← 返回 Skills 市场
jiansiting

Fortigate Configuration Skill

作者 jiansiting · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
180
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install fortigate-config
功能描述
自动配置 FortiGate 防火墙,支持基础策略管理及工控协议(Modbus、IEC104、S7等)的安全配置。
使用说明 (SKILL.md)

FortiGate 自动配置技能(工控增强版)

功能说明

本技能通过 FortiGate REST API 实现防火墙的自动化配置,特别增加了对工业控制系统(ICS)协议的支持。您可以:

  • 管理防火墙策略(增、删、改、查)
  • 管理地址对象
  • 配置 Industrial Connectivity(协议转换,仅 Rugged 系列)
  • 创建基于工控协议的服务对象(Modbus TCP、IEC104 等)
  • 创建针对工控协议的 IPS 配置文件
  • 添加工控协议策略并关联安全配置文件

许可证要求

使用工控协议签名功能需要以下许可证之一:

  • FortiGuard 工业安全服务
  • ATP(高级威胁防护)套装
  • UTP(统一威胁防护)套装

配置项

在使用本技能前,需要在 OpenClaw 的环境变量或配置文件中设置以下项:

配置项 说明 必填 默认值
FORTIGATE_HOST FortiGate 设备的 IP 地址或域名
FORTIGATE_TOKEN API 访问令牌
FORTIGATE_PORT API 端口 443
FORTIGATE_VERIFY_SSL 是否验证 SSL 证书 false

使用方法

@openclaw fortigate-config \x3C操作> \x3C参数(JSON 格式)>

基础操作

操作 说明 参数示例
list-policies 列出所有防火墙策略 {}
add-address 添加地址对象 {"name": "web-server", "subnet": "192.168.1.10/32"}
delete-address 删除地址对象 {"name": "web-server"}
add-policy 添加防火墙策略 {"name": "allow-web", "srcintf": "port1", "dstintf": "port2", "srcaddr": "all", "dstaddr": "all", "action": "accept"}
update-policy 更新防火墙策略 {"policyid": 1, "action": "deny", "name": "new-name"}

工控协议操作

操作 说明 参数示例
configure-icond 配置 Industrial Connectivity 服务(协议转换) {"interface": "internal1", "protocol_type": "modbus-serial-tcp", "tty_device": "serial0"}
create-industrial-service 创建工控协议服务对象 {"name": "modbus-tcp", "protocol": "TCP", "port": 502}
create-industrial-ips 创建工控 IPS 配置文件 {"name": "plc-protection", "protocols": ["Modbus", "IEC104"], "action": "monitor"}
add-industrial-policy 添加工控协议策略(带安全防护) {"name": "hmi-to-plc", "srcintf": "port1", "dstintf": "port2", "srcaddr": "hmi-net", "dstaddr": "plc-net", "service": "modbus-tcp", "ips_profile": "plc-protection"}

常见工控协议端口

协议 端口 描述
Modbus TCP TCP 502 工业自动化常用协议
IEC 104 TCP 2404 电力系统远程控制协议
S7 Plus TCP 102 西门子 PLC 协议
Ethernet/IP TCP 44818 Rockwell/ODVA 工业协议
DNP3 TCP 20000 电力/水务自动化协议

注意事项

  • 所有写操作(添加、删除、更新)均会先检查对象是否存在,避免重复创建或误删。
  • 输出格式优先使用表格(需安装 tabulate),否则使用简单文本对齐。
  • 生产环境请将 FORTIGATE_VERIFY_SSL 设为 true 并使用有效证书。

反馈与支持

如有问题,请联系 [email protected]

安全使用建议
This skill appears to do what it says (automate FortiGate configuration) and only asks for FortiGate connection info. Before installing: 1) Review the complete scripts/main.py (the source provided to me ends truncated — ensure you have the full file and inspect it for unexpected network calls or obfuscated code). 2) Treat FORTIGATE_TOKEN as highly sensitive: use a least-privilege API token/service account and store it in a secure secret store, not a plaintext env var if possible. 3) Set FORTIGATE_VERIFY_SSL=true and use valid certificates in production — the code disables SSL warnings and defaults to not verifying which risks MITM. 4) Test in a lab or on a non-production device first (these operations can change firewall and ICS connectivity). 5) If you allow autonomous invocation, be aware the agent could make changes to your firewall when the skill runs; consider limiting when/how the agent can call this skill. If you provide the full, untruncated source I can raise or lower confidence after reviewing it.
功能分析
Type: OpenClaw Skill Name: fortigate-config Version: 1.0.0 The skill is a legitimate automation tool for managing FortiGate firewall configurations via its REST API, with specific enhancements for Industrial Control Systems (ICS) protocols. The code in `scripts/main.py` implements standard CRUD operations for firewall policies, address objects, and industrial security profiles using the `requests` library. It follows security best practices by using environment variables for sensitive credentials (host and token) and includes options for SSL verification. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found.
能力评估
Purpose & Capability
The name/description, SKILL.md, and scripts/main.py all describe FortiGate REST API automation and consistently require FORTIGATE_HOST and FORTIGATE_TOKEN. Required capabilities match the stated purpose (policy/address/service/IPS/configuring industrial connectivity).
Instruction Scope
SKILL.md instructs only to set FortiGate connection variables and run operations tied to FortiGate; the runtime script only calls the FortiGate API and prints results. There is no evidence the skill reads unrelated files or exfiltrates data to third parties. However the script globally disables SSL warnings and defaults verification to false unless the env var is set, which broadens the risk surface for MITM if used with insecure settings.
Install Mechanism
No install spec is provided (instruction/code-only). requirements.txt is small and reasonable (requests, tabulate). No downloads from arbitrary URLs or archive extraction are present.
Credentials
Only FortiGate-related environment variables are declared (FORTIGATE_HOST, FORTIGATE_TOKEN, optional port/verify flag) and the script uses exactly those. This is proportionate, but granting the API token gives full ability to modify firewall configuration — the user should ensure the token has minimal necessary scope and is stored securely.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or agent-wide settings. It runs on-demand or via normal autonomous invocation.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install fortigate-config
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /fortigate-config 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
FortiGate-config 2.0.0 is a major update enhancing support for industrial protocols and automation: - Added automated configuration for FortiGate firewalls via REST API. - Introduced support for industrial control system (ICS) protocols: Modbus, IEC104, S7, etc. - Enabled management of firewall policies, address objects, and industrial protocol services. - Supported Industrial Connectivity configuration (protocol conversion, Rugged series only) and creation of ICS-specific IPS profiles and policies. - Improved safety checks to prevent duplicate or erroneous operations. - Updated usage instructions and clarified licensing requirements for industrial security features.
元数据
Slug fortigate-config
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Fortigate Configuration Skill 是什么?

自动配置 FortiGate 防火墙,支持基础策略管理及工控协议(Modbus、IEC104、S7等)的安全配置。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 180 次。

如何安装 Fortigate Configuration Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install fortigate-config」即可一键安装,无需额外配置。

Fortigate Configuration Skill 是免费的吗?

是的,Fortigate Configuration Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Fortigate Configuration Skill 支持哪些平台?

Fortigate Configuration Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Fortigate Configuration Skill?

由 jiansiting(@jiansiting)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论