← 返回 Skills 市场
craigmbrown

Massat Security Audit

作者 craigmbrown · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
84
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install massat-security-audit
功能描述
Security audit for multi-agent AI systems - OWASP ASI01-ASI10
安全使用建议
This skill is an instruction-only wrapper around an external audit API (craigmbrown.com / BlindOracle). Before installing: 1) Confirm the vendor (craigmbrown) and service reputation and review the privacy policy — the skill will send targets (repo URLs) over the network and could expose code or metadata. 2) Clarify payment handling: who provides the X-Payment token, how it's stored, and whether it should be supplied via a secure env var rather than embedded. 3) Ask why file_read permission is declared and whether the skill will ever read or upload local repositories or files; avoid giving it access to sensitive local repos unless necessary. 4) Test on non-sensitive or public repos first. If you need stronger assurance, request a signed provenance (homepage, source repo, or contact) and an explicit explanation of what data is transmitted to the external API.
功能分析
Type: OpenClaw Skill Name: massat-security-audit Version: 1.0.0 The skill bundle provides instructions for an AI agent to interface with an external security auditing API (BlindOracle) hosted at craigmbrown.com. It requests 'network' and 'file_read' permissions to perform OWASP-aligned audits on multi-agent systems by submitting a target URL to a remote endpoint. The documentation in SKILL.md is transparent about its functionality, pricing, and data requirements, with no evidence of malicious prompt injection, obfuscation, or unauthorized data exfiltration.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
The SKILL.md describes a MASSAT/BlindOracle network-based audit service and the shown curl examples align with that purpose. However the skill metadata in the runtime instructions declares file_read permission (but the examples never show reading local files), and the registry metadata lists no required env vars while the service requires an ecash payment header for paid audits. The missing homepage/source and an opaque owner ID are additional provenance gaps.
Instruction Scope
The instructions are narrow: POST a target repo URL to an external API and receive an audit report. They do not instruct reading unrelated system files or environment variables. That said, the declared permission set (network + file_read) is broader than what the examples use, and some claims (e.g., 'validate Microsoft AGT runtime governance') are vague and not mapped to concrete steps.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes on-disk footprint and install-time risk.
Credentials
Registry declares no required env vars, yet the SKILL.md requires a payment header (X-Payment: x402) for full audits. The skill also declares file_read permission without showing why it is needed. Sending repository URLs or potentially uploading code to an external endpoint (craigmbrown.com) is sensitive — the skill requests network access and possibly file reads that could expose secrets if the implementation were to upload or read local repos.
Persistence & Privilege
always is false and there is no install-time persistence. Autonomous invocation is allowed (platform default) but not combined with other high privileges in the manifest.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install massat-security-audit
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /massat-security-audit 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of blindoracle-massat-audit. - Provides comprehensive security audits for multi-agent AI systems, covering OWASP ASI01-ASI10 categories. - Returns risk scores, findings, and remediation priorities for each OWASP category. - Supports full (paid) and quick (free) scans via API. - Designed for use before deployment, after major changes, or for compliance validation. - Includes sample usage, response format, pricing details, and payment instructions.
元数据
Slug massat-security-audit
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Massat Security Audit 是什么?

Security audit for multi-agent AI systems - OWASP ASI01-ASI10. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。

如何安装 Massat Security Audit?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install massat-security-audit」即可一键安装,无需额外配置。

Massat Security Audit 是免费的吗?

是的,Massat Security Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Massat Security Audit 支持哪些平台?

Massat Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Massat Security Audit?

由 craigmbrown(@craigmbrown)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论