← 返回 Skills 市场
Attack Surface Mapper
作者
Adnane Arharbi
· GitHub ↗
· v1.0.0
· MIT-0
105
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install attack-surface-mapper
功能描述
Purple team — map agent's full attack surface by combining red team probes and blue team detections. Identify defense coverage gaps and prioritize hardening.
使用说明 (SKILL.md)
Attack Surface Mapper — Defense Coverage Matrix
Purpose
Provide a unified view of the agent's security posture by combining offensive test results (red team) with defensive detection capabilities (blue team). Identify gaps where attacks exist but no detection covers them.
Trigger
Run on:
- Weekly scheduled review
- After any security configuration change
- After installing/removing skills
- User request: "map attack surface", "security posture"
Attack Surface Categories
| Surface | Components | Example Vectors |
|---|---|---|
| CHANNELS | WhatsApp, Telegram, Discord, Slack, Signal, iMessage | Prompt injection, phishing, social engineering |
| SKILLS | All installed SKILL.md files | Malicious instructions, conflicting directives, data theft |
| TOOLS | exec, file system, browser, network | Command injection, path traversal, SSRF |
| MODELS | API endpoints (Anthropic, OpenAI, local) | Prompt injection, model confusion, jailbreak |
| MEMORY | .learnings/, .memory/, session state |
Memory poisoning, persistence, false context |
| INTER-AGENT | sessions_send, shared state, cross-session |
Agent-to-agent attack, lateral movement |
| SUPPLY CHAIN | ClawHub skills, npm packages, model providers | Typosquatting, compromised packages, model supply chain |
Core Workflow
- Enumerate all active surfaces (channels, skills, tools, models, memory stores)
- Load red team results from
.security/red-team/*.jsonl - Load blue team detections from
.security/audits/*.mdand firewall logs - For each surface × vector:
- Red tested? YES/NO
- Blue detected? YES/NO/PARTIAL
- Status: COVERED | PARTIAL | GAP
- Risk score each gap:
impact(1-5) × likelihood(1-5) - Generate coverage matrix and prioritized hardening plan
- Output to
.security/surface-map-YYYY-MM-DD.md
Coverage Matrix (example output)
| Surface | Vector | Red Tested | Blue Detected | Status | Risk Score | Priority |
|---|---|---|---|---|---|---|
| Channel | Prompt injection | YES | YES | COVERED | — | — |
| Channel | Encoded payload | YES | PARTIAL | PARTIAL | 12 | HIGH |
| Skill | Malicious SKILL.md | NO | NO | GAP | 20 | CRITICAL |
| Memory | Poisoning | YES | NO | GAP | 16 | HIGH |
| Supply chain | Typosquatting | NO | NO | GAP | 15 | HIGH |
Guardrails
- Read-only aggregation — never modifies defenses directly
- Gap data is confidential — stored in
.security/only - Recommendations are advisory — require human approval to implement
- Re-run after every hardening cycle to measure improvement
能力评估
Purpose & Capability
Name/description align with what the files do: enumerate local attack surfaces, ingest red-team (.jsonl) and blue-team logs, score gaps, and write a report. The skill does not request unrelated credentials, binaries, or network access.
Instruction Scope
SKILL.md instructs the agent to read local security artifacts (.security/*) and produce reports — which matches the code. However there are several inconsistencies between prose and implementation that can cause missed or confusing results (see details): e.g., SKILL.md mentions '.security/audits/*.md' and firewall logs while the code reads .jsonl files in different directories; surface names/identifiers differ between SKILL.md, skill.json and index.js (e.g., 'INTER-AGENT' vs 'INTER_AGENT', 'supply-chain' vs 'SUPPLY_CHAIN'), which may lead to unscanned surfaces or false negatives. The guardrail
Install Mechanism
No install spec; this is effectively instruction + a local JS module. No downloads, no packages installed by the skill itself.
Credentials
The skill requires no environment variables, no credentials, and only reads files under .security subdirectories. This is proportionate for a local attack-surface mapper. There is no evidence of attempts to access unrelated config or secrets.
Persistence & Privilege
always:false and model invocation allowed are the defaults. The skill writes local reports to .security/surface-map (expected for its purpose). It does not modify other skills or system-wide settings.
scan_findings_in_context
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install attack-surface-mapper - 安装完成后,直接呼叫该 Skill 的名称或使用
/attack-surface-mapper触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of Attack Surface Mapper skill.
- Maps an agent’s full attack surface by merging red team probes and blue team detections.
- Identifies and scores defense coverage gaps across defined surface categories (channels, skills, tools, models, memory, inter-agent, supply chain).
- Generates a prioritized hardening plan and outputs a detailed coverage matrix.
- Operates read-only, storing results confidentially and providing actionable recommendations for security posture improvement.
元数据
常见问题
Attack Surface Mapper 是什么?
Purple team — map agent's full attack surface by combining red team probes and blue team detections. Identify defense coverage gaps and prioritize hardening. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 105 次。
如何安装 Attack Surface Mapper?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install attack-surface-mapper」即可一键安装,无需额外配置。
Attack Surface Mapper 是免费的吗?
是的,Attack Surface Mapper 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Attack Surface Mapper 支持哪些平台?
Attack Surface Mapper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Attack Surface Mapper?
由 Adnane Arharbi(@arhadnane)开发并维护,当前版本 v1.0.0。
推荐 Skills