← 返回 Skills 市场

Firm Auth Compliance Pack

Name: Firm Auth Compliance Pack
Author: romainsantoli-web

作者 romainsantoli-web · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

326

总下载

当前安装

版本数

在 OpenClaw 中安装

/install firm-auth-compliance-pack

功能描述

Authentication and compliance audit pack. OAuth 2.1/OIDC Discovery, token scope enforcement, tool deprecation lifecycle, circuit breaker, GDPR residency, DID...

使用说明 (SKILL.md)

firm-auth-compliance-pack

⚠️ Contenu généré par IA — validation humaine requise avant utilisation.

Purpose

Comprehensive authentication and compliance auditing: OAuth 2.1 / OIDC Discovery compliance (PKCE, RFC 9728, RFC 8707), token scope enforcement, tool deprecation lifecycle, circuit breaker patterns, GDPR data residency, W3C DID identity, multi-model routing, and resource links validation.

Tools (8)

Tool	Description	Severity
`openclaw_oauth_oidc_audit`	OAuth 2.1 / OIDC Discovery compliance	HIGH
`openclaw_token_scope_check`	Token scope enforcement	HIGH
`openclaw_tool_deprecation_audit`	Tool deprecation lifecycle audit	MEDIUM
`openclaw_circuit_breaker_audit`	Circuit breaker pattern validation	MEDIUM
`openclaw_gdpr_residency_audit`	GDPR data residency compliance	MEDIUM
`openclaw_agent_identity_audit`	W3C DID agent identity validation	MEDIUM
`openclaw_model_routing_audit`	Multi-model routing configuration	MEDIUM
`openclaw_resource_links_audit`	Resource links validation	MEDIUM

Usage

skills:
  - firm-auth-compliance-pack

# Run compliance audit:
openclaw_oauth_oidc_audit config_path=/path/to/config.json
openclaw_gdpr_residency_audit config_path=/path/to/config.json
openclaw_agent_identity_audit config_path=/path/to/config.json

Requirements

mcp-openclaw-extensions >= 3.0.0

安全使用建议

This skill is an instruction-only compliance pack that expects 'mcp-openclaw-extensions >= 3.0.0' to provide the actual tools. Before installing or running it: 1) Confirm the external extension (mcp-openclaw-extensions) is present and from a trusted source; the skill itself contains no code. 2) Review any configuration files you pass as config_path — they may contain secrets or credentials; do not point the tool at sensitive files unless you trust the tool implementation. 3) Since the agent can invoke skills autonomously, consider restricting automatic runs until you've validated outputs manually. 4) Because the skill’s source/homepage is unknown, perform an additional provenance check or manual review of the extension that will supply the audit commands.

功能分析

Type: OpenClaw Skill Name: firm-auth-compliance-pack Version: 1.0.0 The skill bundle consists of metadata and a markdown file describing an 'Authentication and compliance audit pack'. It outlines the purpose, lists internal OpenClaw audit tools, and provides usage examples. There is no executable code, no instructions for prompt injection, no attempts at data exfiltration, persistence, or obfuscation. The declared dependency `mcp-openclaw-extensions` is a standard requirement and does not indicate malicious intent within this skill itself.

能力评估

ℹ Purpose & Capability

The name, description, and listed tools align with an authentication/compliance audit pack. However, the SKILL.md lists eight command-line-style tools but the skill provides no code or binaries itself; it declares a dependency on 'mcp-openclaw-extensions >= 3.0.0' in the SKILL.md metadata, implying those implementations must come from that extension. This is a reasonable design but depends entirely on that external package being present and trustworthy.

ℹ Instruction Scope

Runtime instructions show invoking tools like openclaw_oauth_oidc_audit with a config_path (e.g., /path/to/config.json). The instructions do not ask the agent to read unrelated system files or environment variables, but they do assume access to user-supplied config files — which may contain secrets. The SKILL.md also includes a caution that generated content needs human validation.

✓ Install Mechanism

No install spec and no code files: lowest-risk distribution model. The skill is instruction-only and therefore does not write files or download archives itself. The only install-related requirement is the declared dependency on 'mcp-openclaw-extensions >= 3.0.0', but there is no install step provided here.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. This is proportionate to the stated purpose of being an audit/instruction pack. Caveat: the external tools it invokes (from the required extension) may in practice need credentials or access to config files containing secrets — the SKILL.md does not document those runtime needs.

✓ Persistence & Privilege

Flags show the skill is not always-enabled and allows user invocation; model invocation is enabled by default (normal). The skill does not request persistent system presence or modifications to other skills. Because it can be invoked autonomously by the agent, users should be mindful that running the audits could cause the agent to read configuration files if instructed.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install firm-auth-compliance-pack
安装完成后，直接呼叫该 Skill 的名称或使用 /firm-auth-compliance-pack 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — 8 tools: OAuth/OIDC, token scope, deprecation, GDPR, DID, routing

元数据

Slug firm-auth-compliance-pack

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题