← 返回 Skills 市场
104
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install mordred-security-sandbox
功能描述
Performs semantic security analysis and stress testing of AI agents using vector embeddings and multi-node defense strategies.
安全使用建议
This skill is broadly coherent with its stated purpose, but take these precautions before installing or running:
- Verify 'Ollama' is installed from an official source and that the local Ollama server will run on localhost:11434 as the code expects. The SKILL.md's 'pip install ollama' step may not be the correct installation method in all environments.
- Pulling models (nomic-embed-text, gemma3:4b) will download large model files; do this only on machines where you expect such downloads and storage.
- Run the script in an isolated/test environment first (not on production hosts). The tool may surface or suggest system-level actions (node keywords include 'sudo', 'rm -rf', 'killall', 'exploit'), and its stress tests could generate heavy load.
- Do not feed secrets or sensitive data into the tool or models unless you control the model environment and know its data handling policies.
- Treat its high-accuracy and 100% test claims skeptically; validate outputs against known cases before relying on them for critical decisions.
If you want higher confidence, share the full unabbreviated src/mordred_v4.1.py for a line-by-line review and confirm how the script handles unexpected responses from the Ollama server and whether it makes any external network calls beyond localhost.
功能分析
Type: OpenClaw Skill
Name: mordred-security-sandbox
Version: 4.1.1
The skill bundle provides a security analysis tool called 'Mordred' that uses local vector embeddings (via Ollama) to classify text into security-related categories. The core logic in 'src/mordred_v4.1.py' is transparent, communicating only with a local API (localhost:11434) to generate embeddings and perform cosine similarity calculations. There is no evidence of data exfiltration, unauthorized network access, or malicious command execution; the presence of sensitive strings like 'sudo' or 'rm -rf' in the code is strictly for keyword matching to identify urgent threats in user input.
能力标签
能力评估
Purpose & Capability
Name/description (semantic security analysis, embeddings, multi-node nodes) match the code and SKILL.md: the script calls a local Ollama embeddings endpoint and uses node profiles to compute STC scores. Requiring Ollama and embedding models is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs running a local Ollama server and pulling two models (nomic-embed-text and gemma3:4b) and then running the Python script. The instructions do not ask for unrelated files, secrets, or remote endpoints. However the docs make strong accuracy/performance claims (100% multilingual accuracy, 100% test pass rate) that are unrealistic. The node keyword lists include dangerous/capability keywords (e.g., 'sudo', 'rm -rf', 'killall', 'exploit', 'zeroday') — appropriate for detection but they also mean the tool may surface or suggest powerful system commands during red-team/stress tests, so treat outputs with caution.
Install Mechanism
This is instruction-only (no installer). SKILL.md directs users to 'pip install ollama' and to 'ollama pull' models. That is a low-risk, transparent install surface, but 'pip install ollama' may be incorrect for some Ollama distributions (Ollama is often installed as a native binary). Model pulls will download large model artifacts — expected for this purpose — and are from Ollama, not an unknown URL.
Credentials
The skill requires no environment variables, no credentials, and the code calls only a local host endpoint. There are no declared or required secrets, which is proportionate to the described functionality.
Persistence & Privilege
Skill is not always-enabled and has no install-time hooks or config writes described; it does not request elevated privileges or modify other skills. Autonomous model invocation is allowed by platform default (not a specific red flag here).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mordred-security-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/mordred-security-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.1.1
Complete documentation: 3 detailed examples, version history, MIT license, STC thresholds table added
v4.1.0
STC Calculator v4 with semantic embeddings, 16 security nodes, multilingual support (FR/EN/CN), embedding-based threat analysis via Ollama
元数据
常见问题
Morgana Mordred Security Sandbox 是什么?
Performs semantic security analysis and stress testing of AI agents using vector embeddings and multi-node defense strategies. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 104 次。
如何安装 Morgana Mordred Security Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mordred-security-sandbox」即可一键安装,无需额外配置。
Morgana Mordred Security Sandbox 是免费的吗?
是的,Morgana Mordred Security Sandbox 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Morgana Mordred Security Sandbox 支持哪些平台?
Morgana Mordred Security Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Morgana Mordred Security Sandbox?
由 Kofna3369(@kofna3369)开发并维护,当前版本 v4.1.1。
推荐 Skills