← 返回 Skills 市场
permission-auditor
作者
jpengcheng523-netizen
· GitHub ↗
· v1.0.0
· MIT-0
151
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jpeng-permission-auditor
功能描述
Audit tool usage patterns and permissions to identify security risks and excessive access. Use when you need to review tool usage, check for permission issue...
使用说明 (SKILL.md)
Permission Auditor
Review tool usage and permissions.
Usage
const { auditToolUsage, checkPermissions, generateReport } = require('./skills/permission-auditor');
// Audit tool usage from logs
const audit = auditToolUsage(toolLogs);
// Check if permissions are excessive
const issues = checkPermissions(requiredPermissions, grantedPermissions);
// Generate security report
const report = generateReport(audit);
CLI
node skills/permission-auditor/index.js demo
Features
- Tool usage pattern analysis
- High-risk operation detection
- Permission scope verification
- Security recommendations
- Audit report generation
安全使用建议
This skill appears to be an honest permission-auditing utility: its code analyzes logs and permission lists and returns reports. Before installing, note the packaging/instruction mismatches (SKILL.md points to a 'skills/' subfolder while the code is at the repo root, and package.json references a main() that isn't exported). These are likely benign mistakes but will break the example CLI/test commands. Recommended steps: (1) review the full index.js to confirm there are no hidden network/file operations (the visible code is local and safe); (2) run it in an isolated environment (or inspect/run the demo function) rather than granting any credentials; (3) if you plan to use it long-term, fix the module paths or exports (export a main/demo function or update SKILL.md) so behavior is explicit. If you need higher assurance, request the author clarify file layout and provide a build/install script or tests that demonstrate expected behavior.
功能分析
Type: OpenClaw Skill
Name: jpeng-permission-auditor
Version: 1.0.0
The permission-auditor skill is a security tool designed to analyze tool usage logs and permission sets for potential risks. It identifies patterns like high 'exec' usage, excessive permissions, and wildcard access, providing a security score and recommendations. The implementation in index.js is purely analytical, contains no external network calls or file system modifications, and aligns perfectly with its stated purpose.
能力评估
Purpose & Capability
The name, description, and included code implement permission and tool-usage auditing (analyzing logs, flagging excessive permissions, generating reports). The required capabilities (none) are proportional to the stated purpose.
Instruction Scope
SKILL.md shows usage examples that require modules at './skills/permission-auditor' and a CLI path 'node skills/permission-auditor/index.js demo', but the package contains index.js at the repository root (no 'skills/' subfolder). package.json test script calls require('./index.js').main(), but the source provides a demo() function and appears not to export a main() function. This is a packaging / doc mismatch (likely a benign packaging error) but means the supplied instructions/CLI may not work as written.
Install Mechanism
There is no install spec and no downloads or external installers. The skill is instruction + a local JS file only, which minimizes install-time risk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code likewise does not read environment variables, network endpoints, or attempt to access system credentials.
Persistence & Privilege
The skill is not forced-always and does not request persistent system privileges. Autonomous invocation is allowed by default (platform normal), but the skill itself does not attempt to modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jpeng-permission-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/jpeng-permission-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Permission Auditor.
- Analyze tool usage patterns and detect high-risk operations.
- Verify permission scopes to identify excessive or risky access.
- Generate security audit reports with actionable recommendations.
- Includes both JavaScript API and CLI usage instructions.
元数据
常见问题
permission-auditor 是什么?
Audit tool usage patterns and permissions to identify security risks and excessive access. Use when you need to review tool usage, check for permission issue... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 151 次。
如何安装 permission-auditor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jpeng-permission-auditor」即可一键安装,无需额外配置。
permission-auditor 是免费的吗?
是的,permission-auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
permission-auditor 支持哪些平台?
permission-auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 permission-auditor?
由 jpengcheng523-netizen(@jpengcheng523-netizen)开发并维护,当前版本 v1.0.0。
推荐 Skills