← 返回 Skills 市场

jhjhghg

Name: jhjhghg
Author: qinjianfenghzau-wq

作者 qinjianfenghzau-wq · GitHub ↗ · v1.0.9 · MIT-0

cross-platform ⚠ suspicious

105

总下载

当前安装

版本数

在 OpenClaw 中安装

/install anhfabh1-test

功能描述

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...

使用说明 (SKILL.md)

ClawSentry

Use Cases

Use this skill when you need to install and prepare the ai-assistant-security-openclaw plugins for the OpenClaw environment on the current machine.
Trigger this skill when the user mentions requirements such as "install clawSentry / ai-assistant-security-openclaw plugin / 帮我安装clawSentry技能 / 安装clawSentry技能".

Steps

1. Verify Node.js is installed:

Ensure Node.js (version 14 or higher) is installed on the system. You can check with:

node --version

2. Execute the combined script to install plugin and generate login link:

node {baseDir}/scripts/bundle.cjs

After the script completes:

The script will display the login URL directly. You can also extract it from the output by looking for the line that starts with [LOGIN_URL]:
You can also read the login URL from {baseDir}/.state/login_state.json file (look for the loginUrl field). If the file doesn't exist, try reading it again after a few seconds. If you can't find the files, try looking in .openclaw/skills/ClawSentry/scripts/ directory.
Send the login URL to the user along with this message: "After completing login, if you want to check if the installation was successful, please wait one minute and then ask me such as 'view all plugin list / 查看我的本地插件 '"

Data & Privacy

The script generates a per-machine device identifier locally, then sends only its SHA-256 hash as X-Ai-Device-Fingerprint for device-binding of the login session.
The script does not collect or transmit MAC addresses, hostname, or other hardware identifiers.
The script persists login state under {baseDir}/.state/, including loginToken, the hashed deviceFingerprint, expiry metadata, and login progress flags.
The polling log written to {baseDir}/.state/poll_login.log records operational output and API responses; once authorization succeeds, those responses may include credential material such as ApiKey and AppId.
After authorization, the script writes the received ApiKey and AppId into the local OpenClaw plugin configuration so the installed plugin can call the remote service.
That configuration update is performed by invoking the local openclaw CLI with a JSON payload, so credential values may be exposed transiently in local process arguments or shell/audit tooling on the host.

Network Targets

The script performs HTTPS requests to the API base URL embedded in the bundle at build time (internalConfig.baseURL) to create a login token and check login status.
The login URL shown to the user is generated using the embedded console URL prefix (internalConfig.baseLogUrl).

Local Files

{baseDir}/.state/login_state.json: Stores loginUrl, loginToken, deviceFingerprint (hashed), expiry metadata, and login progress flags.
{baseDir}/.state/poll_login.log: Stores polling logs for troubleshooting, including request/response-related output from the login-status flow.
{baseDir}/.state/device_id: Stores the locally generated device identifier used to derive the fingerprint hash.

Host Changes

The script runs openclaw CLI commands to install the plugin, read and update local OpenClaw plugin configuration, and restart openclaw gateway on the machine.

安全使用建议

This skill appears to be an installer for an OpenClaw security plugin and will run the included Node script which: reads network interfaces and hostname (then hashes them), contacts hard-coded external endpoints (https://openclaw-innersit.sdk.access-test.clawsentry.cn and console.clawsentry.cn), writes .state/login_state.json and poll_login.log (which can contain API responses), injects ApiKey/AppId into your local OpenClaw plugin configuration, and restarts the gateway. Two things to consider before installing: (1) SKILL.md says it "does not collect or transmit MAC addresses, hostname," but the bundled code does read those identifiers and sends their hash — confirm you’re comfortable with that data flow; (2) the script logs API responses and writes credentials into local config files, so review and back up your OpenClaw config and inspect .state/poll_login.log after a run. If you do not trust the upstream domains or the unknown publisher, run this in an isolated environment (VM/container) or review/run the included bundle.cjs line-by-line yourself. If possible, get the plugin from a verified vendor source and confirm the owner identity before proceeding.

功能分析

Type: OpenClaw Skill Name: anhfabh1-test Version: 1.0.9 The ClawSentry skill bundle is a legitimate installer for a security plugin (@omni-shield/ai-assistant-security-openclaw) associated with ByteDance's Volcengine. The `bundle.cjs` script automates the installation via the `openclaw` CLI, generates a local device fingerprint (SHA-256 hash of hardware identifiers), and polls a remote API (clawsentry.cn) to retrieve and configure authentication credentials (ApiKey/AppId). While the script performs sensitive operations such as modifying local configurations and executing system commands, these actions are consistent with the stated purpose and are documented in `SKILL.md`. No evidence of malicious intent, data exfiltration, or unauthorized persistence was found.

能力标签

crypto

能力评估

ℹ Purpose & Capability

The declared purpose (install/configure OpenClaw security plugins) aligns with the script's actions (running a Node installer, invoking the openclaw CLI, installing a plugin, updating plugin config and restarting the gateway). However the bundle contains hard-coded external endpoints (internalConfig.baseURL and baseLogUrl) that are not documented in the high-level metadata, and some private-data claims in SKILL.md conflict with what the code actually reads/transmits.

⚠ Instruction Scope

SKILL.md instructs running the included node script which: reads/writes local state under .state, executes openclaw CLI commands (config get/set, plugins install, gateway restart), and polls an external API. SKILL.md claims the script "does not collect or transmit MAC addresses, hostname, or other hardware identifiers," but the bundled bundle.cjs explicitly reads network interfaces and hostname, constructs a fingerprint from them, hashes it, and sends the hash in a request header. The script also writes polling logs that may include API responses and later injects ApiKey/AppId into the local plugin configuration.

ℹ Install Mechanism

There is no formal install spec (instruction-only), which minimizes supply-chain complexity, but the skill ships an executable bundle.cjs that will be run directly. The bundle is bundled/minified JS with hard-coded API endpoints; running it will create files, call external services, and modify system state. No remote download step in the skill itself, but executing included code still executes arbitrary actions on the host.

ℹ Credentials

The skill requests no environment variables or credentials up front, which is proportional. However it will persist a login token and later store received ApiKey/AppId into the OpenClaw plugin configuration and logs. The script warns that credentials may be exposed transiently in process arguments or logs — this is legitimate for an installer but increases risk if the external endpoints or code origin are not trusted.

ℹ Persistence & Privilege

The skill is not marked always:true and is user-invocable (normal). It does request persistent changes to the host: creating .state files, removing plugin directories, updating OpenClaw plugin config, and restarting the OpenClaw gateway. Those changes fit an installer role but are privileged actions that will affect the OpenClaw runtime.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install anhfabh1-test
安装完成后，直接呼叫该 Skill 的名称或使用 /anhfabh1-test 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.9

- Initial release of ClawSentry for OpenClaw environments. - Installs and configures ai-assistant-security-openclaw plugins in one streamlined process. - Verifies Node.js installation, then runs a bundled setup script to handle plugin installation and authentication. - Provides instructions for retrieving and sharing the login URL with users. - Clearly documents data handling, privacy practices, local file usage, and network operations. - Automatically updates OpenClaw plugin configuration and restarts the gateway as part of setup.

元数据

Slug anhfabh1-test

版本 1.0.9

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

jhjhghg 是什么？

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 105 次。

如何安装 jhjhghg？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install anhfabh1-test」即可一键安装，无需额外配置。

jhjhghg 是免费的吗？

是的，jhjhghg 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

jhjhghg 支持哪些平台？

jhjhghg 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 jhjhghg？

由 qinjianfenghzau-wq（@qinjianfenghzau-wq）开发并维护，当前版本 v1.0.9。