← 返回 Skills 市场
179
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-sec-audit
功能描述
Run a local security audit on the OpenClaw environment, identifying risks, affected files, and prioritized remediation steps without exposing secrets.
安全使用建议
This skill appears to do what it says: a local audit that inspects config, logs, workspace files, git history, SSH and firewall state, and secret-like patterns. Before running: (1) Review the bundled utils.py (not fully shown here) to confirm run_command/read/write behavior and ensure there are no hidden network POSTs or uploads. (2) Run it on a machine you control (not a sensitive production host) because it reads /etc, logs, and user files. (3) Run as a non-root user where possible; some host checks will be skipped if unreadable. (4) Inspect generated report files and their output directory permissions before sharing; while secrets are masked, file paths and counts are included. (5) If you enable autonomous agent invocation, be cautious — this tool can access many local artifacts; disable autonomous invocation unless you trust the skill and agent policies. If you want higher assurance, provide the full utils.py implementation for review or run the audit in an isolated test VM and inspect its runtime behavior (processes invoked, network activity) before using on production systems.
功能分析
Type: OpenClaw Skill
Name: openclaw-sec-audit
Version: 0.1.3
The skill bundle is a legitimate security auditing tool designed to inspect the local OpenClaw environment for risks. It includes detectors for plaintext secrets (with explicit redaction logic in `utils.py`), overly permissive filesystem permissions, insecure SSH configurations, and exposed network listeners. The code in `audit.py` and its sub-modules performs standard system checks using `subprocess` and local file reads, but it contains no evidence of data exfiltration, obfuscation, or malicious intent.
能力评估
Purpose & Capability
Name/description ask for a local OpenClaw security audit and the bundled code performs filesystem, git, host, network, config, and secret scans — these capabilities are appropriate for that purpose.
Instruction Scope
SKILL.md directs running the bundled runtime. The runtime reads config (~/.openclaw/openclaw.json), workspace files, .env files, logs, git-tracked files, SSH config, auth logs, and runs host/network commands (git, ss, journalctl, ufw/nft/iptables, systemctl, fail2ban-client). This scope is expected for a local audit but is broad and will access many sensitive local artifacts; the skill claims to redact secrets and the code masks examples, but you should only run it on hosts you control.
Install Mechanism
No external install or downloads are performed; the skill is instruction-only with bundled Python code executed via local python3. There are no remote URL-based installers observed in the provided files.
Credentials
The skill requests no environment variables or credentials. It does, however, read sensitive local files and run privileged host inspection commands (via subprocess) — this is proportionate to an audit but still requires local file access. No unrelated external credentials are requested.
Persistence & Privilege
always is false and the skill does not modify system or other skills' configuration. It runs on-demand and does not request permanent presence or elevated install-time privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-sec-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-sec-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.3
Redact config-derived evidence in heuristic findings so the skill no longer echoes raw config values in reports.
v0.1.2
Replace the .pyz bundle with bundled plain Python sources under resources/runtime so the skill publishes correctly on ClawHub and runs without the main repository checkout.
v0.1.1
Bundle a standalone runtime so the skill no longer depends on the main repository checkout or PYTHONPATH.
v0.1.0
- Initial release of the OpenClaw Security Audit skill.
- Runs a local security audit against the current OpenClaw installation and environment.
- Outputs summarized risks, impacted locations, and prioritized remediation steps (critical to low).
- Avoids printing raw secrets; outputs only summaries.
- Clearly indicates if any host checks are skipped or unsupported.
元数据
常见问题
Openclaw Security Audit 是什么?
Run a local security audit on the OpenClaw environment, identifying risks, affected files, and prioritized remediation steps without exposing secrets. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 179 次。
如何安装 Openclaw Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-sec-audit」即可一键安装,无需额外配置。
Openclaw Security Audit 是免费的吗?
是的,Openclaw Security Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Security Audit 支持哪些平台?
Openclaw Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Security Audit?
由 haooyi(@haooyi)开发并维护,当前版本 v0.1.3。
推荐 Skills