← 返回 Skills 市场
2069
总下载
0
收藏
14
当前安装
2
版本数
在 OpenClaw 中安装
/install arc-security-audit
功能描述
Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with priori...
使用说明 (SKILL.md)
Security Audit
One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.
Why This Exists
Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.
Commands
Audit all installed skills
python3 {baseDir}/scripts/audit.py full
Audit a specific skill
python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/
Generate audit report as JSON
python3 {baseDir}/scripts/audit.py full --json --output report.json
Audit with trust attestations
python3 {baseDir}/scripts/audit.py full --attest
What It Does
- Scans every installed skill with arc-skill-scanner patterns
- Assesses trust for each skill (provenance, code cleanliness, binary presence)
- Checks binary integrity with SHA-256 checksums
- Generates a prioritized report sorted by risk level
- Optionally creates trust attestations for skills that pass all checks
Output
The audit report includes:
- Summary: total skills scanned, findings by severity, overall risk level
- Per-skill breakdown: findings, trust score, recommendations
- Critical actions: what to fix immediately
- Trust attestations for passing skills (if --attest flag used)
安全使用建议
This skill appears to do what it claims: run a local audit by invoking scanner and trust-verifier components and produce reports. Before running: (1) review the scanner and trust_verifier modules it will import (they will execute code during the audit), (2) consider running the script on a non-production or sandboxed account if you don't trust those components, and (3) inspect any generated attestations in ~/.openclaw/attestations before trusting them. If you don't have the expected arc-skill-scanner/arc-trust-verifier modules installed, the script will report that instead of silently failing.
功能分析
Type: OpenClaw Skill
Name: arc-security-audit
Version: 1.1.0
The 'arc-security-audit' skill is designed to perform security assessments of other OpenClaw skills. The `SKILL.md` provides clear, benign instructions without any prompt injection attempts. The `scripts/audit.py` script uses standard Python libraries, handles paths securely with `os.path.realpath` to prevent path traversal, and carefully manages `sys.path` to only load modules from expected sibling skill directories (`skill-scanner`, `trust-verifier`). It generates local reports and attestations without any evidence of data exfiltration, unauthorized network activity, persistence mechanisms, or malicious execution. The code's structure and security-conscious path handling align with its stated purpose as a security auditing tool.
能力评估
Purpose & Capability
Name/description match the delivered files and requirements: a single Python script plus SKILL.md, requiring only python3. Requesting only python3 and scanning ~/.openclaw/skills is appropriate for an audit aggregator.
Instruction Scope
SKILL.md instructs running the included script which enumerates skill directories and invokes local scanner and trust-verifier modules. This is within scope, but the script imports and executes code from other skill packages (scanner/trust_verifier) by adding their scripts dirs to sys.path — that will execute third-party code during the audit and is a supply-chain execution risk if those tools are untrusted.
Install Mechanism
No install spec — instruction-only with an included script. Nothing is downloaded or written to system paths during install; the script may write attestations to ~/.openclaw/attestations when explicitly asked.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The script only accesses standard user skill directories and a local attestations directory, which is proportionate to an audit tool.
Persistence & Privilege
always:false and user-invocable; it does not request permanent inclusion or modify other skills. It creates attestations under the user's ~/.openclaw/attestations when asked, which is within expected behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install arc-security-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/arc-security-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
- Updated scripts/audit.py with changes for version 1.1.0.
- No user-facing or documentation changes.
v1.0.0
Initial release — comprehensive skill stack security audit.
- Chains scanning, trust verification, differ, and health monitoring into a single command.
- Produces unified, prioritized risk reports with actionable findings.
- Supports audit of all installed skills or specific skills, with optional JSON output.
- Checks binary integrity via SHA-256.
- Optionally generates trust attestations for verified skills.
元数据
常见问题
Security Audit 是什么?
Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with priori... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2069 次。
如何安装 Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install arc-security-audit」即可一键安装,无需额外配置。
Security Audit 是免费的吗?
是的,Security Audit 完全免费(开源免费),可自由下载、安装和使用。
Security Audit 支持哪些平台?
Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Security Audit?
由 ArcSelf(@trypto1019)开发并维护,当前版本 v1.1.0。
推荐 Skills