← 返回 Skills 市场
1440
总下载
1
收藏
9
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-security
功能描述
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response.
安全使用建议
This skill is an orchestrator that will run many other skill scripts inside whatever workspace you point it at. Before installing or running it: 1) Verify the source and repository — this package has no homepage and an unknown origin. 2) Expect it to call the ClawHub CLI or git/npm to fetch other tools; only allow that if you trust those package sources. 3) Inspect the code of the orchestrator and the individual security skill packages (scripts under workspace/*) before running setup/update/protect — they will be executed and can read/modify your files. 4) Run initial tests in an isolated or disposable workspace (or VM/container) and back up important data. 5) Ask the maintainer to clarify the README contradiction about 'no external dependencies' and to provide a verifiable homepage or repository before trusting it in a production environment.
功能分析
Type: OpenClaw Skill
Name: openclaw-security
Version: 1.0.1
The OpenClaw Security Suite skill bundle is an orchestrator designed to install, configure, and manage other OpenClaw security tools. The `SKILL.md` and `README.md` files clearly describe its purpose and commands, with no evidence of prompt injection or hidden instructions. The `scripts/security.py` script uses `subprocess.run` to execute the `clawhub` CLI for installing/updating other skills and to run local Python scripts for the 11 security tools it manages. All commands passed to `subprocess.run` are hardcoded lists of strings, preventing shell injection from within this script. There is no evidence of data exfiltration, persistence mechanisms, or other malicious intent within this skill bundle's code or documentation. The inherent reliance on `clawhub` and other external skills introduces a supply chain risk, but this specific skill bundle itself does not exhibit malicious behavior.
能力评估
Purpose & Capability
The name/description (a unified orchestrator for 11 security tools) match the included orchestrator script and SKILL.md commands. However the README and runtime behavior require the external ClawHub CLI for installing/updating tools, which contradicts the 'No external dependencies (stdlib only)' claim. Requiring a network installer (clawhub/git) is plausible for this purpose but the README/requirements inconsistency should be clarified.
Instruction Scope
SKILL.md instructs the agent to run scripts/security.py which in turn runs other skill scripts found under the workspace (e.g., scripts/sentry.py, scripts/warden.py). That is expected for an orchestrator, but it means the skill will execute arbitrary code present in installed skill directories under your workspace and will read and likely modify workspace files. The instructions also auto-detect OPENCLAW_WORKSPACE and default to ~/.openclaw/workspace or current working dir, so be careful where you run it. The orchestration gives the skill broad discretion to run many scanners and setup/protect commands — appropriate for the stated purpose but high-risk if installed skills are untrusted.
Install Mechanism
There is no packaged install spec (instruction-only), which lowers direct supply risk. The orchestrator itself does not download arbitrary archives, but its install flow relies on the ClawHub CLI (and the README shows git clone as an option). Using clawhub/git/npm means network downloads and code execution are involved when installing the 11 tools. This is expected for a meta-installer but you should only use it with trusted registries/sources.
Credentials
The skill declares no required environment variables or credentials. The script optionally reads OPENCLAW_WORKSPACE to locate the workspace, which is reasonable. There are no unexplained requests for tokens/keys in the metadata or SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable. It will run subcommands that can modify the workspace and installed skills (setup, protect, update), which is normal for an orchestrator. There is no evidence it tries to force persistent inclusion or modify other skills' configs beyond operating on the workspace.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-security - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-security触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
openclaw-security 1.0.1
- Internal update to scripts/security.py.
- No user-facing changes to documentation or functionality.
v1.0.0
openclaw-security 1.0.0
- Initial release of the unified OpenClaw security suite.
- Install, configure, and orchestrate 11 OpenClaw security tools with one command.
- Provides commands for setup, scanning, updating, viewing status, and listing installed tools.
- Includes a built-in dashboard for aggregated health checks.
- Supports both free and Pro features across integrity, secrets, permissions, network, audit, signing, supply chain, credentials, injection defense, compliance, and incident response.
- Cross-platform support: Windows, macOS, and Linux.
元数据
常见问题
Openclaw Security 是什么?
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1440 次。
如何安装 Openclaw Security?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security」即可一键安装,无需额外配置。
Openclaw Security 是免费的吗?
是的,Openclaw Security 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Security 支持哪些平台?
Openclaw Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 Openclaw Security?
由 AtlasPA(@atlaspa)开发并维护,当前版本 v1.0.1。
推荐 Skills