← 返回 Skills 市场

Agent Audit Shield

Name: Agent Audit Shield
Author: tmstudio667-commits

作者 System Architect Zero · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

476

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-audit-shield

功能描述

The ultimate security auditor for local AI agents. It performs real-time heuristic scanning of every command to prevent data leaks and accidental file destru...

使用说明 (SKILL.md)

Agent Audit Shield

Security is not a checkbox; it's a protocol. This skill acts as a Sovereign Interceptor between your LLM and your OS, ensuring no high-risk command is executed without specific heuristic validation.

Features

Exfiltration Blocker: Prevents agents from sending sensitive local data (env/keys) to external IPs.
Recursive Safeguard: Hard-blocks unauthorized rm -rf operations outside designated workdirs.
Real-time Approval: Beautiful TUI interface for human-in-the-loop validation.

Usage

npx openclaw skill run agent-audit-shield --hardened

Architect's Note

The price of $0.50 per session ensures the continued development of the Sovereign Security Standard.

安全使用建议

This package is marketing copy without implementation: it promises real-time OS/LLM interception, blocking, and a TUI but provides no code, installers, or permissions to do that work. Do not rely on it for protection. Before installing or running anything: ask for the source repository and reviewed code, a clear install procedure, the exact binaries/services that will be installed, what system privileges are required, how payment is handled, and an explanation of how it enforces network/file policies. If the author cannot produce verifiable source and a reproducible build, treat the skill as non-functional (or potentially malicious if later bundled with opaque installers) and do not grant elevated privileges or send secrets to it.

功能分析

Type: OpenClaw Skill Name: agent-audit-shield Version: 1.0.0 The skill bundle consists only of metadata and documentation for a security auditing tool. No executable code, suspicious network calls, or prompt injection attempts were found in _meta.json or SKILL.md. The stated purpose is to provide command validation and prevent data leaks, and the files contain no indicators of malicious intent.

能力评估

⚠ Purpose & Capability

The skill claims to act as a 'Sovereign Interceptor' that blocks exfiltration and prevents rm -rf outside workdirs, yet there are no code files, no required binaries, no install spec, and no declared system privileges. Those capabilities would require binaries, kernel/network hooks, or helper services; none are provided or requested, making the claimed purpose unsupported by the package contents.

⚠ Instruction Scope

SKILL.md is high-level marketing prose and a single usage example (npx openclaw skill run agent-audit-shield --hardened) but contains no runtime instructions for how to intercept LLM↔OS traffic, perform heuristic analysis, present a TUI, or enforce network policies. The instructions are vague and grant broad, undefined authority without specifying which files, paths, or system interfaces will be read or modified.

ℹ Install Mechanism

There is no install specification or code—this minimizes direct disk/write risk but also means the skill cannot actually implement the security features it advertises. The lack of an install step is inconsistent with the claimed runtime behavior (TUI, real-time blocking), which would normally require installing a helper binary or service.

ℹ Credentials

No environment variables, credentials, or config paths are requested, which is proportionate from a least-privilege perspective. However the metadata includes a payment fee in USDC without explaining how payments are collected or authorized — that mismatch should be clarified before trusting the skill to handle paid sessions.

⚠ Persistence & Privilege

The skill's description implies privileged, persistent interception of agent behavior and system-level enforcement, but the package does not request or document any such privileges. This is misleading: either the skill cannot provide the promised interception, or it requires elevated privileges that are not disclosed.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-audit-shield
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-audit-shield 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of Agent Audit Shield, a security auditor for local AI agents. - Real-time heuristic scanning of every command to prevent data leaks and file destruction. - Blocks unauthorized data exfiltration and dangerous `rm -rf` operations. - Includes a TUI interface for human-in-the-loop validation. - Usage via `npx openclaw skill run agent-audit-shield --hardened`. - Session fee set at $0.50 (USDC on Base network).

元数据

Slug agent-audit-shield

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题