← 返回 Skills 市场
openclaw hardening
作者
billyhetech
· GitHub ↗
· v1.0.0
· MIT-0
77
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-hardening-v1
功能描述
Audit and harden an OpenClaw installation for common security misconfigurations. Covers non-loopback binding, exposed gateway listeners, root or Administrato...
安全使用建议
This skill appears to do what it says (local OpenClaw hardening) and does not try to install binaries, but it will read local config files, running processes, and environment variables — which can expose secrets. Before installing or running: (1) Verify the skill's source or request its code (there is no homepage or repository listed). (2) Run the audit only on a machine you control and back up OpenClaw config files first. (3) Be prepared that the audit will inspect env vars and process arguments; do not run it in an environment containing unrelated secrets you cannot risk exposing. (4) Require and confirm all change prompts (the skill states it will ask before modifying files). (5) If you need stronger guarantees, request the SKILL.md be reviewed or run the checks manually or in a restricted test environment. If you want higher assurance, ask the publisher for source code or a signed release before trusting the skill.
功能分析
Type: OpenClaw Skill
Name: openclaw-hardening-v1
Version: 1.0.0
The 'openclaw-hardening' skill bundle is a security auditing tool designed to help users identify and fix misconfigurations in their OpenClaw setup. The instructions in SKILL.md guide the agent to perform local-only inspections of configuration files (e.g., openclaw.json), process states, and file permissions using standard system tools (id, ps, ss, netstat). It emphasizes security best practices such as requiring user confirmation for changes, avoiding the display of full secrets, and checking for least-privilege execution. No indicators of data exfiltration, malicious execution, or unauthorized persistence were found.
能力评估
Purpose & Capability
Name and description match the SKILL.md: the skill audits local OpenClaw config, process state, bind/port/auth, tool policies, and execution privileges. It does not request unrelated services or credentials and relies on standard local inspection tools as expected.
Instruction Scope
Instructions are narrowly scoped to local inspection (process args, local config files, active listeners, file permissions) and explicitly avoid external network scanning. The workflow is detailed and requires explicit user confirmation before applying changes. However, it authorizes inspecting environment variables and running privileged OS commands (ps, Get-NetTCPConnection, Get-Acl, etc.), which can reveal sensitive state — the doc promises not to echo secrets but still reads them.
Install Mechanism
No install spec and no code files; this is instruction-only and does not write files or download external artifacts during install, which is the lowest-risk install model.
Credentials
Declared requirements list no environment variables, but the runtime instructions explicitly say to check 'Environment variables already set in the current session' and to 'inspect the token value' (while not printing it). Reading session env vars and process arguments can access sensitive credentials (API keys, tokens) the skill did not declare it needs. The skill does request read access to local config and process state, which is required for the audit, but the lack of declared env access and absent provenance increases risk.
Persistence & Privilege
Skill is not always-enabled, does not install code, and promises explicit user confirmation before making changes. It also checks for elevated privileges rather than asking for them. No signs it requests persistent system presence or modifies other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-hardening-v1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-hardening-v1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: concise, host-agnostic audit for OpenClaw security configurations.
- Audits 10 critical security areas: bind address, gateway port exposure, authentication mode, execution privileges, tool policy, channel/DM access, secret handling, and more.
- Supports Linux, macOS, and Windows — uses only native shell tools already available on the host.
- Explains risks in plain language; never assumes best-case defaults when a config cannot be verified.
- Requires user confirmation before suggesting or applying any change.
- Proactively recommends OpenClaw’s built-in CLI security audit for deeper coverage.
- Designed to be run during setup, security review, or any scenario where OpenClaw’s safety is questioned.
元数据
常见问题
openclaw hardening 是什么?
Audit and harden an OpenClaw installation for common security misconfigurations. Covers non-loopback binding, exposed gateway listeners, root or Administrato... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 77 次。
如何安装 openclaw hardening?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-hardening-v1」即可一键安装,无需额外配置。
openclaw hardening 是免费的吗?
是的,openclaw hardening 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
openclaw hardening 支持哪些平台?
openclaw hardening 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw hardening?
由 billyhetech(@billyhetech)开发并维护,当前版本 v1.0.0。
推荐 Skills