← 返回 Skills 市场

Claw Def

Name: Claw Def
Author: cubeclaw

作者 cubeclaw · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install claw-def

功能描述

Provides AI-driven security protection for OpenClaw with threat detection, risk alerts, real-time interception, file and permission management, and security...

使用说明 (SKILL.md)

ClawDef

OpenClaw 原生安全防护系统

版本： 1.0.0
作者： ClawDef Team
标签： security, protection, safety

🎯 功能

为 OpenClaw 提供 AI Agent 安全防护，包括：

云端威胁库
安装时风险提示
运行时实时拦截
文件保护
权限管理
安全日志

📦 安装

clawhub install claw-def

🚀 使用

安装后自动启用，无需额外配置。

📊 测试

测试覆盖率：100% (13/13)
性能损耗：\x3C2%
内存占用：\x3C100MB

📄 许可证

MIT License

📞 反馈

GitHub: https://github.com/clawdef/claw-def/issues

安全使用建议

This package is internally inconsistent rather than overtly malicious. Before installing: (1) ask the author for the missing runtime (src/main.py) and for the implementation of the advertised cloud threat library and WebSocket endpoints; (2) verify the repository URL and review any network code (requests/websockets) for endpoints and auth handling; (3) confirm whether the package will run code that touches your home directory (it expands '~' and checks absolute paths) and run it first in a sandboxed environment; (4) be cautious of the tests' hard-coded sys.path (/home/admin/.openclaw/…), which reveal assumptions about host paths — ensure installation won't implicitly rely on or overwrite those locations; (5) if you need cloud features, require explicit declaration of required env vars/credentials and inspect how they are stored/transmitted. Given the missing main runtime and overpromises, do not install in production until the author provides the missing runtime code and a clear security/privacy design.

功能分析

Type: OpenClaw Skill Name: claw-def Version: 1.0.0 The 'claw-def' skill bundle is a security utility designed to protect the OpenClaw environment from malicious activities. The core logic in 'src/file_protection.py' implements a legitimate access control system that categorizes file paths into 'critical' (e.g., SSH keys, GPG, system passwords), 'restricted' (e.g., AWS/Azure credentials), and 'allowed' zones, effectively blocking or prompting for permission upon access. The bundle includes comprehensive test suites and extensive documentation (README.md, SKILL.md, and various marketing/release plans) that are entirely consistent with its stated purpose of providing a native security layer. No indicators of data exfiltration, malicious execution, or harmful prompt injection were identified.

能力评估

⚠ Purpose & Capability

The metadata and docs advertise a cloud threat library, WebSocket realtime push, a main runtime (src/main.py), and dependencies (requests, websockets), but the repository contents only include a small local file_protection.py and tests — there is no src/main.py, no cloud-client implementation, and no code that performs network calls. This is an overpromise: someone building the advertised cloud-backed product would legitimately need the missing runtime and network code and likely environment configuration, but those are absent.

⚠ Instruction Scope

SKILL.md is minimal (install via 'clawhub install claw-def' and 'auto-enable') and does not describe runtime behavior or network endpoints. The tests insert a hard-coded sys.path to '/home/admin/.openclaw/workspace/claw-def/src', which indicates assumptions about host filesystem layout and could lead to accidental access to host paths when tests or code run. The one real runtime function (FileProtectionManager.check_file_operation) only checks/blocks paths and does not read or transmit files, but the packaging claims broader runtime interception and cloud queries that are not specified in instructions.

✓ Install Mechanism

There is no install spec that downloads or extracts remote artifacts; the SKILL.md suggests 'clawhub install claw-def' and a manual git+pip option. No arbitrary URLs, installers, or packaged binaries are present in the provided files, which reduces install-time risk. However, the repository references a GitHub URL in skill.json that should be verified before using an install command that fetches remote code.

✓ Credentials

The skill declares no required environment variables or credentials. That is proportionate for the actual code present, which performs only local path checks. Note: the advertised cloud features would typically require API credentials or endpoints — those are not declared, another inconsistency to clarify.

✓ Persistence & Privilege

always is false and model invocation is allowed (platform default). The package does not request permanent presence or modify other skills' configurations in the supplied files. Nothing in the code writes to global agent config or requests elevated privileges; still, absent the runtime main, it's unclear what an installed package would actually register with the agent.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install claw-def
安装完成后，直接呼叫该 Skill 的名称或使用 /claw-def 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of ClawDef, the native security protection system for OpenClaw. - Provides AI Agent security features: cloud threat database, risk alerts during installation, real-time runtime interception, file protection, permission management, and security logs - Installs via clawhub and activates automatically - Tested with 100% coverage and minimal performance impact (<2% CPU, <100MB RAM) - Open source under the MIT License

元数据

Slug claw-def

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Claw Def 是什么？

Provides AI-driven security protection for OpenClaw with threat detection, risk alerts, real-time interception, file and permission management, and security... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 97 次。

如何安装 Claw Def？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install claw-def」即可一键安装，无需额外配置。

Claw Def 是免费的吗？

是的，Claw Def 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Claw Def 支持哪些平台？

Claw Def 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Claw Def？

由 cubeclaw（@cubeclaw）开发并维护，当前版本 v1.0.0。