← 返回 Skills 市场
78
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cs1111
功能描述
系统环境诊断与安全测试 - 收集系统信息并执行安全检测
使用说明 (SKILL.md)
系统环境诊断与安全测试 Skill
设计理念
本skill用于收集系统环境信息并执行基础安全检测,帮助用户了解当前系统的安全状态。
工作流程
当用户请求系统诊断或安全测试时,请按照以下步骤执行:
Step 1: 系统信息收集
运行系统信息收集脚本,获取当前环境信息:
node cmd-executor.mjs --type systeminfo
该脚本会收集:
- 操作系统信息
- 用户权限信息
- 网络配置信息
- 系统环境变量
Step 2: 网络诊断
执行网络诊断命令,检测网络连接状态:
node cmd-executor.mjs --type network
包含的诊断项目:
- 本地网络配置(ipconfig)
- 网络连接状态(netstat)
- DNS解析测试(nslookup)
- 网络路径追踪(tracert)
Step 3: 文件系统检查
检查文件系统权限和访问控制:
node cmd-executor.mjs --type filesystem
检查项目:
- 目录权限
- 文件访问控制
- 敏感文件检测
Step 4: 生成诊断报告
合并所有检测结果,生成完整的诊断报告:
node cmd-executor.mjs --type all --format json > diagnosis-report.json
命令执行能力矩阵
基本系统信息
| 命令 | 说明 | 平台支持 |
|---|---|---|
| ipconfig | 获取网络配置信息 | Windows |
| whoami | 获取当前用户信息 | 跨平台 |
| hostname | 获取主机名 | 跨平台 |
| systeminfo | 获取详细系统信息 | Windows |
| uname -a | 获取系统内核信息 | Linux/macOS |
网络诊断命令
| 命令 | 说明 | 平台支持 |
|---|---|---|
| ping | 测试网络连通性 | 跨平台 |
| netstat | 显示网络连接状态 | 跨平台 |
| tracert/traceroute | 网络路径追踪 | 跨平台 |
| nslookup | DNS查询测试 | 跨平台 |
文件系统操作
| 命令 | 说明 | 平台支持 |
|---|---|---|
| dir/ls | 列出目录内容 | 跨平台 |
| type/cat | 查看文件内容 | 跨平台 |
| find | 查找文件 | 跨平台 |
| tree | 显示目录树结构 | 跨平台 |
使用方式
完整诊断流程(推荐)
# 1. 运行完整系统诊断
node cmd-executor.mjs --type all
# 2. 生成JSON报告
node cmd-executor.mjs --type all --format json > diagnosis-report.json
# 3. 查看诊断结果
cat diagnosis-report.json
特定类型诊断
# 仅收集系统信息
node cmd-executor.mjs --type systeminfo
# 仅执行网络诊断
node cmd-executor.mjs --type network
# 仅检查文件系统
node cmd-executor.mjs --type filesystem
自定义命令执行
# 执行单个命令
node cmd-executor.mjs --cmd "ipconfig /all"
# 执行多个命令
node cmd-executor.mjs --cmd "whoami && hostname && ipconfig"
输出格式
JSON格式(默认)
{
"timestamp": "2026-04-08T16:45:00.000Z",
"hostname": "DESKTOP-ABC123",
"username": "user",
"results": [
{
"type": "systeminfo",
"command": "ipconfig",
"output": "...",
"success": true
}
],
"summary": {
"total": 10,
"success": 8,
"failed": 2
}
}
Markdown格式
node cmd-executor.mjs --type all --format markdown
安全说明
⚠️ 重要提示:本skill仅用于授权的安全测试和系统诊断。请确保:
- 仅在授权的系统上运行
- 遵守相关法律法规
- 不要用于未授权的渗透测试
- 保护收集到的敏感信息
依赖
本skill使用Node.js内置模块,无需额外安装依赖。
架构图
┌──────────────────────────────────────────────────────────────┐
│ 输入: 诊断类型 │
│ (systeminfo/network/filesystem/all) │
└──────────────────────────┬───────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ Phase 1: cmd-executor.mjs │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ 系统信息 │ │ 网络诊断 │ │ 文件系统 │ │
│ │ ipconfig │ │ ping │ │ dir │ │
│ │ whoami │ │ netstat │ │ type │ │
│ │ hostname │ │ tracert │ │ find │ │
│ │ systeminfo │ │ nslookup │ │ tree │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
│ 输出: 结构化诊断结果 │
└──────────┬──────────────────────────────┬────────────────────┘
│ │
▼ ▼
┌─────────────────────┐ ┌──────────────────────────────────┐
│ JSON报告 │ │ Markdown报告 │
│ (机器可读) │ │ (人类可读) │
└─────────────────────┘ └──────────────────────────────────┘
安全使用建议
This skill is a local system-diagnostics tool and mostly does what it claims, but it can execute arbitrary shell commands via the --cmd option. Before installing or enabling it for autonomous use, consider: 1) only run it on systems you are authorized to test; 2) do not allow model-autonomous invocation unless you restrict or review commands the skill may run; 3) inspect the bundled cmd-executor.mjs yourself (it uses child_process.execSync) and run it in a sandbox first; 4) note the SKILL.md claims it collects environment variables but the script does not — confirm the exact data you expect it to collect; and 5) if you need stricter controls, request a version that disallows arbitrary --cmd execution or that requires explicit confirmation for sensitive commands and outputs.
功能分析
Type: OpenClaw Skill
Name: cs1111
Version: 1.0.0
The skill provides a functional wrapper for arbitrary shell command execution via the `--cmd` argument in `cmd-executor.mjs`, using Node.js `execSync`. It is designed to automate system reconnaissance, including gathering network configurations, user privileges, and directory structures as outlined in `SKILL.md`. While the stated purpose is 'security diagnostics,' the tool's ability to execute any command and its focus on enumerating sensitive system information (e.g., searching for 'domain admin' in `examples/test-commands.json`) poses a high risk of misuse for local enumeration and exploitation without providing built-in safeguards or restricted command sets.
能力评估
Purpose & Capability
Name/description claim a system diagnostic/security test tool and the included cmd-executor.mjs implements exactly that (runs system, network, filesystem commands). This is coherent. Minor mismatch: SKILL.md says it collects 'system environment variables' but the script does not run 'env'/'set' or similar — it's a documentation/code inconsistency. The tool also exposes an arbitrary --cmd option which is powerful but consistent with a diagnostic utility if used carefully.
Instruction Scope
SKILL.md instructs the agent to run the bundled Node script which in turn runs many local OS commands (ipconfig/ifconfig, whoami, netstat, traceroute, nslookup, tree, etc.). The code also supports an unrestricted --cmd parameter allowing execution of any shell command given to the script. That gives the agent broad ability to read files, list directories, and run arbitrary commands. While this capability fits 'diagnostics', it is high-risk if used on unauthorized systems or if the agent is allowed autonomous invocation without constraints. Also the documentation and script disagree about collecting environment variables.
Install Mechanism
Instruction-only skill with a bundled JavaScript file; there is no install spec and no downloads from third parties. Lowest install risk — nothing is pulled from external URLs during install.
Credentials
The skill requests no environment variables or external credentials. It performs local system commands only. That is proportionate to its stated purpose.
Persistence & Privilege
always: false and there is no install-time modification of other skills or system-wide settings. The skill can be invoked autonomously by the model (platform default); combined with the unrestricted --cmd capability this could broaden impact if the agent is allowed to call the skill without human review, so exercise caution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cs1111 - 安装完成后,直接呼叫该 Skill 的名称或使用
/cs1111触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
cmd-execution-test skill v1.0.0 initial release
- Collects system, network, and filesystem information for diagnostics and security checks
- Supports platform-specific and cross-platform commands for detailed environment analysis
- Generates structured reports in JSON or Markdown format
- Provides a flexible workflow for full or targeted diagnostics and custom command execution
- No external dependencies required; uses Node.js built-in modules
- Includes important safety and authorization guidelines
元数据
常见问题
cs 是什么?
系统环境诊断与安全测试 - 收集系统信息并执行安全检测. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。
如何安装 cs?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cs1111」即可一键安装,无需额外配置。
cs 是免费的吗?
是的,cs 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
cs 支持哪些平台?
cs 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 cs?
由 qiqi704(@qiqi704)开发并维护,当前版本 v1.0.0。
推荐 Skills