← 返回 Skills 市场
1300
总下载
1
收藏
10
当前安装
1
版本数
在 OpenClaw 中安装
/install clawshield
功能描述
OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs.
使用说明 (SKILL.md)
ClawShield
Purpose
Audit a local OpenClaw install for security posture and common prompt-injection indicators. Produces a JSON report for review and alerting.
Workflow
- Canvas present: Launch the panel server and present the UI.
- User config: Update
config.yaml(scan frequency, alerts, sensitivity). - Cron setup: Schedule
scripts/audit.shat the chosen cadence. - Report/Alert: Review JSON output and alert if prompt-injection hits or unexpected open ports are found.
Usage
Panel (recommended)
node scripts/panel-server.js
Then present the UI:
canvas.present→http://localhost:8133(Scan / Settings / Logs)
Config (CLI)
node scripts/config.js get
node scripts/config.js set Scan_freq daily alerts telegram sensitivity high
Audit (CLI)
bash scripts/audit.sh > report.json
Notes
- Local-only scans; no network calls outside localhost.
- Panel server is local and stores the last report at
logs/last-report.json. config.yamldefaults: Scan_freq=daily, alerts=telegram, sensitivity=high.- Safe for routine security checks and “frenzy-proofing”.
Contact: Jeffrey Coleman | [email protected] | Custom audits/enterprise.
安全使用建议
Do not install or run this skill blindly. Specific things to check before using: 1) The SKILL.md references node scripts (scripts/panel-server.js and scripts/config.js) and config.yaml, but those files are missing — ask the author for the missing code or treat the panel instructions as non-functional. 2) The audit script expects local commands (openclaw, session_status) and python3 and optionally nmap; verify those are intended and present on your system. 3) The script scans workspace/memory and skills directories and includes status output verbatim in the JSON report — these files often contain secrets or system prompts, so review what will be read and where the resulting report will be stored/transmitted before running. 4) The default WORKDIR/OUTDIR are hard-coded to /Users/BillyAssist/... — update these to safe paths before running. 5) If you plan to follow the cron/alerting suggestions, confirm how alerts would be sent (there is no Telegram integration in the package), and avoid providing credentials until you verify the alerting implementation. If you cannot validate these points, run the audit.sh in a sandboxed environment and inspect its output first.
功能分析
Type: OpenClaw Skill
Name: clawshield
Version: 1.1.0
The skill 'ClawShield' is designed for local security auditing, including prompt injection detection and local port scanning. The `scripts/audit.sh` script executes local commands (`openclaw status`, `session_status`), performs `grep` for PI patterns in local directories, and runs `nmap` strictly limited to `127.0.0.1` for ports 1-1024. It outputs a JSON report to stdout without any evidence of data exfiltration, external network communication, unauthorized persistence mechanisms (beyond the stated intent to schedule local audits), or malicious execution. The `SKILL.md` and `references/threats.md` do not contain prompt injection attempts, but rather describe the skill's purpose and general security risks.
能力评估
Purpose & Capability
The description says it audits OpenClaw for prompt-injection and related risks; the included scripts (scripts/audit.sh) implement local PI pattern scans and a loopback port scan and produce JSON — that matches the stated purpose. However SKILL.md instructs running node scripts (scripts/panel-server.js and scripts/config.js) and editing config.yaml, none of which are included. The manifest also declares no required binaries/env, but the audit script expects commands like openclaw, session_status, python3 (and optionally nmap). These mismatches are incoherent.
Instruction Scope
SKILL.md tells the agent to launch a panel server, run node-based config CLI, update config.yaml and schedule the audit in cron. The package does not include the referenced node scripts or config.yaml; the panel UI provided is a static HTML file that does not actually run the audit. The audit.sh scans local memory and skills directories (which may legitimately contain conversation data), and writes full status outputs to the report — so it will read potentially sensitive local files. SKILL.md claims 'Local-only scans', which matches the script (it uses loopback for nmap), but claims alerting via Telegram by default with no implementation present.
Install Mechanism
No install spec — instruction-only skill with a small bash script and static assets. That is lower risk than arbitrary downloads or installers. Nothing in the package writes system files or includes an installer.
Credentials
The registry declares no required environment variables or credentials, which is good, but the audit script reads local OpenClaw status and session outputs, and scans 'memory' and 'skills' directories by default. Those locations commonly hold sensitive context (system prompts, conversation history, tokens). The script will include those outputs verbatim in its JSON report, and SKILL.md references alerting (telegram) without providing the integration — a mismatch that could lead a user to add credentials later. Also the script's default WORKDIR/OUTDIR are hard-coded to a specific user path (/Users/BillyAssist/...), which is unexpected and could cause the tool to scan different locations than the user intends.
Persistence & Privilege
The skill does not request 'always: true', does not self-install, and has no install hook. SKILL.md recommends the user schedule scripts/audit.sh in cron — that would create persistence only if the user follows instructions. This is a normal design for monitoring tools but is a persistence step under the user's control; still, instructing cron setup without included config files is inconsistent and should be validated by the user.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawshield - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawshield触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
ClawShield 1.1.0 — OpenClaw's Always‑On Security Cop
🚨 **12% of ClawHub skills are malicious.** ClawShield catches prompt‑injection, API leaks, and hidden threats *before* they hit.
**What it does:**
✅ Scans every line for PI patterns + tool abuse
✅ Finds exposed API keys (Downloads/Desktop)
✅ Monitors new files + ports
✅ Plain‑English logs (no JSON)
**Easy UI panel:**
🔍 SCAN NOW button
⚙️ Settings (daily/weekly scans, sensitivity)
⏰ Cron auto‑setup
🔔 Alerts (Telegram/Email)
**Cheat code for cheap models:**
High‑risk LLMs need this. Logs everything while you're away.
**Local‑only, privacy‑safe.** Frenzy‑proof your Claw.
Contact: Jeffrey Coleman | [email protected]
Tags: security, pi-detector, audit, frenzy-proof, api-leak, agent-guard, Security, Pi, Audit, Malicious Software Security, Hacker Protection, Prompt Injection protection, API security, Skill Safety, Vuln Check, frenzy-proof, clawhub safe, malware-scan, agent-guard
元数据
常见问题
ClawShield 是什么?
OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1300 次。
如何安装 ClawShield?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawshield」即可一键安装,无需额外配置。
ClawShield 是免费的吗?
是的,ClawShield 完全免费(开源免费),可自由下载、安装和使用。
ClawShield 支持哪些平台?
ClawShield 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawShield?
由 Poolguy24(@poolguy24)开发并维护,当前版本 v1.1.0。
推荐 Skills