← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install gh-securitysuite
功能描述
Comprehensive agent security platform with 7 endpoints. Scan text for injection, audit SKILL.md files for malware and scope issues, generate detailed securit...
使用说明 (SKILL.md)
SecuritySuite
Full security platform for AI agents. Seven endpoints, one server.
Start the server
uvicorn securitysuite.app:app --port 8010
Endpoints
Scan text for prompt injection
curl -s -X POST http://localhost:8010/v1/scan-text \
-H "Content-Type: application/json" \
-d '{"text": "What is the weather?"}' | jq
Audit a SKILL.md (full check)
curl -s -X POST http://localhost:8010/v1/audit \
-H "Content-Type: application/json" \
-d "{\"skill_content\": $(cat SKILL.md | jq -Rs)}" | jq
Generate a security report with recommendations
curl -s -X POST http://localhost:8010/v1/report \
-H "Content-Type: application/json" \
-d "{\"skill_content\": $(cat SKILL.md | jq -Rs)}" | jq
Returns overall_rating, risk_level (LOW/MEDIUM/HIGH/CRITICAL), summary, findings_by_severity, recommendations, and details (each finding with category, severity, description, and fix).
List all known attack patterns
curl -s http://localhost:8010/v1/patterns | jq '.patterns[] | "\(.severity): \(.name) — \(.description)"' -r
Batch audit multiple skills
curl -s -X POST http://localhost:8010/v1/batch \
-H "Content-Type: application/json" \
-d "{\"skills\": [$(cat skill1.md | jq -Rs), $(cat skill2.md | jq -Rs)]}" | jq
Returns results (verdict per skill), safe_count, and flagged_count.
安全使用建议
This package appears to implement a local FastAPI-based security scanner — that matches its description — but the bundle is incomplete: the code imports products.promptguard, products.skillscan, and products.scopecheck which are not included in the package or listed in the install metadata. Before installing or running it, verify that (a) the missing 'products.*' dependencies are provided (or the package author publishes them), (b) the install metadata is corrected to list all PyPI packages required, and (c) you run the service in a sandboxed environment because pip installs can execute arbitrary code. Also review the source files yourself (or ask the author for a verified source/homepage) and be aware SKILL.md contains a prompt-injection test string — this is expected for an auditor but treat any input to the running server as untrusted data. If you want to proceed only after these checks pass, consider running the code in an isolated container and verifying pip packages come from trusted registries.
功能分析
Type: OpenClaw Skill
Name: gh-securitysuite
Version: 1.0.0
The gh-securitysuite skill is a security auditing platform for AI agents, providing a FastAPI-based server with endpoints for static analysis of skill files and text. It includes logic for detecting prompt injection, undeclared environment variables, and malicious patterns (e.g., credential harvesting, data exfiltration) based on a defined pattern catalog in securitysuite/reporter.py. While the core detection modules (products.*) are referenced but not provided in the file list, the available code in securitysuite/app.py and securitysuite/models.py is well-structured, transparent, and aligns perfectly with the stated purpose of providing security reports and risk assessments.
能力评估
Purpose & Capability
Name, description, SKILL.md examples, and the FastAPI endpoints in the code are consistent with a local security/audit service. However, the Python code imports modules under products.* (products.promptguard, products.skillscan, products.scopecheck) that are not provided in the file manifest or declared in the install metadata, which means the bundle as published is incomplete or mis-declared.
Instruction Scope
SKILL.md instructions are limited to starting a local uvicorn server and sending SKILL.md or text to the server for scanning/audit/batch operations. The examples explicitly read local SKILL.md/skill files and send them to the local server (expected for an auditor). No instructions ask the agent to read unrelated system files or exfiltrate secrets, though the SKILL.md does contain text that matched a prompt-injection detector (see scan_findings_in_context).
Install Mechanism
Install metadata indicates pip-installable dependencies (fastapi, uvicorn, pydantic, pyyaml) which is reasonable. But the code depends on additional modules under products.* that are not declared or included; runtime will fail unless those packages are present. The registry's single install entry shows an id/kind 'uv' which is unusual and may be a packaging/metadata error. No external downloads or obfuscated install URLs are present.
Credentials
The skill declares no required environment variables or credentials, and SKILL.md doesn't request secrets. The reporter code warns about env access when it is detected in audited skills, which is appropriate. No disproportionate credential requests are present in the bundle itself.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It runs as a local server when started and does not modify other skills or system configs in the provided code.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gh-securitysuite - 安装完成后,直接呼叫该 Skill 的名称或使用
/gh-securitysuite触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Updated description for greater clarity on endpoints and features.
- Improved metadata and installation instructions; added emoji and standardized package management.
- Condensed usage examples and enhanced curl command syntax using jq for better readability.
- Clarified endpoint outputs, especially for security reports and batch operations.
- Streamlined document structure for faster onboarding and reference.
v0.1.0
Initial release of gh-securitysuite — a comprehensive security platform for AI agent skills.
- Provides 7 API endpoints: text scan, skill scan, scope analysis, auditing, detailed reporting, pattern catalog, and batch operations.
- Scans text and SKILL.md files for common security risks and prompt injection patterns.
- Offers security scope checks and full audits with actionable recommendations.
- Batch capability to audit multiple skills at once.
- Report endpoint generates structured, severity-grouped security findings for easy review.
- Easy installation and server start instructions included.
元数据
常见问题
Securitysuite 是什么?
Comprehensive agent security platform with 7 endpoints. Scan text for injection, audit SKILL.md files for malware and scope issues, generate detailed securit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 Securitysuite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gh-securitysuite」即可一键安装,无需额外配置。
Securitysuite 是免费的吗?
是的,Securitysuite 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Securitysuite 支持哪些平台?
Securitysuite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Securitysuite?
由 mirni(@mirni)开发并维护,当前版本 v1.0.0。
推荐 Skills