← 返回 Skills 市场
Cybersecurity Audit & Hardening
作者
ai-gaoqian
· GitHub ↗
· v1.0.0
· MIT-0
18
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cybersecurity-audit
功能描述
企业级网络安全审计与加固技能。覆盖OWASP Top 10漏洞扫描、CIS基准合规检查、TLS/SSL证书管理、端口扫描与渗透测试辅助、GDPR/等保2.0合规评估、勒索软件防护策略生成。内置CVE数据库同步,支持自动化安全报告输出。
使用说明 (SKILL.md)
Cybersecurity Audit & Hardening
Enterprise-grade security auditing and hardening skill. Covers vulnerability scanning, compliance checks, certificate management, and security report generation.
Audit Modules
1. Web Application Security (OWASP Top 10)
- SQL Injection detection
- XSS (Cross-Site Scripting) scanning
- CSRF protection verification
- SSRF vulnerability assessment
- Authentication bypass detection
- API security (JWT/OAuth misconfigurations)
2. Infrastructure Security
- Port scanning with service fingerprinting
- Open port risk analysis and remediation
- Firewall rule audit and optimization
- Cloud security group misconfiguration detection
- Docker/K8s container security scanning
3. Compliance & Standards
| Standard | Coverage | Report Format |
|---|---|---|
| CIS Benchmarks | Level 1 & 2 | PDF/JSON |
| ISO 27001 | Annex A controls | PDF/Excel |
| GDPR | Article 32 (Security) | |
| 等保2.0 | Level 2 & 3 | PDF/Word |
| PCI DSS | SAQ D | |
| SOC 2 | Trust Service Criteria |
4. TLS/SSL Certificate Management
- Certificate expiration monitoring (30/14/7 day alerts)
- Cipher suite strength analysis
- HSTS/HPKP configuration audit
- Certificate chain validation
- Let's Encrypt auto-renewal integration
5. Vulnerability Intelligence
- Real-time CVE database synchronization (NVD/CNVD)
- Affected component matching (OS, libraries, frameworks)
- CVSS score calculation and prioritization
- Exploit availability tracking (ExploitDB/Metasploit)
- Patch Tuesday update recommendations
6. Ransomware Defense
- Backup strategy assessment (3-2-1 rule)
- File extension monitoring for suspicious changes
- Network segmentation audit
- Endpoint detection configuration review
- Incident response playbook generation
Usage
# Full security audit
openclaw skill run cybersecurity-audit --target example.com --report pdf
# Quick port scan
openclaw skill run cybersecurity-audit --scan ports --target 192.168.1.0/24
# Compliance check
openclaw skill run cybersecurity-audit --compliance cis --level 1
Output
Generates structured security reports with:
- Executive summary
- Detailed findings with CVSS scores
- Remediation steps ordered by priority
- Compliance gap analysis
- Executive dashboard (charts & metrics)
安全使用建议
Install only if you will use it for systems you own or are explicitly authorized to assess. Before running scans, define the target scope, get permission, consider rate limits and monitoring alerts, and avoid public or third-party targets unless authorization is documented. VirusTotal and static scan were clean, and no hidden executable code was present.
能力标签
能力评估
Purpose & Capability
The stated purpose is cybersecurity auditing and hardening, and the advertised capabilities such as OWASP checks, port scanning, TLS review, CVE matching, and compliance reporting fit that purpose.
Instruction Scope
The artifact gives example scan commands and describes vulnerability and port scanning, but it does not require user confirmation that targets are owned or authorized, nor does it define safe scope limits or operational impact.
Install Mechanism
The package contains only SKILL.md and declares expected dependencies for this type of work: python>=3.10, nmap, and openssl. No executable installer or hidden files were present.
Credentials
Network/security tooling is proportionate for an audit skill, but running scans can affect third-party systems, trigger monitoring, or create legal and operational risk if used outside an authorized environment.
Persistence & Privilege
No persistence, background worker, credential harvesting, privilege escalation, or local profile/session access is described in the artifacts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cybersecurity-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/cybersecurity-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Cybersecurity Audit & Hardening skill:
- Supports enterprise-grade security auditing across web, infrastructure, compliance, and ransomware defense.
- Covers OWASP Top 10, CIS Benchmarks, various regulatory and industry standards (ISO 27001, GDPR, 等保2.0, PCI DSS, SOC 2).
- Provides TLS/SSL certificate management with expiration alerts, chain validation, and cipher suite analysis.
- Integrates real-time CVE vulnerability sync and exploit tracking.
- Generates automated, structured reports (PDF/JSON/Excel/Word) including prioritized remediation and executive summaries.
元数据
常见问题
Cybersecurity Audit & Hardening 是什么?
企业级网络安全审计与加固技能。覆盖OWASP Top 10漏洞扫描、CIS基准合规检查、TLS/SSL证书管理、端口扫描与渗透测试辅助、GDPR/等保2.0合规评估、勒索软件防护策略生成。内置CVE数据库同步,支持自动化安全报告输出。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 18 次。
如何安装 Cybersecurity Audit & Hardening?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cybersecurity-audit」即可一键安装,无需额外配置。
Cybersecurity Audit & Hardening 是免费的吗?
是的,Cybersecurity Audit & Hardening 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Cybersecurity Audit & Hardening 支持哪些平台?
Cybersecurity Audit & Hardening 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Cybersecurity Audit & Hardening?
由 ai-gaoqian(@ai-gaoqian)开发并维护,当前版本 v1.0.0。
推荐 Skills