← 返回 Skills 市场
40
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install breach-check
功能描述
Check if your email, phone or password has been in data breaches. Full security response workflow.
使用说明 (SKILL.md)
Breach Check
Check if email, phone, or password has appeared in known data breaches. Uses k-anonymity and privacy-preserving lookup, never sends raw credentials.
Workflow
- Hash input — SHA-256 hash of email/phone. For passwords, use SHA-1 prefix (k-anonymity model, first 5 chars only sent).
- Query breach DB — call Have I Been Pwned API v3 (or equivalent) with hash prefix. Respect rate limits (1.5s delay between calls).
- Results — return only: breached (yes/no), breach name, data types exposed (email, password, phone, address, etc.).
- Never return raw password or plaintext credential.
- Severity triage:
- 🔴 High — password exposed
- 🟡 Medium — phone / address / ID number exposed
- 🟢 Low — email-only breach
- Action plan — per breach:
- 🔴 → change password immediately, enable 2FA, check for account takeover
- 🟡 → monitor for phishing, update linked account recovery info
- 🟢 → review spam filter, update email alias if heavy spam
- Password check — SHA-1 k-anonymity: send first 5 hex chars to Pwned Passwords API. Return count of occurrences.
- Report — personal security report with:
- breach timeline
- severity summary
- actionable todo list (prioritized)
- Optional — set reminder for periodic re-check (cron / scheduling).
Sample Prompt
breach-check check --email [email protected] --phone 13900000000
breach-check password --check "my-p@ssw0rd"
breach-check monitor --email [email protected] --interval monthly
breach-check report --email [email protected] --format json
安全使用建议
Before installing, understand that this skill is intended to handle sensitive personal security data. Use it only for accounts or credentials you are authorized to check, prefer privacy-preserving password checks, and review any optional monitoring or scheduling before enabling it.
能力评估
Purpose & Capability
The skill's stated purpose is to check emails, phones, and passwords against breach data, and the instructions consistently focus on hashing, k-anonymity password lookup, breach result triage, and remediation advice.
Instruction Scope
It asks the agent to process sensitive user-provided emails, phone numbers, and passwords, but this is central to the purpose and the artifact explicitly says not to return plaintext credentials or send raw passwords.
Install Mechanism
The reviewed artifact is markdown-only with no executable scripts, package installation steps, or hidden installer behavior.
Credentials
Network calls to breach-checking APIs are expected for this function, and rate-limit handling is disclosed; no unrelated local file access or credential-store access is requested.
Persistence & Privilege
The skill mentions optional periodic re-check reminders using cron or scheduling, but frames this as optional rather than automatic or hidden persistence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install breach-check - 安装完成后,直接呼叫该 Skill 的名称或使用
/breach-check触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Check email phone password against data breaches with security response workflow
元数据
常见问题
Breach Check 是什么?
Check if your email, phone or password has been in data breaches. Full security response workflow. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 40 次。
如何安装 Breach Check?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install breach-check」即可一键安装,无需额外配置。
Breach Check 是免费的吗?
是的,Breach Check 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Breach Check 支持哪些平台?
Breach Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Breach Check?
由 haidong(@harrylabsj)开发并维护,当前版本 v1.0.0。
推荐 Skills