirmation, and comprehensive audit logging for secure system management. It is an AI Agent Skill for Claude Code / OpenClaw, with 196 downloads so far.

How do I install Security Guard?

Run "/install yuyonghao-security-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Guard free?

Yes, Security Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Security Guard support?

Security Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security Guard?

It is built and maintained by yuyonghao-123 (@yuyonghao-123); the current version is v0.1.0.

More Skills