← 返回 Skills 市场
252
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install neckr0ik-security-fixer
功能描述
Auto-fix security vulnerabilities in OpenClaw skills. Works with neckr0ik-security-scanner to automatically remediate hardcoded secrets, shell injection risk...
安全使用建议
This fixer appears to implement the advertised remediations, but take these precautions before running it on real code: 1) Verify you have the required scanner/audit module (neckr0ik-security-scanner or an audit.py) installed — the fixer imports 'audit' but the package does not declare or include it. 2) Always run with --dry-run first and keep backups (or use the backup option) to inspect changes before applying. 3) Review generated .env.example and .gitignore to ensure no sensitive data is leaked. 4) Expect the tool to insert imports and helper functions; check for duplicate imports or broken indentation. 5) Do not run with --auto on system-critical directories or repos you can't restore from backup. 6) If you will allow autonomous agent invocation of this skill, restrict its scope (target paths) and require human confirmation for applying fixes to production code.
功能分析
Type: OpenClaw Skill
Name: neckr0ik-security-fixer
Version: 1.0.0
The skill bundle is a legitimate security remediation tool designed to automatically fix common vulnerabilities like hardcoded secrets, shell injection, and path traversal in other OpenClaw skills. The core logic in `scripts/fixer.py` uses standard library modules to perform regex-based code replacement, creates backups before modification, and generates `.env.example` templates, all of which align with its stated purpose without evidence of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The name/description match the included code: fixer.py generates and applies fixes for secrets, shell injection, prompt injection, path traversal, and pinned deps. However, fixer.py imports an 'audit' module (audit_skill, Vulnerability, Severity) that is not included in the package and no dependency or install step declares the required scanner package. The SKILL.md references 'neckr0ik-security-scanner' but the registry metadata does not declare it as a required dependency — verify the scanner is installed separately or this will fail.
Instruction Scope
Runtime instructions and the script intentionally read, modify, and write files under the target skill path (create backups, write .env.example, update .gitignore). This is expected for a fixer, but it means the agent or user must trust the tool to modify code. The SKILL.md provides dry-run and backup options, and the script prints review messages for manual items — that's good. The fixer inserts code snippets (imports, helpers) directly into files which may break code or duplicate imports; expect some manual review.
Install Mechanism
No install spec is provided (instruction-only plus included fixer.py). That reduces supply-chain risk since nothing is downloaded at install time. But because the scanner dependency is not declared, the runtime may fail unless the user has the scanner/audit module installed from elsewhere.
Credentials
The skill requests no environment variables or credentials. The templates it generates include common API key names (OPENAI_API_KEY, ANTHROPIC_API_KEY, GITHUB_TOKEN, DB_PASSWORD) which is consistent with its purpose (moving hardcoded secrets to env vars). There is no evidence the skill itself attempts to read arbitrary environment variables beyond creating a .env.example.
Persistence & Privilege
always is false (not force-included) and it doesn't request system-level persistence. It does modify files under the given skill path (expected). The default behavior allowing autonomous invocation is standard for skills; combine that with file-modifying behavior only if you plan to allow autonomous runs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install neckr0ik-security-fixer - 安装完成后,直接呼叫该 Skill 的名称或使用
/neckr0ik-security-fixer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of neckr0ik-security-fixer.
- Automatically remediates hardcoded secrets, shell injection, prompt injection, and path traversal vulnerabilities in OpenClaw skills.
- Integrates with neckr0ik-security-scanner for seamless vulnerability detection and fixing.
- Generates secure code replacements and .env.example templates, updating .gitignore as needed.
- Supports auto-fix, interactive fixes, dry-run mode, and backup file creation.
- Outputs detailed reports and flags issues needing manual review.
元数据
常见问题
Neckr0ik Security Fixer 是什么?
Auto-fix security vulnerabilities in OpenClaw skills. Works with neckr0ik-security-scanner to automatically remediate hardcoded secrets, shell injection risk... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 252 次。
如何安装 Neckr0ik Security Fixer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install neckr0ik-security-fixer」即可一键安装,无需额外配置。
Neckr0ik Security Fixer 是免费的吗?
是的,Neckr0ik Security Fixer 完全免费(开源免费),可自由下载、安装和使用。
Neckr0ik Security Fixer 支持哪些平台?
Neckr0ik Security Fixer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Neckr0ik Security Fixer?
由 Neckr0ik(@neckr0ik)开发并维护,当前版本 v1.0.0。
推荐 Skills