← 返回 Skills 市场
Jason's OpenClaw Security Scanner
作者
ITHACAJASON
· GitHub ↗
· v1.0.0
· MIT-0
234
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jason-openclaw-security-scanner
功能描述
扫描 OpenClaw 配置权限和安全隐患。当用户提到"安全扫描"、"权限检查"、"安全检查"、"扫描权限"、"检查配置安全"时使用此技能。输出具体漏洞内容、安全评分和修复建议,支持交互式一键修复。
使用说明 (SKILL.md)
OpenClaw 安全扫描器
扫描 OpenClaw 的配置、文件权限、敏感信息泄露,生成安全报告并支持交互式修复。
使用方法
# 扫描并显示报告
python3 scripts/scan_security.py
# 交互式修复(逐个询问)
python3 scripts/scan_security.py --interactive
# 自动修复所有问题
python3 scripts/scan_security.py --fix-all
# 修复指定问题
python3 scripts/scan_security.py --fix 0
扫描内容
| 类别 | 检查项 | 自动修复 |
|---|---|---|
| 操作规则 | 删除操作是否需人工确认 | ✅ 添加规则 |
| 配置权限 | 子代理权限、沙箱状态、公网暴露 | 部分 |
| 文件权限 | 目录权限 | ✅ chmod |
| 敏感信息 | API Key、密码、Token、私钥泄露 | ✅ .gitignore |
| 日志审计 | 错误统计、认证失败 | ❌ 仅提醒 |
工作流程
- 扫描 - 检测所有安全隐患
- 报告 - 显示安全评分和详细问题
- 修复建议 - 针对每个问题给出具体修复方案
- 询问确认 - 用户同意后执行修复
- 结果汇总 - 显示修复成功/失败
输出示例
🛡️ OpenClaw 安全扫描报告
📅 扫描时间: 2026-03-15 16:57
📊 安全评分: 25/100
📋 详细发现:
【1】[操作规则] 🟠 高危
问题: 未设置删除操作限制
详情: Agent 可能执行删除操作而不需要人工确认
🔧 可修复: 是
💡 发现 5 个可修复的问题,运行:
python3 scripts/scan_security.py --interactive
交互式修复示例
【问题 1】未设置删除操作限制
风险等级: 🟠 高危
📝 修复方案:
在文件中添加规则: 操作红线: 只能执行查询和修改,删除操作必须手动确认
是否执行此修复? (y/n/skip/all): y
✅ 已在 TOOLS.md 中添加操作红线规则
安全评分规则
- 100 分起
- 🔴 严重: -25 分
- 🟠 高危: -15 分
- 🟡 中危: -5 分
- 🟢 低危: -2 分
安全使用建议
This skill appears to be what it says: a local OpenClaw configuration and permission scanner that can also apply fixes. Before running: (1) review the script source if you are unsure; (2) run in read-only mode first (no --fix-all) to review findings; (3) prefer the interactive mode so you can approve each change; (4) back up important configuration files (e.g., openclaw.json, TOOLS.md) before using automatic fixes; (5) be cautious about any automated move of secrets into environment variables — ensure your environment management is secure. If you plan to let an autonomous agent call this skill, note it can modify files when invoked with fix flags, so restrict autonomous invocation or require explicit user confirmation.
功能分析
Type: OpenClaw Skill
Name: jason-openclaw-security-scanner
Version: 1.0.0
The skill bundle is a legitimate security utility designed to audit OpenClaw configurations and workspace files for vulnerabilities. The script `scripts/scan_security.py` performs local checks for hardcoded API keys, broad file permissions, and disabled sandboxes, providing an interactive mode to apply fixes like tightening permissions via `chmod` or updating `.gitignore`. It follows security best practices by masking sensitive data in its output and does not perform any network communication or data exfiltration.
能力评估
Purpose & Capability
The name and description claim a local OpenClaw security scanner; the skill includes a Python scanner that inspects OpenClaw config, workspace files, operation rules, permissions and sensitive data and offers fixes — these requirements are coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the included script and describes scanning of configuration files, directory permissions, operation rules and sensitive data. The script walks the user's workspace (~/.openclaw/workspace) and reads many files — this is expected for a scanner but means the skill will read potentially large amounts of local data. Fix actions (chmod, config edits, moving secrets to env vars, adding rules) are supported and are invoked explicitly via --interactive or --fix-all; ensure you understand which fixes will be applied.
Install Mechanism
No install spec; this is an instruction-only skill with one Python script. No external downloads or package installs are requested.
Credentials
The skill requires no environment variables or external credentials. It does suggest moving discovered secrets into environment variables as a remediation, which is reasonable for the purpose but not requested by the skill itself.
Persistence & Privilege
The skill is not always-enabled. It can modify local files when run with --interactive or --fix-all (auto-fix types include chmod, config updates, adding rules, and setting env vars). That file-modification ability is coherent with a remediation tool, but you should be aware it can change config and filesystem state when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jason-openclaw-security-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/jason-openclaw-security-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
OpenClaw Security Scanner 1.0.0 – Initial Release
- 新增 OpenClaw 配置与权限安全扫描功能,自动检测配置风险、文件权限、敏感信息泄露与操作合规性。
- 输出详细安全报告,包含安全评分、发现的问题及具体修复建议。
- 支持交互式一键修复、单项修复与自动修复全部问题,高危项可自动处理。
- 扫描内容覆盖操作规则、配置权限、文件权限、敏感信息、日志审计。
- 提供示例命令及输出,便于快速上手。
元数据
常见问题
Jason's OpenClaw Security Scanner 是什么?
扫描 OpenClaw 配置权限和安全隐患。当用户提到"安全扫描"、"权限检查"、"安全检查"、"扫描权限"、"检查配置安全"时使用此技能。输出具体漏洞内容、安全评分和修复建议,支持交互式一键修复。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 234 次。
如何安装 Jason's OpenClaw Security Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jason-openclaw-security-scanner」即可一键安装,无需额外配置。
Jason's OpenClaw Security Scanner 是免费的吗?
是的,Jason's OpenClaw Security Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Jason's OpenClaw Security Scanner 支持哪些平台?
Jason's OpenClaw Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Jason's OpenClaw Security Scanner?
由 ITHACAJASON(@ithacajason)开发并维护,当前版本 v1.0.0。
推荐 Skills