功能描述

Provides four-layer security for OpenClaw including static code scanning, logic audit, runtime protection, and periodic security patrols with automated reports.

使用说明 (SKILL.md)

claw-security-suite

Name: Claw Security Suite
Author: kenz1117

🛡️ OpenClaw 完整四层纵深安全防御体系

为 OpenClaw 提供从静态扫描到运行时防护的完整安全保障

功能特点

四层纵深防御

层级	功能	说明
第一层	静态代码扫描	安装前扫描，检测恶意代码、硬编码密钥、危险系统调用
第二层	逻辑安全审计	分析代码逻辑是否越权，检查是否符合最小权限原则
第三层	运行时实时防护	检测并阻止提示注入、命令注入、SSRF等攻击，自动净化输入
第四层	定期安全巡检	每日自动巡检、每周全量扫描、基线完整性保护

额外特性

✅ 完整的三层安全检查流程标准化沉淀
✅ 自动化定时任务集成
✅ 零配置开箱即用
✅ 详细的安全报告输出
✅ 符合 OpenClaw 标准规范

安装要求

OpenClaw >= v0.8.0
不需要额外依赖，零配置开箱即用
（可选）配置环境变量 CLAW_SECURITY_CLOUD_ENDPOINT 启用云端情报校验

云端情报校验

默认内置提供腾讯云 ClawScan 云端情报接口，会查询已公开的技能安全信誉数据：

仅发送技能名称和来源标签，不传输任何本地文件、凭证或个人数据
默认启用（如果端点可用），不配置环境变量也可以使用
如果需要自定义云端服务，可以设置 CLAW_SECURITY_CLOUD_ENDPOINT 环境变量修改端点

目录结构

openclaw-security-suite/
├── SKILL.md                  # 本文档
├── _meta.json                # Skill元数据
├── lib/
│   ├── static_scanner.py     # 第一层：静态代码扫描
│   ├── logic_auditor.py      # 第二层：逻辑安全审计
│   ├── runtime_protector.py  # 第三层：运行时防护
│   └── security_patrol.py    # 第四层：定期巡检
└── references/
    └── security_policy.md    # 安全安装策略

使用方法

三层安装检查流程（用于安装新skill）

from skills.claw-security-suite.lib.static_scanner import scan

# 带云端情报校验扫描（推荐）
result = scan(extracted_path, skill_name="your-skill-slug", source="clawhub")
if not result.is_safe:
    # 拦截安装
    print(result.to_report())

# 仅本地扫描（不联网）
result = scan(extracted_path)

调用 static_scanner.scan(zip_path)
调用 logic_auditor.audit(extracted_path)
人工确认后安装

运行时保护

每次用户输入前自动调用：

from skills.openclaw-security-suite.lib.runtime_protector import RuntimeProtector
result = RuntimeProtector.check(user_input)
if result.is_malicious:
    # 拒绝请求
    logger.warning(f"Blocked malicious request: {result.reason}")
else:
    # 净化后继续处理
    clean_input = result.clean_input

每日巡检

from skills.openclaw-security-suite.lib.security_patrol import daily_patrol
daily_patrol.run()

每周扫描

from skills.openclaw-security-suite.lib.security_patrol import weekly_scan
weekly_scan.run()

安全规则

禁止任何skill读取 /app/working/.env 除非是安全审计本身
禁止任何skill执行任意系统命令除非明确需要
禁止硬编码API密钥或凭证
禁止向外发送敏感信息
最小权限原则：只做声明的功能，不越权

作者

Kenz1117

许可证

MIT-0 (MIT No Attribution)

安全使用建议

This package appears to implement the security features it claims, but review and decide on two policy points before installing: 1) Cloud intel endpoint: the code includes a default Tencent endpoint and will perform a GET request (skill_name and source as query params) when you call the scanner with a skill_name. If you do not want any network calls, either set CLAW_SECURITY_CLOUD_ENDPOINT to an empty value or avoid passing a skill_name to the cloud-checking APIs. The code documents the behavior, but a default third-party call is privacy-sensitive. 2) Workspace reads and writes: the patrol and scanners read files under /app/working/skills and will create/update baseline and report files under /app/working/security and /app/working/logs/security. Ensure you trust this skill to access and persist those files (and check filesystem permissions) — the tool will report or block installation results based on its findings and may flag benign files. Additional recommendations: - If you plan to rely on this skill to block installs, review the cloud endpoint and consider hosting your own CLAW_SECURITY_CLOUD_ENDPOINT to avoid third‑party queries. - Review the code (already included) if you need stricter guarantees about exactly what is sent externally; the network payload is a simple query string, not file contents, per the implementation. - Note minor metadata inconsistencies (package __version__ differs from registry version) and confirm you obtained the package from a trusted source before granting it access to your agent workspace.

功能分析

Type: OpenClaw Skill Name: claw-security-suite Version: 1.1.0 The bundle implements a security suite providing static analysis, logic auditing, and file integrity monitoring. However, it includes a 'Cloud Intelligence' feature in `lib/static_scanner.py` that performs external network requests to a hardcoded Tencent endpoint (`matrix.tencent.com`), sending the names and sources of scanned skills. While this is documented as a security reputation check, it effectively functions as telemetry that reports the environment's installed software to a third party. Additionally, the suite requires broad read/write access to the `/app/working/` directory for scanning and maintaining integrity baselines in `lib/security_patrol.py`.

能力评估

✓ Purpose & Capability

Name/description (multi-layer security: static scan, logic audit, runtime protection, periodic patrol) match the shipped modules and exported APIs. The files implement the declared capabilities and there are no unrelated credentials, binaries, or surprising external dependencies.

ℹ Instruction Scope

SKILL.md instructs the agent to run local scanning, logic auditing, runtime input checks, and scheduled patrols — all implemented in the code. The instructions do cause the skill to read other skills' files (scanning /app/working/skills) and to call RuntimeProtector before user inputs if integrated; this is expected for a security tool but grants the skill broad read access within the agent workspace.

✓ Install Mechanism

No external install spec (instruction-only installer) and the package uses only bundled Python standard-library code. Nothing is downloaded or executed from arbitrary URLs during install.

ℹ Credentials

No required secrets or env-vars are declared; an optional CLAW_SECURITY_CLOUD_ENDPOINT env var can override a default cloud endpoint. However the code ships with a non-empty default endpoint (https://matrix.tencent.com/clawscan/skill_security) and will query it (skill_name + source) if a skill_name is provided — this causes network traffic to a third party even with zero config. No local files or credentials are sent, per code, but the network call and its default should be considered before enabling.

ℹ Persistence & Privilege

The skill writes baseline and report files to /app/working/security and /app/working/logs/security and scans /app/working/skills; it does not request always:true or system-level privileges. Creating and updating baseline/report files is consistent with its stated patrol role but grants it persistent artifacts in the agent workspace.

版本历史

v1.1.0

- No code or documentation changes detected in this release. - Version bump to 1.1.0 with no content modifications.

v1.0.2

claw-security-suite 1.0.2 - 增加了云端情报校验说明，可通过 `CLAW_SECURITY_CLOUD_ENDPOINT` 配置云端接口，默认集成腾讯云 ClawScan。 - 明确说明云端校验默认启用，仅发送技能名称与来源，不上传本地代码或敏感信息。 - 安装方法中新增本地与云端两种静态扫描用法示例。 - 安装要求强调“零配置开箱即用”，环境变量为可选项。 - 其它段落微调和补充，未涉及功能性变更。

v1.0.1

- Initial release of claw-security-suite. - Added core modules for static scan, logic auditor, runtime protector, and security patrol. - Included requirements.txt and project documentation (SKILL.md, CHANGELOG.md). - Integrated compiled Python files for all security components.

v1.0.0

## v1.0.0 - 2026-01-28 ### ✨ 首次发布 - 完整实现**四层纵深安全防御体系** - **第一层**：静态代码扫描，检测恶意代码、硬编码密钥、危险系统调用 - **第二层**：逻辑安全审计，基于 OWASP Top 10 检查代码漏洞和权限越权 - **第三层**：运行时实时防护，检测并阻断提示注入、命令注入、SSRF 攻击 - **第四层**：定期安全巡检，每日基线完整性检查、每周全量扫描 ### Features - 📋 标准化三层安装检查流程沉淀 - 🛡️ 开箱即用，零配置 - 📊 自动生成安全报告 - 🔒 完整性基线保护，检测文件篡改 - 🧹 符合 OpenClaw 标准目录规范 - 📝 MIT-0 无 Attribution 要求 ### 作者 Kenz1117 ### 许可证 MIT-0 (MIT No Attribution)

元数据

Slug claw-security-suite

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题