← 返回 Skills 市场
openclaw-pc-security
作者
Vincent_Openclaw
· GitHub ↗
· v2.0.1
· MIT-0
440
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install openclaw-pc-security
功能描述
Local security self-check for your Windows PC and OpenClaw server setup (password protection, port, and exposure), producing a local report.
安全使用建议
This package appears to do what it says: local Windows posture checks and optional OpenClaw network probing. Important things to consider before running:
- Only run active scans (--ports, credential checks, exposure checks) against machines and networks you own or have explicit permission to test. The code will attempt default-login POSTs to /login and GETs to unauthenticated endpoints.
- Run inside a controlled environment (separate user account or VM) if you are concerned about side effects.
- The MSRC API key is optional; only provide it if you want CVE→KB lookups. If you don't provide it that functionality stays disabled.
- The scripts will read local config files (cwd config.json, ~/.openclaw/config.json, APPDATA path) to detect server settings — don't run if you don't want those files inspected.
- Reports are written to output/ (fixed filenames and may overwrite). Do not upload reports publicly; they can contain sensitive info.
- If you want extra assurance, review scripts/run_scan.py and scripts/run_audit.py before executing, and run the audit-only mode first (no network probing) to see results.
功能分析
Type: OpenClaw Skill
Name: openclaw-pc-security
Version: 2.0.1
This skill bundle is a security auditing tool designed to perform local and network-based security checks for Windows and OpenClaw environments. It utilizes high-risk capabilities, including executing PowerShell commands to gather system metadata (audit.py), performing network port scans (scanner.py), and testing for default credentials (analyzer.py). While these actions are aligned with the stated purpose of security self-checking and the SKILL.md instructions emphasize keeping reports local, the broad system access and network probing capabilities are inherently risky. No evidence of intentional data exfiltration or malicious persistence was found, but the tool's powerful primitives warrant a cautious classification.
能力评估
Purpose & Capability
The name/description match what the bundle does: local Windows posture checks, OpenClaw version/config inspection, optional network probing of OpenClaw endpoints, and generation of local HTML/JSON reports. Required binaries/env vars are minimal/optional (requests, optional MSRC API key) and align with the described capabilities.
Instruction Scope
The SKILL.md explicitly instructs running local audit and optional network scans (scripts/run_audit.py and scripts/run_scan.py). The code performs authorized network probes, default-credential login attempts (admin:openclaw), and unauthenticated endpoint retrievals to detect sensitive fields — these are appropriate for an OpenClaw exposure scanner but are active operations with legal/ethical implications. The skill also scans local config paths (cwd config.json, ~/.openclaw/config.json, APPDATA) which aligns with server-config checks. The SKILL.md warns not to use active scans on systems you don't own and not to upload reports.
Install Mechanism
No automated install spec is provided (the package is instruction/code-only). Dependencies are limited to 'requests' (requirements.txt). The project expects the user to set up a Python venv and pip-install requirements; nothing in the manifest points to downloads from untrusted hosts or opaque install actions.
Credentials
No required environment variables are declared. An MSRC API key is optional and only used for MSRC SUG lookups when the user requests that function. The scripts read local system state (registry, netstat, files under home/CWD/APPDATA) which is necessary for the stated local-audit purpose. No unrelated cloud credentials or broad secrets are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It will run as invoked and does not request permanent elevated platform privileges. Autonomous invocation is allowed by platform defaults but is not combined with other concerning flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-pc-security - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-pc-security触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
openclaw-pc-security 2.0.1 changelog:
- Clarified wording for target checks: “Optional OpenClaw target checks (authorized use only)” replaces “Optional target probing for OpenClaw targets (authorized use only)”.
- Active scan functionality (credential and leak checks) must now be explicitly enabled via new command-line flags (--enable-cred-check, --enable-leak-check).
- Updated instructions and sample commands to reflect explicit enabling of active network checks.
- Revised notes for clearer guidance on usage restrictions and safe handling of report files.
v2.0.0
openclaw-pc-security 2.0.0 introduces new standalone audit and scan scripts, along with expanded local reporting.
- Added new scripts (`run_audit.py`, `run_scan.py`, `debug_audit.py`) for local and target security checks.
- Separated requirements for audit and scan tasks (`requirements-audit.txt`, `requirements-scan.txt`).
- Reports are now written to a simplified `output/` directory.
- Audit includes OpenClaw server configuration checks (password protection, port usage, exposure).
- HTML/JSON report files are now generated for both audit and scan with additional finding types.
- Updated documentation and usage instructions to reflect modular scripts and new output paths.
v1.0.3
Version 1.0.2
- Updated usage notes to emphasize that scanning/testing features are intrusive and must only be used in explicitly authorized environments.
- Added clear warnings against using scanning functions on systems without explicit permission.
- Clarified that scan report files should not be uploaded or sent unless the user explicitly requests it and provides a secure destination, due to sensitive information.
- Strengthened reminders not to upload sensitive output to public repositories.
v1.0.2
- Updated documentation format: merged `manifest.json` into SKILL.md with standardized YAML front matter.
- Improved and clarified documentation with concise usage guidelines.
- Added initial evaluation configuration file (`evals/evals.json`).
- Removed duplicate/unnecessary files for cleaner structure.
v1.0.1
- Updated documentation to reference the correct script path: changed `src/main.py` to `scripts/main.py` in usage examples.
- No changes to code or functionality.
v1.0.0
OpenClaw PC Security 1.0.0 initial release:
- Provides security self-checks for Windows PCs running OpenClaw.
- Checks Windows version, latest update status, and support lifecycle.
- Alerts about outdated OpenClaw or npm versions.
- Optional scan for port exposure and weak credentials in local/LAN (authorized use only).
- Outputs severity-based findings as HTML/JSON reports in the output folder.
- Primary focus on Windows, with a foundation for future OS and feature expansion.
元数据
常见问题
openclaw-pc-security 是什么?
Local security self-check for your Windows PC and OpenClaw server setup (password protection, port, and exposure), producing a local report. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 440 次。
如何安装 openclaw-pc-security?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-pc-security」即可一键安装,无需额外配置。
openclaw-pc-security 是免费的吗?
是的,openclaw-pc-security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
openclaw-pc-security 支持哪些平台?
openclaw-pc-security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw-pc-security?
由 Vincent_Openclaw(@openclawvincent)开发并维护,当前版本 v2.0.1。
推荐 Skills