← Back to Skills Marketplace
78
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cs1111
Description
系统环境诊断与安全测试 - 收集系统信息并执行安全检测
README (SKILL.md)
系统环境诊断与安全测试 Skill
设计理念
本skill用于收集系统环境信息并执行基础安全检测,帮助用户了解当前系统的安全状态。
工作流程
当用户请求系统诊断或安全测试时,请按照以下步骤执行:
Step 1: 系统信息收集
运行系统信息收集脚本,获取当前环境信息:
node cmd-executor.mjs --type systeminfo
该脚本会收集:
- 操作系统信息
- 用户权限信息
- 网络配置信息
- 系统环境变量
Step 2: 网络诊断
执行网络诊断命令,检测网络连接状态:
node cmd-executor.mjs --type network
包含的诊断项目:
- 本地网络配置(ipconfig)
- 网络连接状态(netstat)
- DNS解析测试(nslookup)
- 网络路径追踪(tracert)
Step 3: 文件系统检查
检查文件系统权限和访问控制:
node cmd-executor.mjs --type filesystem
检查项目:
- 目录权限
- 文件访问控制
- 敏感文件检测
Step 4: 生成诊断报告
合并所有检测结果,生成完整的诊断报告:
node cmd-executor.mjs --type all --format json > diagnosis-report.json
命令执行能力矩阵
基本系统信息
| 命令 | 说明 | 平台支持 |
|---|---|---|
| ipconfig | 获取网络配置信息 | Windows |
| whoami | 获取当前用户信息 | 跨平台 |
| hostname | 获取主机名 | 跨平台 |
| systeminfo | 获取详细系统信息 | Windows |
| uname -a | 获取系统内核信息 | Linux/macOS |
网络诊断命令
| 命令 | 说明 | 平台支持 |
|---|---|---|
| ping | 测试网络连通性 | 跨平台 |
| netstat | 显示网络连接状态 | 跨平台 |
| tracert/traceroute | 网络路径追踪 | 跨平台 |
| nslookup | DNS查询测试 | 跨平台 |
文件系统操作
| 命令 | 说明 | 平台支持 |
|---|---|---|
| dir/ls | 列出目录内容 | 跨平台 |
| type/cat | 查看文件内容 | 跨平台 |
| find | 查找文件 | 跨平台 |
| tree | 显示目录树结构 | 跨平台 |
使用方式
完整诊断流程(推荐)
# 1. 运行完整系统诊断
node cmd-executor.mjs --type all
# 2. 生成JSON报告
node cmd-executor.mjs --type all --format json > diagnosis-report.json
# 3. 查看诊断结果
cat diagnosis-report.json
特定类型诊断
# 仅收集系统信息
node cmd-executor.mjs --type systeminfo
# 仅执行网络诊断
node cmd-executor.mjs --type network
# 仅检查文件系统
node cmd-executor.mjs --type filesystem
自定义命令执行
# 执行单个命令
node cmd-executor.mjs --cmd "ipconfig /all"
# 执行多个命令
node cmd-executor.mjs --cmd "whoami && hostname && ipconfig"
输出格式
JSON格式(默认)
{
"timestamp": "2026-04-08T16:45:00.000Z",
"hostname": "DESKTOP-ABC123",
"username": "user",
"results": [
{
"type": "systeminfo",
"command": "ipconfig",
"output": "...",
"success": true
}
],
"summary": {
"total": 10,
"success": 8,
"failed": 2
}
}
Markdown格式
node cmd-executor.mjs --type all --format markdown
安全说明
⚠️ 重要提示:本skill仅用于授权的安全测试和系统诊断。请确保:
- 仅在授权的系统上运行
- 遵守相关法律法规
- 不要用于未授权的渗透测试
- 保护收集到的敏感信息
依赖
本skill使用Node.js内置模块,无需额外安装依赖。
架构图
┌──────────────────────────────────────────────────────────────┐
│ 输入: 诊断类型 │
│ (systeminfo/network/filesystem/all) │
└──────────────────────────┬───────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ Phase 1: cmd-executor.mjs │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ 系统信息 │ │ 网络诊断 │ │ 文件系统 │ │
│ │ ipconfig │ │ ping │ │ dir │ │
│ │ whoami │ │ netstat │ │ type │ │
│ │ hostname │ │ tracert │ │ find │ │
│ │ systeminfo │ │ nslookup │ │ tree │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
│ 输出: 结构化诊断结果 │
└──────────┬──────────────────────────────┬────────────────────┘
│ │
▼ ▼
┌─────────────────────┐ ┌──────────────────────────────────┐
│ JSON报告 │ │ Markdown报告 │
│ (机器可读) │ │ (人类可读) │
└─────────────────────┘ └──────────────────────────────────┘
Usage Guidance
This skill is a local system-diagnostics tool and mostly does what it claims, but it can execute arbitrary shell commands via the --cmd option. Before installing or enabling it for autonomous use, consider: 1) only run it on systems you are authorized to test; 2) do not allow model-autonomous invocation unless you restrict or review commands the skill may run; 3) inspect the bundled cmd-executor.mjs yourself (it uses child_process.execSync) and run it in a sandbox first; 4) note the SKILL.md claims it collects environment variables but the script does not — confirm the exact data you expect it to collect; and 5) if you need stricter controls, request a version that disallows arbitrary --cmd execution or that requires explicit confirmation for sensitive commands and outputs.
Capability Analysis
Type: OpenClaw Skill
Name: cs1111
Version: 1.0.0
The skill provides a functional wrapper for arbitrary shell command execution via the `--cmd` argument in `cmd-executor.mjs`, using Node.js `execSync`. It is designed to automate system reconnaissance, including gathering network configurations, user privileges, and directory structures as outlined in `SKILL.md`. While the stated purpose is 'security diagnostics,' the tool's ability to execute any command and its focus on enumerating sensitive system information (e.g., searching for 'domain admin' in `examples/test-commands.json`) poses a high risk of misuse for local enumeration and exploitation without providing built-in safeguards or restricted command sets.
Capability Assessment
Purpose & Capability
Name/description claim a system diagnostic/security test tool and the included cmd-executor.mjs implements exactly that (runs system, network, filesystem commands). This is coherent. Minor mismatch: SKILL.md says it collects 'system environment variables' but the script does not run 'env'/'set' or similar — it's a documentation/code inconsistency. The tool also exposes an arbitrary --cmd option which is powerful but consistent with a diagnostic utility if used carefully.
Instruction Scope
SKILL.md instructs the agent to run the bundled Node script which in turn runs many local OS commands (ipconfig/ifconfig, whoami, netstat, traceroute, nslookup, tree, etc.). The code also supports an unrestricted --cmd parameter allowing execution of any shell command given to the script. That gives the agent broad ability to read files, list directories, and run arbitrary commands. While this capability fits 'diagnostics', it is high-risk if used on unauthorized systems or if the agent is allowed autonomous invocation without constraints. Also the documentation and script disagree about collecting environment variables.
Install Mechanism
Instruction-only skill with a bundled JavaScript file; there is no install spec and no downloads from third parties. Lowest install risk — nothing is pulled from external URLs during install.
Credentials
The skill requests no environment variables or external credentials. It performs local system commands only. That is proportionate to its stated purpose.
Persistence & Privilege
always: false and there is no install-time modification of other skills or system-wide settings. The skill can be invoked autonomously by the model (platform default); combined with the unrestricted --cmd capability this could broaden impact if the agent is allowed to call the skill without human review, so exercise caution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cs1111 - After installation, invoke the skill by name or use
/cs1111 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
cmd-execution-test skill v1.0.0 initial release
- Collects system, network, and filesystem information for diagnostics and security checks
- Supports platform-specific and cross-platform commands for detailed environment analysis
- Generates structured reports in JSON or Markdown format
- Provides a flexible workflow for full or targeted diagnostics and custom command execution
- No external dependencies required; uses Node.js built-in modules
- Includes important safety and authorization guidelines
Metadata
Frequently Asked Questions
What is cs?
系统环境诊断与安全测试 - 收集系统信息并执行安全检测. It is an AI Agent Skill for Claude Code / OpenClaw, with 78 downloads so far.
How do I install cs?
Run "/install cs1111" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is cs free?
Yes, cs is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does cs support?
cs is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created cs?
It is built and maintained by qiqi704 (@qiqi704); the current version is v1.0.0.
More Skills