← 返回 Skills 市场

AI Shield — OpenClaw Security Audit

Name: AI Shield — OpenClaw Security Audit
Author: laurentaia

作者 Laurent | AI · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

844

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ai-shield-audit

功能描述

Security audit engine for OpenClaw configurations. Detects vulnerabilities, misconfigurations, secret leaks, and over-privileged agents. Use when the user as...

使用说明 (SKILL.md)

OpenClaw Shield — Security Audit

Audit any OpenClaw config for security vulnerabilities, misconfigurations, and best-practice violations. Produces a structured JSON report with risk scores, findings, and remediation steps.

When to Use

User asks to check/audit/review their OpenClaw security
User wants to harden their config before deploying
User is setting up a new OpenClaw instance
User asks about secret leakage or API key exposure in their config
Before publishing or sharing any config file

Quick Audit (live config)

node scripts/shield-audit.sh

Or directly:

node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary

What It Checks (11 categories)

Gateway Auth — missing/weak auth, insecure UI settings
Network Exposure — bind address, Tailscale funnel, wildcard proxies
Channel Security — wildcard allowFrom, missing allowlists
DM Policy — open DM policy without pairing
Subagent Permissions — wildcard allowAgents, circular delegation chains, self-delegation
Tool Permissions — over-privileged agents with tools.profile: "full"
Secret Leakage — API keys, tokens, private keys in plaintext config
Sandbox/Execution — missing workspace isolation, no execution policies
Plugin Config — enabled plugins without channel config
Heartbeat Exposure — sensitive data in heartbeat prompts
Remote Config — unencrypted WebSocket, exposed remote URLs/tokens

Usage

Audit a config file

node SKILL_DIR/bin/shield.js audit \x3Cconfig.json>
node SKILL_DIR/bin/shield.js audit \x3Cconfig.json> --summary   # human-readable

Audit from stdin

cat config.json | node SKILL_DIR/bin/shield.js audit --stdin

Sanitize a config (strip secrets)

node SKILL_DIR/bin/shield.js sanitize \x3Cconfig.json>

Programmatic use

const { auditConfig } = require('SKILL_DIR/src/audit');
const config = require('./openclaw.json');
const report = auditConfig(config);
console.log(report.risk_level);      // "CRITICAL" | "HIGH" | "MEDIUM" | "LOW"
console.log(report.overall_score);   // 0-100
console.log(report.vulnerabilities); // detailed findings

Output

Returns JSON with: risk_level, overall_score (0-100), vulnerabilities[], vulnerability_count, best_practices_compliance, action_recommended, safe_to_deploy, audit_timestamp.

Workflow for Agent

Load the user's config: cat ~/.openclaw/openclaw.json
Run: node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary
Present findings to user with prioritized recommendations
Offer to sanitize before sharing: node SKILL_DIR/bin/shield.js sanitize \x3Cfile>

安全使用建议

This skill appears to do what it says: it analyzes and sanitizes local OpenClaw configuration files. Before installing, consider: (1) the tool will read files in your home directory (e.g., ~/.openclaw/openclaw.json) and any config you feed it — these often contain secrets, which the sanitizer attempts to redact but you should still review outputs before sharing; (2) the --live audit tries to run the local 'openclaw' CLI to fetch config — ensure that binary is trusted on your system; (3) the README mentions an optional paid remote audit service (ACP) — the included code does not perform remote uploads, but be cautious if the skill is extended or you opt into any remote/premium feature; (4) source and provenance are unknown in the registry metadata — if you require higher assurance, review the included JS files locally or run the audit in an isolated environment. Overall the package is coherent and appropriate for its stated purpose.

功能分析

Type: OpenClaw Skill Name: ai-shield-audit Version: 1.0.0 The skill is designed to perform security audits of OpenClaw configurations, which inherently involves accessing sensitive data. The `SKILL.md` explicitly instructs the AI agent to `cat ~/.openclaw/openclaw.json`, and `bin/shield.js` uses `execSync('openclaw config.get')` to retrieve live configuration, both of which are high-privilege actions that handle potentially sensitive information (API keys, tokens, etc.). While the stated purpose is beneficial (auditing for secret leaks and vulnerabilities) and a `sanitize` function is provided, the direct instruction to access sensitive files and the use of `execSync` for configuration retrieval, without clear evidence of exfiltration, classify it as suspicious due to the inherent risks associated with such powerful capabilities.

能力评估

✓ Purpose & Capability

Name/description (security audit) match the code and instructions: the CLI and library analyze an OpenClaw JSON, produce a risk report, and can sanitize secrets. The only minor mismatch is the implicit reliance on a local 'openclaw' CLI when using --live (execSync('openclaw config.get')), which is reasonable for a live-audit feature but not declared in SKILL.md's requirements.

✓ Instruction Scope

SKILL.md instructs the agent to read the user's OpenClaw config (file or stdin) and run the included audit/sanitize tools. The runtime instructions and code consistently operate on local files and stdin; they do not instruct the agent to read unrelated system paths or to exfiltrate data to external endpoints. Reading the user's config (which may contain secrets) is expected for an audit tool.

✓ Install Mechanism

No install spec is provided (instruction-only install), and the packaged files are pure Node.js scripts. Nothing is downloaded or extracted at install time. This is a low-risk install model consistent with the skill's stated function.

✓ Credentials

The skill declares no required environment variables or credentials and the code does not expect any hidden tokens. The sanitizer contains many regexes to detect common secret formats (AWS, GitHub, private keys, etc.), which is appropriate for a sanitizer/audit tool. There are no unrelated credential requests.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked autonomously (disable-model-invocation:false) which is the platform default; this combined with the skill's limited scope is not excessive.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ai-shield-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /ai-shield-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: 11 vulnerability categories, CLI + library, auto-fix suggestions. Detects secret leakage, gateway misconfig, subagent permission escalation, channel security gaps.

元数据

Slug ai-shield-audit

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题