← 返回 Skills 市场
5002
总下载
3
收藏
45
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-security-audit
功能描述
Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gateway/control UI exposure, skill safety, credential leakage, or hardening guidance. Produces a terminal report with OK/VULNERABLE findings and fixes.
安全使用建议
Install only if you want an agent to inspect local system state for security issues. Expect it to read logs, process listings, listener ports, and configuration paths; do not approve commands that expose secret values or make system changes unless you specifically intend that action.
功能分析
Type: OpenClaw Skill
Name:
Developer:
Version:
Description: OpenClaw Agent Skill
The skill is designed for a security audit, instructing the AI agent to perform read-only checks for misconfigurations and vulnerabilities. It explicitly prohibits data exfiltration, unauthorized modifications, and execution of risky commands without user confirmation. All commands listed are standard read-only system and application inspection tools (e.g., `ps`, `ss`, `cat`, `find`, `journalctl`). The instructions actively guide the agent to identify and report security risks while adhering to strict safety principles, including redacting secrets and reporting only paths to sensitive files, not their contents. There is no evidence of prompt injection, obfuscation, or malicious intent.
能力评估
Purpose & Capability
The stated purpose is to inspect a system for misconfigurations and vulnerabilities, and the described capabilities are standard local audit checks such as process, socket, file, and log inspection.
Instruction Scope
The supplied description says the skill forbids data exfiltration, unauthorized modification, and risky command execution without user confirmation, with secret redaction expectations.
Install Mechanism
No hidden installer, bundled executable payload, obfuscated setup, or automatic package mutation was indicated by the supplied scan context.
Credentials
Local reads of logs, config paths, processes, and network listeners can expose sensitive operational details, but that access is proportionate for a security audit when kept local and redacted.
Persistence & Privilege
No persistence mechanism, background worker, privilege escalation, credential harvesting, or destructive action was supported by the supplied evidence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-security-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-security-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
openclaw-security-audit 1.0.0 – Initial release
- New skill to audit OpenClaw/Clawdbot/Moltbot environments for misconfigurations and security risks.
- Provides detailed step-by-step read-only security checks, covering network exposure, authentication, secrets, permissions, installed skills, and process persistence.
- Generates a terminal-style report with OK/VULNERABLE/UNKNOWN findings, actionable impact explanation, and remediation steps.
- Redacts secrets, avoids risky commands by default, and only proposes active remediations upon explicit user request.
- Includes clear output structure and summary section highlighting top risks.
元数据
常见问题
Openclaw Security Audit 是什么?
Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gateway/control UI exposure, skill safety, credential leakage, or hardening guidance. Produces a terminal report with OK/VULNERABLE findings and fixes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 5002 次。
如何安装 Openclaw Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-audit」即可一键安装,无需额外配置。
Openclaw Security Audit 是免费的吗?
是的,Openclaw Security Audit 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Security Audit 支持哪些平台?
Openclaw Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Security Audit?
由 misirov(@misirov)开发并维护,当前版本 v1.0.0。
推荐 Skills