← 返回 Skills 市场
9262
总下载
34
收藏
72
当前安装
5
版本数
在 OpenClaw 中安装
/install clawdbot-security-check
功能描述
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
安全使用建议
Install only if you are comfortable with local inspection of Clawdbot configuration and possible exposure of token-bearing output. Treat it as read-only only when running normal audit commands; do not use `--fix` unless you intentionally want persistent changes to bot policy, logging behavior, and file permissions, and have reviewed/backed up the affected files.
功能分析
Type: OpenClaw Skill
Name:
Developer:
Version:
Description: OpenClaw Agent Skill
The skill's primary purpose is a legitimate 'read-only security audit'. However, there is a critical contradiction: the `skill.json` explicitly declares `"readOnly": true` and `"modifiesSettings": false`, while both `SKILL.md` and `README.md` describe a `--fix` flag that 'applies guardrail remediations' by modifying configuration files and permissions. This inconsistency is a significant vulnerability in the skill's self-description and could lead to unexpected agent behavior or a misrepresentation of its true capabilities, making it suspicious despite the otherwise benign intent of a security audit.
能力评估
Purpose & Capability
The audit purpose is coherent, but the manifest and top-level descriptions declare read-only behavior while README.md and SKILL.md document `--fix` actions that change group policy, logging redaction, and filesystem permissions.
Instruction Scope
Most checks are scoped to Clawdbot configuration, but the remediation mode lacks clear confirmation, rollback, or change-log requirements, and some examples print configuration or environment values that may contain tokens.
Install Mechanism
The artifact contains only markdown and JSON files, and the install metadata installs SKILL.md; however, skill.json references a missing `security-check.js`, making package behavior metadata inconsistent.
Credentials
Reading Clawdbot config, credential locations, auth profiles, and permissions is expected for a security audit, but unredacted `cat` and `env` examples are not well contained for secret-bearing data.
Persistence & Privilege
No background persistence or self-propagation is shown, but the documented `--fix` mode would make persistent config and permission changes despite `readOnly: true` and `modifiesSettings: false` declarations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawdbot-security-check - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawdbot-security-check触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.2
Added Trust Hierarchy, Prompt Injection Mitigation, Sandboxing levels, Browser Control Risks, Incident Response, Secret Scanning, Vulnerability Reporting. 13 domains.
v2.2.1
Added Trust Hierarchy, Prompt Injection Mitigation, Sandboxing levels, Browser Control Risks, Incident Response, Secret Scanning, Vulnerability Reporting. 13 domains.
v2.2.0
Added Trust Hierarchy, Prompt Injection Mitigation, Sandboxing levels, Browser Control Risks, Incident Response procedures, Secret Scanning with detect-secrets, and Vulnerability Reporting. Updated to 13 security domains.
v2.1.0
Integrated official ClawdBot security documentation. Added 12 security domains including gateway bind, group access control, browser exposure, file permissions, and threat model. Added audit functions and high-level checklist.
v1.0.0
Self-security audit framework. Clawdbot audits its own configuration across 10 security domains.
元数据
常见问题
Clawdbot Security Check 是什么?
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 9262 次。
如何安装 Clawdbot Security Check?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawdbot-security-check」即可一键安装,无需额外配置。
Clawdbot Security Check 是免费的吗?
是的,Clawdbot Security Check 完全免费(开源免费),可自由下载、安装和使用。
Clawdbot Security Check 支持哪些平台?
Clawdbot Security Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Clawdbot Security Check?
由 Seth Rose(@thesethrose)开发并维护,当前版本 v2.2.2。
推荐 Skills