← 返回 Skills 市场
1585
总下载
0
收藏
3
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-egress
功能描述
Network data loss prevention for agent workspaces. Scans skills and files for outbound URLs, data exfiltration endpoints, suspicious domains, and network function calls. Maps every external connection. Free alert layer — upgrade to openclaw-egress-pro for blocking, quarantine, and URL allowlists.
安全使用建议
This skill largely does what it says — scanning for outbound URLs and network calls — but the bundled script contains code paths for saving an allowlist and for quarantining/modifying skills (renaming directories, inserting block comments). The SKILL.md and README emphasize 'alert-only' for the free version yet the code includes modification capabilities; source/homepage are not provided. Before installing or running: (1) review the full scripts (search for rename/move, os.remove, shutil.move, write/open calls that change other directories), (2) run scans on a copy or a non-production workspace first, (3) back up your workspace/skills, (4) prefer running with --skills-only and in read-only mode if available, and (5) avoid granting broad write access if you don’t trust the source. If you need absolute assurance, ask the publisher for a provenance URL or a signed release and/or run the script in an isolated container or VM.
功能分析
Type: OpenClaw Skill
Name: openclaw-egress
Version: 1.0.2
This skill is designed as a Network DLP tool, which is a security-focused purpose. However, it possesses high-risk capabilities, including reading all files in the workspace, modifying code files by commenting out lines, and disabling other skills by renaming their directories. While these actions are intended for defensive purposes (blocking exfiltration, quarantining compromised skills), the power to alter code and disable components within the agent's workspace constitutes a significant capability that, if misused or buggy, could lead to denial of service or unintended code changes. The `scripts/egress.py` file contains the logic for these modifications, particularly in the `_block_lines`, `cmd_block`, `cmd_quarantine`, and `cmdtect` functions. The `SKILL.md` and `README.md` files are clean and do not contain prompt injection attempts.
能力评估
Purpose & Capability
Name/description match the code's scanning capabilities (URL detection, network-call heuristics). Requiring only python3 is proportionate. However, the package also contains constants and helper functions for quarantine and allowlist persistence (QUARANTINE_PREFIX, BLOCK_COMMENT, save_allowlist) which go beyond a read-only scanner and are not clearly declared in SKILL.md's 'free alert' description.
Instruction Scope
SKILL.md documents only scanning, domain listing, and status commands and promises 'everything runs locally' with no external I/O. The script's header and constants indicate functionality to quarantine skills and enforce allowlists (which implies modifying files/directories). The instructions do not warn that running the script could rename directories, write .egress-allowlist.json, insert block comments, or otherwise modify workspace/skills.
Install Mechanism
No install spec; the skill is shipped as a script and README. That's low-risk from supply-chain/remote-download perspective. It does include an actual script file (not instruction-only), so there is executable code to review.
Credentials
The skill requests no credentials and only python3, which is appropriate for scanning. However the script reads and writes inside the user's workspace (loads/saves an allowlist file and likely can quarantine/modify other skill directories). That level of filesystem write access should be explicitly declared and justified; it is not surfaced clearly in the SKILL.md usage examples.
Persistence & Privilege
The skill is not always-enabled and not force-installed, which is good. However the code appears able to modify other skills (quarantine via directory rename/prefix and potentially inject block comments) and to persist an allowlist in the workspace. Modifying other skills' files or directories without an explicit, visible opt-in is a privileged action and a notable risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-egress - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-egress触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Removed references and instructions for upgrading to "openclaw-egress-pro" in documentation.
- Updated SKILL.md and README.md to clarify current feature set (no mention of blocking or premium features).
- No code logic changes; updates focus on making documentation accurate and concise.
v1.0.1
- Updated README.md for clarity and documentation improvements.
- No functional changes to the code or features.
v1.0.0
Initial release of openclaw-egress: network data loss prevention (DLP) for agent workspaces.
- Scans skills and files for outbound URLs, data exfiltration endpoints, suspicious domains, and network function calls.
- Maps every external connection in the workspace.
- Provides full scan, skills-only scan, domain mapping, and status commands via a Python script.
- Uses only the Python standard library; no external dependencies.
- Alerts on risks from critical (exfiltration endpoints) to info (unknown external URLs).
- Free alerting layer; blocking actions available with openclaw-egress-pro.
元数据
常见问题
Openclaw Egress 是什么?
Network data loss prevention for agent workspaces. Scans skills and files for outbound URLs, data exfiltration endpoints, suspicious domains, and network function calls. Maps every external connection. Free alert layer — upgrade to openclaw-egress-pro for blocking, quarantine, and URL allowlists. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1585 次。
如何安装 Openclaw Egress?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-egress」即可一键安装,无需额外配置。
Openclaw Egress 是免费的吗?
是的,Openclaw Egress 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Egress 支持哪些平台?
Openclaw Egress 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 Openclaw Egress?
由 AtlasPA(@atlaspa)开发并维护,当前版本 v1.0.2。
推荐 Skills