← 返回 Skills 市场
Network Log Analysis
作者
Vahagn Madatyan
· GitHub ↗
· v1.0.0
· MIT-0
110
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install network-log-analysis
功能描述
Device-level network log analysis using raw syslog data without SIEM platforms. Guides forensic timeline construction from rsyslog/syslog-ng collectors, devi...
安全使用建议
This skill appears coherent for offline syslog forensic work. Before installing, verify how your agent/platform will obtain access to the syslog collector and network devices: provide only read-only SSH/console credentials and limit filesystem access to the collector log directories. Be aware log files may contain sensitive data (IPs, usernames, session identifiers); ensure your agent is not allowed to exfiltrate logs or send them to external endpoints. Because the skill runs shell-style parsing commands, confirm the execution environment (GNU date vs BSD date) and test parsing one-liners on a non-production sample. If you want extra caution, restrict the skill's runtime network egress or require manual invocation rather than allowing broad autonomous runs.
功能分析
Type: OpenClaw Skill
Name: network-log-analysis
Version: 1.0.0
The skill bundle provides a comprehensive framework for network log analysis but contains shell command injection vulnerabilities in SKILL.md and references/cli-reference.md. Specifically, several awk one-liners use the 'getline' function to execute the 'date' command using unsanitized fields from log files (e.g., $1, $2, $3) as arguments. This allows for potential remote code execution (RCE) if an attacker can inject shell metacharacters into the syslog headers of the files being analyzed.
能力评估
Purpose & Capability
The name/description (syslog-based network log analysis) match the instructions and reference materials: examining /etc/rsyslog.conf, /etc/syslog-ng/, /var/log/*, device CLI commands, and using grep/awk/sort is exactly what you'd expect for this task. No unrelated services, binaries, or credentials are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to read collector config files and log directories (e.g., /etc/rsyslog.conf, /var/log/*) and to query devices via CLI (show logging, show ntp). That scope is appropriate for forensic timeline work, but it assumes the agent has SSH/console access and read permissions; ensure any credentials given are least-privilege (read-only). The instructions do not direct data to external endpoints or perform unexpected collection beyond logs and device config/status.
Install Mechanism
Instruction-only skill with no install steps, no downloaded artifacts, and no declared dependencies. This is the lowest-risk install posture.
Credentials
The skill declares no required environment variables or credentials, which is consistent because it expects direct access to syslog files and device CLIs provided by whatever platform or operator supplies credentials. Users should confirm how the agent/platform will provide SSH/device credentials and that those credentials are scoped to read-only access for the collector and devices.
Persistence & Privilege
always: false and no install behavior means the skill does not request permanent presence or elevated platform privileges. The default ability for the agent to invoke the skill autonomously is normal; it is not combined with other risky flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install network-log-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/network-log-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release: Skill for device-level network log analysis using raw syslog data, without reliance on SIEM platforms.
- Provides step-by-step guidance for forensic timeline construction using rsyslog/syslog-ng collectors, device console logs, and SNMP trap data.
- Covers syslog pattern recognition for Cisco IOS-XE, Juniper JunOS, and Arista EOS log formats, including severity/facility mapping.
- Explains multi-device event correlation and timeline reconstruction using standard Unix tools (grep, awk, sort, sed) and NTP-aware timestamp normalization.
- Includes guidance on anomaly detection via baseline deviation and log retention policy verification.
- Prerequisites, stepwise procedures, and references to CLI one-liners and syslog pattern catalogs are documented.
元数据
常见问题
Network Log Analysis 是什么?
Device-level network log analysis using raw syslog data without SIEM platforms. Guides forensic timeline construction from rsyslog/syslog-ng collectors, devi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 Network Log Analysis?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install network-log-analysis」即可一键安装,无需额外配置。
Network Log Analysis 是免费的吗?
是的,Network Log Analysis 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Network Log Analysis 支持哪些平台?
Network Log Analysis 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Network Log Analysis?
由 Vahagn Madatyan(@vahagn-madatyan)开发并维护,当前版本 v1.0.0。
推荐 Skills