← 返回 Skills 市场
goldwish1

每日安全巡检

作者 Terry Feng · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
349
总下载
1
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install daily-security-check
功能描述
OpenClaw 每日安全巡检技能。按固定清单检查网关 loopback、防火墙提醒、API 密钥在 .env、SOUL.md 安全规则、认证异常,并执行 openclaw security audit 与 openclaw doctor,输出简短报告与 0–10 安全评分;可由 cron 定时触发,结果可投递到...
使用说明 (SKILL.md)

daily-security-check(每日安全巡检)

When to use this skill

  • 用户或定时任务说「执行安全巡检」「按 daily-security-check 执行」或「每日安全巡检」时。
  • 可由 cron 等定时任务在独立会话中触发,结果可发往 Telegram、飞书等(需自行配置)。

调用约定(重要)

  • 仅在显式请求时执行:一般情况下不要主动 @ 或加载本 skill;仅当用户明确要求「安全巡检」「daily-security-check」或 cron 到点触发时才执行。
  • assets 为备份/参考assets/community-official-security-extras.mdassets/source-article-security-config.md 为备份与溯源用文档,常规对话中不要调用或引用,仅在执行本 skill 时按需查阅。

Who uses it

  • 使用者:任何在 OpenClaw 仓库中运行本技能的 agent 或用户。
  • 定位:对应 Bruce Van 文章《保姆级教程:7 步配置 OpenClaw》第 6 步;只做检查与报告,不自动修改配置。

How to execute

  1. 加载检查清单:按 references/CHECKLIST.md 中的项逐项执行(网关 loopback、防火墙提醒、API 密钥在 .env、SOUL.md 安全规则、认证异常、身份与访问控制、工具与沙箱等)。
  2. 运行官方审计:在项目根或设置 OPENCLAW_STATE_DIR 后执行 openclaw security audit,将 Summary 及关键 WARN 纳入报告;详见 CHECKLIST 第 8 项。
  3. 运行 OpenClaw doctor:在项目根执行 openclaw doctor(若使用非默认状态目录,请先设置 OPENCLAW_STATE_DIR)。仅只读检查,不执行 --fix;若有建议修复则提醒用户本地手动执行 openclaw doctor --fix。详见 CHECKLIST 第 9 项。
  4. 汇总输出:按 assets/report-template.md 的结构输出报告,包含安全评分(0–10)、结论、待办;发现异常时明确标出并提醒用户。
  5. 保存报告:将报告写入 workspace/docs/security-audit/security-report-YYYY-MM-DD.md(日期为巡检日,路径相对于 OpenClaw 项目根),便于留存与追溯;可选投递到 Telegram 等。
  6. 不交互:cron 触发时不要进行交互式询问,直接执行并输出报告;全文使用简体中文。
  7. 回复仅限报告:执行本技能时,只输出一份结构化报告(按 report-template 的格式)。不要输出「我注意到您使用了…」「我将执行…」「首先/然后…」等步骤说明;报告发出后无需再发任何总结、解释或重复执行描述。

Constraints & safety

  • 只做检查与报告:不执行任何修改配置、重启服务等操作。
  • 不输出敏感内容:报告中不得包含 API Key、token、密码等明文;只写路径或字段名。
  • 报告体量:300–600 字内,便于投递到 Telegram。

Success criteria

  • 完成检查清单(含 security audit 与 doctor)并输出结构化报告;报告含 0–10 安全评分与一句结论;若有异常则列出待办。

Source & related docs

  • 原始参考(本 skill 内)assets/source-article-security-config.md — Bruce Van 文章 7 步安全配置建议的整理,供溯源与扩展阅读。
  • 扩展:可在自己仓库中维护 workspace/docs/security-daily-check-step6.mdworkspace/docs/security-audit-*.md 等文档供团队参考。
安全使用建议
This skill appears to do what it says (read-only daily security checks and report generation). Before installing: 1) Confirm the agent environment has the OpenClaw CLI installed and on PATH (SKILL.md requires `openclaw security audit` and `openclaw doctor`)—the registry metadata should have declared this. 2) Ensure the agent has read access to the OpenClaw project root and any state dir you want audited (and write permission for workspace/docs/security-audit/). 3) Be aware the skill may read config files and logs (e.g., `openclaw.json`, agent SOUL.md, session logs) as part of the audit—if those files contain sensitive material, restrict agent filesystem privileges accordingly. 4) The skill will not perform fixes or exfiltrate data by default, but review delivery/cron setup (Telegram/other hooks) and only configure external delivery endpoints you trust. 5) Prefer installing this skill from a known/verified source and ask the publisher to update metadata to list the OpenClaw CLI requirement and note the optional OPENCLAW_STATE_DIR usage; that small fix would raise confidence.
功能分析
Type: OpenClaw Skill Name: daily-security-check Version: 1.0.0 The 'daily-security-check' skill bundle is a security auditing tool designed to perform read-only inspections of OpenClaw configurations, environment variables, and SOUL.md rules. It executes official CLI commands (`openclaw security audit` and `openclaw doctor`) and generates a structured Markdown report. The instructions in SKILL.md and CHECKLIST.md explicitly forbid modifying configurations, leaking sensitive credentials, or performing interactive prompts during automated runs, aligning perfectly with its stated purpose of providing a safe, automated security posture review.
能力评估
Purpose & Capability
The skill's name, description, and instructions all describe a read-only daily security check and the actions (inspect openclaw.json, SOUL.md, run `openclaw security audit` and `openclaw doctor`, write a report). That capability matches the declared purpose. However, the registry metadata lists no required binaries or env vars even though runtime instructions require the OpenClaw CLI and optionally reference OPENCLAW_STATE_DIR; this omission is an incoherence that should be corrected but does not indicate malicious intent.
Instruction Scope
SKILL.md restricts actions to read-only checks and report generation, lists exact files/paths to inspect (openclaw.json, agents' SOUL.md, logs if accessible), and disallows printing secrets. It instructs saving a report to workspace/docs/security-audit/ and running `openclaw security audit`/`openclaw doctor` without --fix. These instructions stay within the stated audit scope. Note: the skill will read config and possibly logs if the agent has filesystem access—this is expected for an audit but worth awareness.
Install Mechanism
No install spec or external downloads are present (instruction-only). No code is written to disk by an installer. This is the lowest-risk install model.
Credentials
The skill declares no required credentials or env vars, which is appropriate for a read-only audit. However SKILL.md references OPENCLAW_STATE_DIR (optional) and implies access to project files and possibly `~/.openclaw` logs; these are not declared in metadata. There are no requests for tokens/keys. Ensure the agent runtime is allowed to read the project and state directories but not given unrelated credentials.
Persistence & Privilege
always: false and normal invocation model. The skill writes a report to a workspace path within the project (documented). It does not request permanent platform-level privileges, does not modify other skills or system-wide configs, and explicitly forbids automatic fixes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install daily-security-check
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /daily-security-check 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
daily-security-check 1.0.0 – 首次发布 - 新增 OpenClaw 每日安全巡检技能,按固定清单自动检查关键安全项并输出报告。 - 支持执行 openclaw security audit 与 openclaw doctor,报告含安全评分与结构化摘要。 - 报告自动保存至项目目录,便于留存与追溯,可选投递到 Telegram 等通知渠道。 - 仅在显式请求或定时任务触发时运行,不主动修改配置,也不输出敏感信息。
元数据
Slug daily-security-check
版本 1.0.0
许可证
累计安装 3
当前安装数 3
历史版本数 1
常见问题

每日安全巡检 是什么?

OpenClaw 每日安全巡检技能。按固定清单检查网关 loopback、防火墙提醒、API 密钥在 .env、SOUL.md 安全规则、认证异常,并执行 openclaw security audit 与 openclaw doctor,输出简短报告与 0–10 安全评分;可由 cron 定时触发,结果可投递到... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 349 次。

如何安装 每日安全巡检?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install daily-security-check」即可一键安装,无需额外配置。

每日安全巡检 是免费的吗?

是的,每日安全巡检 完全免费(开源免费),可自由下载、安装和使用。

每日安全巡检 支持哪些平台?

每日安全巡检 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 每日安全巡检?

由 Terry Feng(@goldwish1)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论