← 返回 Skills 市场
2482
总下载
1
收藏
5
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-hardener
功能描述
Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.
安全使用建议
This skill appears to be what it claims, but it can modify your repository and gateway config. Before using it: 1) Run in 'check' mode only first and review all findings. 2) When it prints a config.patch, manually inspect the patch JSON before running 'apply-config'. 3) Back up your repo and ~/.openclaw (or use a disposable environment) before running 'fix' or 'apply-config'. 4) Ensure the OpenClaw CLI on your system is authentic and that you understand which gateway/account the CLI will affect. 5) Optionally review scripts/hardener.py yourself (it includes redaction logic but no guarantees). If you do not trust the skill's source, avoid running fix/apply actions and stick to read-only checks.
功能分析
Type: OpenClaw Skill
Name: openclaw-hardener
Version: 0.1.2
The OpenClaw Hardener skill is classified as benign. Its stated purpose is to enhance the security posture of an OpenClaw installation, which is directly supported by its functionality. While the skill utilizes high-risk capabilities such as broad filesystem read/write access within the repository and `~/.openclaw` directories, and executes subprocesses (`openclaw`, `bash`, `git`, `python3`), these are explicitly declared in `openclaw-skill.json` and are necessary for a security hardening tool. The `hardener.py` script demonstrates good security practices by redacting sensitive information from output, making fixes opt-in, and explicitly denying filesystem access to critical system paths like `/etc/**` and `/root/**`. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, or prompt injection attempts against the agent.
能力评估
Purpose & Capability
The name/description match the actual behavior: the script scans the workspace and ~/.openclaw, runs the OpenClaw CLI audit, and can produce/apply config.patch plans. Declared filesystem and subprocess permissions (read/write <repo>/** and ~/.openclaw/**; allow openclaw, git, bash, python3, etc.) are consistent with these tasks. Note: write access to the repo and ~/.openclaw is powerful but is needed to implement fixes and to store/adjust local config.
Instruction Scope
SKILL.md requires running scripts/hardener.py with explicit 'check', 'fix', 'plan-config', and 'apply-config' modes. The script adheres to the stated 'default = check-only' rule and includes redaction logic. However 'plan-config' and especially 'apply-config' call the OpenClaw gateway (config.get / gateway call) and can change runtime policy; those steps are high-impact and must be reviewed by the user before applying. The script reads many repo files (including .env and config) — redaction is implemented but review is advised.
Install Mechanism
There is no installer; it's an instruction-only skill with a bundled Python script. Nothing is downloaded or extracted from remote URLs during install, which minimizes install-time risk.
Credentials
The skill does not request environment variables or external credentials explicitly. It relies on local OpenClaw CLI and repo access, which is proportionate. Be aware that gateway CLI calls will use whatever OpenClaw credentials/config are already present — the skill can therefore affect systems accessible via your CLI auth without requesting new secrets.
Persistence & Privilege
always:false (normal). The skill is allowed to write to <repo>/** and ~/.openclaw/** and can apply gateway patches — these are legitimate for a hardener but are impactful. The skill does not modify other skills' configs, but because it can change gateway configuration and repository files, you should treat apply/fix operations as privileged actions and explicitly review them.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-hardener - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-hardener触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Improve description/summary for discoverability
v0.1.1
Add discovery tags + bump version
v0.1.0
Initial release: OpenClaw audit + workspace hygiene + config patch planning
元数据
常见问题
OpenClaw Hardener 是什么?
Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2482 次。
如何安装 OpenClaw Hardener?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-hardener」即可一键安装,无需额外配置。
OpenClaw Hardener 是免费的吗?
是的,OpenClaw Hardener 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Hardener 支持哪些平台?
OpenClaw Hardener 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Hardener?
由 virtaava(@virtaava)开发并维护,当前版本 v0.1.2。
推荐 Skills