← 返回 Skills 市场
Firm Ecosystem Audit Pack
作者
romainsantoli-web
· GitHub ↗
· v1.0.0
306
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install firm-ecosystem-audit-pack
功能描述
Ecosystem differentiation audit pack. MCP firewall, RAG pipeline, sandbox exec, context health, provenance tracking, cost analytics, and token budget optimiz...
使用说明 (SKILL.md)
firm-ecosystem-audit-pack
⚠️ Contenu généré par IA — validation humaine requise avant utilisation.
Purpose
Audits ecosystem differentiation features: MCP tool call firewall policies, RAG pipeline integrity, sandbox execution security, context window health, SHA-256 provenance tracking, cost analytics, and token budget optimization.
Tools (7)
| Tool | Description | Severity |
|---|---|---|
openclaw_mcp_firewall_check |
MCP tool call firewall policy validation | HIGH |
openclaw_rag_pipeline_check |
RAG pipeline integrity audit | HIGH |
openclaw_sandbox_exec_check |
Sandbox execution security | HIGH |
openclaw_context_health_check |
Context window health monitoring | MEDIUM |
openclaw_provenance_tracker |
SHA-256 append-only provenance chain | MEDIUM |
openclaw_cost_analytics |
Session cost analytics | MEDIUM |
openclaw_token_budget_optimizer |
Token budget optimization | MEDIUM |
Usage
skills:
- firm-ecosystem-audit-pack
# Run ecosystem audit:
openclaw_mcp_firewall_check config_path=/path/to/config.json
openclaw_rag_pipeline_check config_path=/path/to/config.json
openclaw_cost_analytics session_data='{"model":"claude-4","tokens_in":1000}'
Requirements
mcp-openclaw-extensions >= 3.0.0
安全使用建议
This skill is a manifest that calls seven platform audit tools provided by an external extension (mcp-openclaw-extensions >= 3.0.0). Before installing or running it: (1) Verify you have and trust the mcp-openclaw-extensions package (review its code or vendor/source). (2) Confirm what each openclaw_* tool does and what files/paths it will read or execute — the SKILL.md is terse and delegates behavior. (3) Be cautious when supplying config_path or session_data (they may contain secrets); only point to files you expect an audit to read. (4) If sandbox_exec or firewall-check tools can execute code or change policies, restrict their permissions or run in an isolated environment and perform a human review of results. If you cannot review the external extension or cannot trust its source, do not enable this skill.
功能分析
Type: OpenClaw Skill
Name: firm-ecosystem-audit-pack
Version: 1.0.0
The skill bundle, consisting of `_meta.json` and `SKILL.md`, describes an 'Ecosystem differentiation audit pack' with tools for firewall policy validation, RAG pipeline integrity, sandbox execution security, and cost analytics. The `SKILL.md` file contains no prompt injection attempts, malicious instructions for the AI agent, or any code. The described tools and their usage (e.g., `config_path=/path/to/config.json`) align with legitimate auditing functions, requiring access to configuration or session data for their stated purpose. There is no evidence of intentional harmful behavior, data exfiltration, persistence mechanisms, or other malicious activities.
能力评估
Purpose & Capability
The name/description (ecosystem audits: MCP firewall, RAG, sandbox, provenance, cost, token budget) matches the SKILL.md content. The SKILL.md declares a dependency on mcp-openclaw-extensions >= 3.0.0 which plausibly provides the listed openclaw_* audit tools.
Instruction Scope
SKILL.md is an instruction-only wrapper that expects seven platform tools (openclaw_*). It does not itself ask the agent to exfiltrate secrets, but usage examples show passing config_path and session_data — the skill assumes those tools will read files/inputs. The instructions are terse and leave execution detail to the external extension, so a human should verify exactly what each tool reads or runs (especially sandbox_exec and firewall checks).
Install Mechanism
No install spec or code files are included (lowest installer risk). The only declared requirement is mcp-openclaw-extensions >= 3.0.0 in SKILL.md metadata; the skill is effectively a manifest that delegates actual behavior to that extension.
Credentials
The skill requests no environment variables, credentials, or config paths itself. Example usage references a config_path provided by the user — reasonable for an audit tool, but the real access/control depends on the external extension's behavior.
Persistence & Privilege
always is false, agent invocation is permitted (platform default). The skill does not request persistent presence or modify other skills; no elevated persistence privileges are declared.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install firm-ecosystem-audit-pack - 安装完成后,直接呼叫该 Skill 的名称或使用
/firm-ecosystem-audit-pack触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — 7 tools: MCP firewall, RAG, sandbox, context, provenance, cost, token
元数据
常见问题
Firm Ecosystem Audit Pack 是什么?
Ecosystem differentiation audit pack. MCP firewall, RAG pipeline, sandbox exec, context health, provenance tracking, cost analytics, and token budget optimiz... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 306 次。
如何安装 Firm Ecosystem Audit Pack?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install firm-ecosystem-audit-pack」即可一键安装,无需额外配置。
Firm Ecosystem Audit Pack 是免费的吗?
是的,Firm Ecosystem Audit Pack 完全免费(开源免费),可自由下载、安装和使用。
Firm Ecosystem Audit Pack 支持哪些平台?
Firm Ecosystem Audit Pack 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Firm Ecosystem Audit Pack?
由 romainsantoli-web(@romainsantoli-web)开发并维护,当前版本 v1.0.0。
推荐 Skills