← 返回 Skills 市场
2378
总下载
3
收藏
16
当前安装
8
版本数
在 OpenClaw 中安装
/install openclaw-audit-watchdog
功能描述
Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting. Runs deep audits, creates or updates a recurring cron job,...
安全使用建议
This package is internally consistent with its stated purpose, but check the following before enabling: 1) Verify you trust the openclaw CLI and the skill source (README suggests downloading a release — verify signatures/URL if you use that path). 2) Review and confirm DM and optional email recipients (PROMPTSEC_DM_CHANNEL, PROMPTSEC_DM_TO, PROMPTSEC_EMAIL_TO) to avoid sending audit output to unintended parties. 3) Inspect which environment variables will be persisted into the cron payload (setup_cron.mjs lists PERSISTED_ENV_KEYS) and avoid baking any secrets you don't want stored in a recurring job. 4) If you enable suppressions, understand that they require both the --enable-suppressions flag and a config file sentinel; review any suppression files before enabling. 5) Optionally inspect the scripts (runner.sh, setup_cron.mjs, send_smtp.mjs) locally to confirm behavior and delivery paths (send_smtp can be pointed to a remote relay if you set PROMPTSEC_SMTP_HOST). If any of these checks fail or you cannot verify the release origin, do not enable the unattended cron.
功能分析
Type: OpenClaw Skill
Name: openclaw-audit-watchdog
Version: 0.1.4
The openclaw-audit-watchdog skill is a security monitoring tool designed to automate daily audits and report findings via DM or email. The codebase demonstrates high security maturity, featuring robust input sanitization for shell commands (setup_cron.mjs), email header cleaning to prevent injection (sendmail_report.sh, send_smtp.mjs), and a defense-in-depth suppression mechanism that requires both a CLI flag and a configuration sentinel to activate. All data delivery destinations are user-configured, and the instructions in SKILL.md are transparently aligned with the stated purpose of scheduling and executing security audits.
能力评估
Purpose & Capability
Name/description align with required binaries (openclaw, node, bash) and declared env vars (PROMPTSEC_DM_CHANNEL, PROMPTSEC_DM_TO). The scripts implement cron setup, run openclaw audits, render reports, and optionally send email — all coherent with the stated goal.
Instruction Scope
SKILL.md and scripts limit activity to installing/updating a cron job, running openclaw security audits, rendering a report, and delivering it via DM or optional email. The suppression loader reads only configured suppression config files and only activates when the explicit --enable-suppressions flag is set. The runner can optionally git-pull if PROMPTSEC_GIT_PULL=1; this is documented and optional.
Install Mechanism
No install spec is included in the registry (instruction-only with bundled scripts), which is low risk. README references a standalone download from a GitHub release — that network-download path is documented but not enforced by the registry manifest; if you follow that path verify the release source and archive integrity before installing.
Credentials
Only two required env vars are declared (DM channel and recipient). The skill documents and optionally uses many additional env vars (email/S MTP, install dir, audit config, git-pull toggle). setup_cron persists a set of environment keys into the cron payload (PROMPTSEC_* and OPENCLAW_AUDIT_CONFIG). This is proportionate for an unattended cron job but operators should review which env values will be baked into the job to avoid persisting sensitive values unintentionally.
Persistence & Privilege
The skill creates/updates an unattended openclaw cron job (persistence) which is consistent with its purpose. It is not always: true and requires operator confirmation (setup_cron prints a preflight). Because the cron payload persists selected env keys, review the persisted keys and recipients before enabling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-audit-watchdog - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-audit-watchdog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.4
Release 0.1.4 via CI
v0.1.3
- Test files and end-to-end test artifacts have been removed for a lighter codebase.
- Documentation updates in SKILL.md and CHANGELOG.md to reflect current operational/usage details.
- No functional or interface changes for users; cron setup and suppression features remain unchanged.
- Minor internal script/metadata adjustments.
v0.1.2
Release 0.1.2 via CI
v0.1.1
Release 0.1.1 via CI
v0.1.0
Release 0.1.0 via CI
v0.0.4
Release 0.0.4 via CI
v0.0.3
Release 0.0.3 via CI
v0.0.1
Release 0.0.1 via CI
元数据
常见问题
openclaw-audit-watchdog 是什么?
Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting. Runs deep audits, creates or updates a recurring cron job,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2378 次。
如何安装 openclaw-audit-watchdog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-audit-watchdog」即可一键安装,无需额外配置。
openclaw-audit-watchdog 是免费的吗?
是的,openclaw-audit-watchdog 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
openclaw-audit-watchdog 支持哪些平台?
openclaw-audit-watchdog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw-audit-watchdog?
由 davida-ps(@davida-ps)开发并维护,当前版本 v0.1.4。
推荐 Skills