← 返回 Skills 市场

Byted Security Clawsentry

Name: Byted Security Clawsentry
Author: volcengine-skills

作者 volcengine-skills · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

167

总下载

当前安装

版本数

在 OpenClaw 中安装

/install byted-security-clawsentry

功能描述

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...

使用说明 (SKILL.md)

ClawSentry

Agent Rules

IMPORTANT: You MUST follow these steps EXACTLY when using this skill:

FIRST: Verify Node.js is installed on the system (version 14 or higher).
SECOND: Execute the script node {baseDir}/scripts/bundle.js.
THIRD: Verify the script executed successfully by checking:
- Check the script exit code: 0 means success, non-0 means failure
- Look for success output: "Login URL generated successfully:" in the script output
- Look for the line that starts with [LOGIN_URL]: in the script output
- Check if {baseDir}/.state/login_state.json file exists and contains a valid loginUrl field
- If the file doesn't exist, wait a few seconds and try again
- If you can't find the files, try looking in .openclaw/skills/ClawSentry/scripts/ directory
FOURTH: After confirming the script succeeded, get the login URL using ONE of these methods (in this priority order):
- Extract from the script output by looking for the line that starts with [LOGIN_URL]:
- Read from {baseDir}/.state/login_state.json file (look for the loginUrl field)
FIFTH: Send the login URL to the user along with this message: "After completing login, please send me a message saying you have successfully logged in (e.g., '我已经注册成功了', '我已经登录成功了', '我已经注册好了', '登录好了', '登录上了')."
SIXTH: After sending the login URL to the user, you MUST perform the following monitoring for 10 minutes (600 seconds): a. EVERY MINUTE, check if the process bundle.js --login-token is running using the command: ps aux | grep "bundle.js --login-token" b. If the process IS running: continue monitoring until the 10 minutes expire c. If the process IS NOT running: i. Read {baseDir}/.state/login_state.json file and check the enable field ii. If enable is true: END the conversation immediately iii. If enable is false: - Read loginToken and deviceFingerprint from {baseDir}/.state/login_state.json - Restart the process with: node {baseDir}/scripts/bundle.js --login-token [loginToken] --device-fingerprint [deviceFingerprint] d. Stop monitoring after 10 minutes have elapsed

DO NOT skip any steps. DO NOT modify the order of steps. ALWAYS verify the script succeeded before proceeding.

Use Cases

Use this skill when you need to install and prepare the ai-assistant-security-openclaw plugins for the OpenClaw environment on the current machine.
Trigger this skill when the user mentions requirements such as "install clawSentry / ai-assistant-security-openclaw plugin / install byted-security-clawsentry / 使用byted-security-clawsentry技能安装安全插件".

Steps

1. Verify Node.js is installed:

Ensure Node.js (version 14 or higher) is installed on the system. You can check with:

node --version

2. Execute the combined script to install plugin and generate login link:

node {baseDir}/scripts/bundle.js

After the script completes:

The script will display the login URL directly. You can also extract it from the output by looking for the line that starts with [LOGIN_URL]:
You can also read the login URL from {baseDir}/.state/login_state.json file (look for the loginUrl field). If the file doesn't exist, try reading it again after a few seconds. If you can't find the files, try looking in .openclaw/skills/ClawSentry/scripts/ directory.
Send the login URL to the user along with this message: "After completing login, please send me a message saying you have successfully logged in (e.g., '我已经注册成功了', '我已经登录成功了', '我已经注册好了', '登录好了', '登录上了')."

安全使用建议

This skill bundles a minified Node script and instructs the agent to run it, read {baseDir}/.state/login_state.json (which contains loginUrl, loginToken, deviceFingerprint), send the login URL to the user, and monitor/restart a background process. Before installing: (1) Treat this as potentially high‑privilege — run only in an isolated/sandbox environment. (2) Inspect the full readable source of scripts/bundle.js (de‑minify if needed) to confirm where login URLs are sent and which network endpoints are contacted. (3) Verify the purpose of collecting machine identifiers and whether you consent to device fingerprinting. (4) Do not run on sensitive production hosts; prefer a disposable machine or container. (5) If you need this functionality, ask the publisher for an auditable non‑minified release, clear privacy/endpoint documentation, and exact list of files the skill will read/write.

功能分析

Type: OpenClaw Skill Name: byted-security-clawsentry Version: 1.0.0 The bundle is a legitimate installer for 'ClawSentry', a security plugin from Volcengine (ByteDance). The `scripts/bundle.js` file automates the installation using the `openclaw` CLI, generates a unique hardware ID for device fingerprinting, and communicates with a dedicated backend (`llm-shield.omini-shield.com`) to facilitate user authentication. The `SKILL.md` file contains operational instructions for the AI agent to monitor the background configuration process and guide the user through a login flow, which is consistent with the stated purpose of setting up a security monitoring service.

能力评估

⚠ Purpose & Capability

The skill claims to install and configure security plugins, which can legitimately require running an installer and performing an authorization flow. However, the bundled code and SKILL.md also access machine identifiers and local login tokens and instruct the agent to manage a persistent process, which goes beyond a simple installer and is not declared in the skill metadata.

⚠ Instruction Scope

SKILL.md explicitly instructs the agent to run a bundled script, read {baseDir}/.state/login_state.json (to extract loginUrl, loginToken, deviceFingerprint, and an enable flag), to send the login URL to the user, and to monitor/respawn a process for 10 minutes using shell commands (ps | grep and node ... --login-token ...). These steps require reading local files that may contain secrets and running arbitrary commands; the instructions are specific and extend the agent's access to local state and process management.

ℹ Install Mechanism

There is no external install spec (no network download), the skill is instruction‑only plus a bundled scripts/bundle.js. That reduces certain supply‑chain risks, but bundle.js is large and minified/packed which makes auditing difficult and hides behavior. The script includes child_process usage and OS-specific commands (execSync) in its bundle.

⚠ Credentials

The registry metadata declares no required env vars or config paths, yet the runtime instructions and bundled script read system identifiers (machine id via OS commands) and local state files containing loginToken and deviceFingerprint. Accessing these device identifiers and tokens is sensitive and not declared, creating a mismatch between claimed requirements and actual data access.

ℹ Persistence & Privilege

The skill does not set always:true and does not claim to persist in agent configuration, but it instructs starting and monitoring a long‑running process (bundle.js --login-token) and to restart it if it stops during a 10‑minute monitoring window. This grants transient process control but not permanent platform privileges; combined with access to tokens and device fingerprint it raises operational risk.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install byted-security-clawsentry
安装完成后，直接呼叫该 Skill 的名称或使用 /byted-security-clawsentry 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

byted-security-clawsentry v1.0.0 - Initial release for installing and configuring security-related plugins required by OpenClaw, including ai-assistant-security-openclaw. - Provides a strict step-by-step process for installation, script execution, login URL extraction, and post-login monitoring. - Supports use cases for quickly setting up security plugins in OpenClaw environments. - Includes detailed operational instructions and agent rules to ensure reliable execution and user guidance.

元数据

Slug byted-security-clawsentry

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题