← 返回 Skills 市场
hichana

One Skill To Rule Them All

作者 hichana · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
1980
总下载
3
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install one-skill-to-rule-them-all
功能描述
Security auditing skill that detects malicious patterns like prompt injection, data exfiltration, obfuscation, and privilege escalation in OpenClaw SKILL.md...
安全使用建议
This skill is coherent for its stated purpose (auditing SKILL.md files) and does not request credentials or install software. Before using it, check the source/author (no homepage/source listed here). Be careful when asking it to 'analyze' a file path — it may read any file you point it at, so do not supply paths to secrets (e.g., ~/.ssh, ~/.aws/credentials, .env) unless you intend the tool to examine them. When requesting a 'cleaned' version, review the output carefully before using it, since automated removals can alter intended behavior or leak snippets from the reviewed file.
功能分析
Type: OpenClaw Skill Name: one-skill-to-rule-them-all Version: 1.0.0 The OpenClaw skill 'OSTRTA: One Skill To Rule Them All' is a security analysis tool designed to audit other OpenClaw skills. Its `SKILL.md` comprehensively defines various threat categories (e.g., prompt injection, data exfiltration, obfuscation) as patterns to *detect* in *other* skills, not as instructions for the analyzing agent to execute. The instructions within the skill are entirely focused on performing security analysis, reporting findings, and optionally providing cleaned versions of *other* skills. Explicit disclaimers state the skill will not execute code, make network requests, or modify content, reinforcing its benign intent and alignment with its stated purpose.
能力评估
Purpose & Capability
The SKILL.md describes a security-analysis tool for auditing other SKILL.md files. There are no declared env vars, binaries, or install steps beyond reading the skill text — that aligns with the stated purpose.
Instruction Scope
The instructions ask the agent to analyze pasted content or a provided file path and to produce cleaned versions on request. That is reasonable for an analyzer, but it means the agent may read any file path you give it; the SKILL.md itself lists many sensitive paths to flag when auditing other skills (expected), but it does not itself instruct network exfiltration. Users should avoid pointing it at sensitive local files unless they intend that content to be examined.
Install Mechanism
No install spec and no code files are present (instruction-only), so nothing will be downloaded or written to disk by an installer — lowest-risk model.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md enumerates sensitive files and envs as detection targets (expected for a scanner) but does not ask for them.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request permanent system presence or to modify other skills' configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install one-skill-to-rule-them-all
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /one-skill-to-rule-them-all 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of OSTRTA: a security auditing skill for OpenClaw skill files. - Provides adversarial analysis of SKILL.md files to detect prompt injection, data exfiltration, obfuscation, and other security threats. - Delivers clear verdicts (CRITICAL/HIGH/MEDIUM/LOW/SAFE) with evidence and remediation recommendations. - Supports optional cleaning/remediation: can generate a "safe" version with threats removed. - Detects 9 detailed threat categories including prompt injection, credential/data exfiltration, code obfuscation, unverifiable dependencies, and privilege escalation. - Uses an "assume-malicious" posture and presents actionable, evidence-based security findings.
元数据
Slug one-skill-to-rule-them-all
版本 1.0.0
许可证
累计安装 5
当前安装数 5
历史版本数 1
常见问题

One Skill To Rule Them All 是什么?

Security auditing skill that detects malicious patterns like prompt injection, data exfiltration, obfuscation, and privilege escalation in OpenClaw SKILL.md... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1980 次。

如何安装 One Skill To Rule Them All?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install one-skill-to-rule-them-all」即可一键安装,无需额外配置。

One Skill To Rule Them All 是免费的吗?

是的,One Skill To Rule Them All 完全免费(开源免费),可自由下载、安装和使用。

One Skill To Rule Them All 支持哪些平台?

One Skill To Rule Them All 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 One Skill To Rule Them All?

由 hichana(@hichana)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论