← 返回 Skills 市场
AuditCore — Network Security Audit Suite
作者
santanallen
· GitHub ↗
· v1.0.0
· MIT-0
46
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install auditcore-network-audit
功能描述
AuditCore — Suite completa de auditoría de seguridad para infraestructura de red. Cubre 6 vendors (F5, Cisco, Fortinet, Palo Alto, Juniper, Arista), 5 framew...
使用说明 (SKILL.md)
AuditCore — Network Security Audit Suite v2.0
Suite completa de auditoría de ciberseguridad para infraestructura de red crítica. Diseñada para OpenClaw con gestión de contexto por capas.
Arquitectura de Capas
Layer 0 — Siempre cargado (constitución + router)
system-methodology → 7 fases, reglas de oro, formato de hallazgos
system-index → Routing vendor→skill, framework→skill, rutas de memoria
memory-ops → Gestión del sistema de memoria (opcional)
Layer 1 — Un vendor a la vez (F1 → F7 completo)
vendor-kb-f5 → F5 BIG-IP TMOS 13.x-17.x, VELOS, XC
vendor-kb-cisco → Cisco IOS / IOS-XE / NX-OS / ACI
vendor-kb-fortinet → Fortinet FortiOS 6.x/7.x
vendor-kb-paloalto → Palo Alto PAN-OS 9.x/10.x/11.x + Panorama
vendor-kb-juniper → Juniper JunOS 18.x-23.x (SRX, QFX, EX, MX)
vendor-kb-arista → Arista EOS 4.2x / CloudVision
Layer 2 — Un framework a la vez (cargar → evaluar → descargar)
fw-checks-nist80053 → NIST SP 800-53 Rev 5 (~187 controles, 20 familias)
fw-checks-csf → NIST CSF 2.0 (6 funciones, ~40 subcategorías)
fw-checks-cis → CIS Controls v8 (18 controles, 153 safeguards)
fw-checks-pcidss → PCI DSS v4.0 (~89 controles técnicos, 12 requisitos)
fw-checks-iso27001 → ISO/IEC 27001:2022 (Anexo A temas 5, 6, 8)
Layer 3 — Reemplaza Layer 2 en Fase 6 (generación de reportes)
report-nist80053 → Reporte NIST 800-53: dashboard ejecutivo + POA&M + scripts
report-csf → Reporte CSF 2.0: radar chart + scorecard + maturity tier
report-cis → Reporte CIS v8: HTML técnico + quick wins + scripts
report-pcidss → Reporte PCI DSS: gap matrix + CVE CDE scope + QSA-ready
report-iso27001 → Reporte ISO 27001: SoA parcial + NC register + cert readiness
Skills especializados (cargar según necesidad):
audit-diag-health → Diagnóstico de salud para los 6 vendors (health + logs)
audit-auto-generate → Auto-genera skills para vendors sin KB pre-construido
tools-secops → Inventario de herramientas SecOps locales instaladas
community-cybersec-index → Router hacia 754 skills comunitarios de ciberseguridad
Cómo Usar Esta Suite
Inicio de sesión (siempre)
Cargar: system-methodology + system-index
Auditoría de un dispositivo
1. Cargar vendor-kb-{vendor} → Layer 1 activo
2. Cargar fw-checks-{framework} → Layer 2 activo
3. Ejecutar checks → guardar findings-{fw}.json → disco
4. Descargar fw-checks-{framework} → Layer 2 vacío
5. Cargar report-{framework} → Layer 3 activo
6. Leer findings desde disco → generar reporte → Layer 3 vacío
7. Repetir pasos 2-6 para cada framework
8. Descargar vendor-kb-{vendor} → ciclo completo
Diagnóstico rápido
Cargar: audit-diag-health (cubre todos los vendors)
Vendor sin KB pre-construido
Cargar: audit-auto-generate
Operaciones fuera de red (forensics, threat intel, cloud, etc.)
Cargar: community-cybersec-index → identifica skill específico
Nota: Requiere instalar la librería comunitaria por separado.
Frameworks Cubiertos
| Framework | Skills | Alcance |
|---|---|---|
| NIST SP 800-53 Rev 5 | fw-checks-nist80053 + report-nist80053 | ~187 controles, familias AC/AU/CM/IA/SC/SI |
| NIST CSF 2.0 | fw-checks-csf + report-csf | 6 funciones: GOVERN/IDENTIFY/PROTECT/DETECT/RESPOND/RECOVER |
| CIS Controls v8 | fw-checks-cis + report-cis | 18 controles, 153 safeguards |
| PCI DSS v4.0 | fw-checks-pcidss + report-pcidss | ~89 controles técnicos, 12 requisitos |
| ISO/IEC 27001:2022 | fw-checks-iso27001 + report-iso27001 | Anexo A: temas 5, 6, 8 |
Vendors Soportados
| Vendor | KB | OS/Platform |
|---|---|---|
| F5 Networks | vendor-kb-f5 | BIG-IP TMOS 13.x–17.x, VELOS, XC |
| Cisco | vendor-kb-cisco | IOS, IOS-XE, IOS-XR, NX-OS, ACI |
| Fortinet | vendor-kb-fortinet | FortiOS 6.x/7.x |
| Palo Alto Networks | vendor-kb-paloalto | PAN-OS 9.x/10.x/11.x, Panorama |
| Juniper Networks | vendor-kb-juniper | JunOS 18.x–23.x (SRX, QFX, EX, MX) |
| Arista Networks | vendor-kb-arista | EOS 4.2x, CloudVision |
| Cualquier otro vendor | audit-auto-generate | Auto-generación dinámica |
Reglas de Oro
- READ-ONLY — Nunca ejecutar comandos de escritura en producción
- EVIDENCIA REAL — Nunca inventar ni asumir output de comandos
- N/A sobre PASS falso — Sin evidencia = N/A, nunca PASS
- CREDENCIALES EFÍMERAS — Nunca persistir en disco
- HA WORST-CASE — Resultado del cluster = peor miembro individual
- CONFIRMACIÓN SIEMPRE — Resumen de hallazgos antes de generar reportes
- SCRIPTS SOLO REVISIÓN — Generar scripts, nunca auto-ejecutar
Gestión de Contexto
| Layer | Skills | ~Tokens | Vigencia |
|---|---|---|---|
| 0 | system-methodology + system-index | ~2,400 | Siempre |
| 1 | vendor-kb-{vendor} | ~1,500 | F1 → F7 |
| 2 | fw-checks-{framework} | ~1,200 | Un framework a la vez |
| 3 | report-{framework} | ~800 | Reemplaza Layer 2 en F6 |
Pico máximo de contexto: ~5,100 tokens (sin community skills).
安全使用建议
This package appears to be a legitimately structured network-audit suite, but take these precautions before installing or running it:
- Review audit-auto-generate: it claims to auto-generate vendor skills — ask for the full content and confirm it does not dynamically create executable code or remote fetchers without human review.
- Treat remediation output as advisory only: the skill includes remediation templates that contain 'commit'/'configure'/'tmsh modify' and other write/commit operations. Ensure your agent/platform enforces the 'generate-only' rule and does not auto-apply any remediation scripts.
- Run first in an isolated lab: because tools-secops lists many offensive/exploit and pivoting tools (hydra, chisel, ligolo-ng, socat, etc.), test the workflow in a controlled environment to confirm operator confirmation gates and sanitization are effective.
- Confirm evidence handling and sanitization: the methodology promises masking of passwords/keys and ephemeral credentials, but verify at runtime that MEMORY/evidence/ paths are secure, that saved files are sanitized, and that you control retention/cleanup.
- Verify local tooling expectations: the skill assumes many binaries exist at specific paths; if those tools run under the agent's authority they could perform impactful actions—ensure the agent is allowed to execute only the tools you trust and that destructive tools require explicit operator confirmation.
If you want to proceed, ask for the full text of audit-auto-generate and the precise runtime enforcement model (how the platform prevents accidental execution of remediation or exploit tooling).
功能分析
Type: OpenClaw Skill
Name: auditcore-network-audit
Version: 1.0.0
The bundle implements a highly complex 'AuditCore' suite with several high-risk capabilities that, while aligned with its stated purpose, create a significant attack surface. The 'audit-auto-generate' skill allows the agent to write new SKILL.md files to disk and subsequently execute them, which constitutes a self-modification/RCE risk. Furthermore, 'community-cybersec-index' references 754 external community skills (hliosone/anthropic-cybersecurity-skills), introducing a massive supply chain risk. While 'system-methodology' defines strict 'Rules of Gold' (read-only, no credential persistence), the combination of dynamic skill generation and the local offensive toolset in 'tools-secops' (e.g., sqlmap, hydra) makes this bundle high-risk for potential misuse or prompt injection exploitation.
能力标签
能力评估
Purpose & Capability
The files and instructions match the stated purpose: vendor knowledge-bases, framework checks, and report generation. Vendor KBs list read-only commands and forbidden write-commands, framework/report skills read and write findings/reports to local MEMORY paths—these are expected for an audit suite.
Instruction Scope
The SKILL.md files consistently instruct read-only evidence collection and saving outputs to MEMORY paths (expected). However remediation formats and example scripts include write actions (e.g., 'set {remediation_cmd}', 'commit', 'tmsh modify', 'configure', 'commit confirmed') and explicit backup/apply/rollback command templates. The core methodology repeatedly forbids auto-executing changes, but the presence of ready-to-run remediation commands and rollback steps increases the chance of accidental or improper execution if operator gating is not enforced. tools-secops explicitly lists many offensive/exploitation and network pivot tools and describes agent execution of local tools (with operator confirmation required for exploitation)—this widens the agent's operational scope and requires careful runtime controls.
Install Mechanism
Instruction-only skill: no install spec, no external downloads, and no code files to execute. This lowers installation risk; the skill assumes existing local tooling and host paths (tools-secops), which is reasonable for a security-audit suite.
Credentials
No environment variables, no external credentials declared, and no required config paths. The skill expects SSH/CLI/API access to target devices (implied by commands) but does not request unrelated secrets. This is proportionate to the stated functionality.
Persistence & Privilege
always:false, no install, and no automatic model-disable flags. The skill writes evidence and reports to local MEMORY paths (part of its function) but does not request persistent elevated privileges or try to change other skills or system-wide agent settings. The main privilege concern is the potential content (sensitive credentials) being saved to disk if sanitization is not correctly enforced.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install auditcore-network-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/auditcore-network-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: unified diagnostic and troubleshooting tool for multi-vendor network infrastructure.
- Supports health and operational diagnostics across F5, Cisco, Fortinet, Palo Alto, Juniper, and Arista in a single workflow.
- Defines three diagnostic domains: HEALTH_STATUS, LOGS_CONTROL_PLANE, LOGS_DATA_PLANE, with clear output format and alert thresholds.
- Organizes command sets and benchmarks per vendor for streamlined troubleshooting.
- Output includes summarized health, key events, and operational findings by severity.
- Integration-ready with vendor-specific knowledge bases; evidence and findings stored per host and assessment.
元数据
常见问题
AuditCore — Network Security Audit Suite 是什么?
AuditCore — Suite completa de auditoría de seguridad para infraestructura de red. Cubre 6 vendors (F5, Cisco, Fortinet, Palo Alto, Juniper, Arista), 5 framew... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 46 次。
如何安装 AuditCore — Network Security Audit Suite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install auditcore-network-audit」即可一键安装,无需额外配置。
AuditCore — Network Security Audit Suite 是免费的吗?
是的,AuditCore — Network Security Audit Suite 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
AuditCore — Network Security Audit Suite 支持哪些平台?
AuditCore — Network Security Audit Suite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AuditCore — Network Security Audit Suite?
由 santanallen(@santanallen)开发并维护,当前版本 v1.0.0。
推荐 Skills