← 返回 Skills 市场
muhammad-waleed381

OpenClaw Security Auditor

作者 Muhammad Waleed · GitHub ↗ · v1.0.0
darwinlinuxwindows ✓ 安全检测通过
2350
总下载
1
收藏
16
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-security-auditor
功能描述
Audit OpenClaw configuration for security risks and generate a remediation report using the user's configured LLM.
安全使用建议
This skill appears coherent for auditing OpenClaw configs, but take simple precautions before running it on production data: 1) Inspect the SKILL.md and any jq/redaction examples (or run it against a copy of your config with secrets replaced) to confirm secrets are removed. 2) If your OpenClaw LLM is a remote cloud provider, consider whether metadata about misconfigurations is acceptable to transmit — run the audit locally against a sanitized copy first. 3) Test on a non-production or redacted config to verify output and redaction behavior. 4) If you need stronger guarantees, request or supply explicit redaction filters (so the skill never transmits token values) or use a local-only LLM before running against sensitive configs.
功能分析
Type: OpenClaw Skill Name: openclaw-security-auditor Version: 1.0.0 The OpenClaw Security Auditor skill is designed to audit local OpenClaw configurations for security risks. All documentation and the `SKILL.md` pseudo-flow explicitly state that the skill operates locally, strips all secrets before analysis, and makes no external network calls. It uses standard binaries (`cat`, `jq`) for their intended purpose of reading and parsing local configuration files. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts against the agent in any of the provided files; instead, the documentation consistently emphasizes privacy and security.
能力评估
Purpose & Capability
The name/description claim a local OpenClaw configuration audit. The declared requirements (cat, jq) and the instructions (read ~/.openclaw/openclaw.json, run checks, produce a report) are proportional and expected for that purpose.
Instruction Scope
The SKILL.md confines activity to reading a single config file, extracting metadata, and sending a redacted findings object to the user's configured LLM through the OpenClaw agent flow. This is coherent, but the SKILL.md does not show the exact redaction commands or jq filters used—so you must trust the skill to actually remove secrets before sending. Also, 'user's configured LLM' may be a remote service (e.g., OpenAI); validate whether findings (even metadata) are acceptable to send to that endpoint.
Install Mechanism
No install spec or code files are present (instruction-only). That minimizes disk persistence and attack surface; requirements are limited to common CLI tools (cat, jq).
Credentials
The skill requests no environment variables or credentials, which is appropriate for a local config-only auditor. However, the SKILL.md's promise to 'strip all secrets' is a behavioural assertion not enforced by declared requirements—verify redaction behavior before sending data to any remote model.
Persistence & Privilege
always is false and there is no install performing background persistence. The skill invokes the OpenClaw agent to analyze findings (normal). It does not request system-wide config changes or other skills' credentials.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-security-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-security-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Local OpenClaw security audit skill with automated risk reporting. - Audits ~/.openclaw/openclaw.json or a user-specified config for 15+ security risks. - Runs checks including auth tokens, gateway settings, tool policies, secrets, logging, and more. - Generates a detailed markdown report with risk score, categorized findings (Critical/High/Medium/Low), and step-by-step remediation guidance. - No external APIs or network calls; uses only local tools (cat, jq) and user's existing LLM setup. - Strictly avoids handling or revealing secrets; only analyzes configuration metadata.
元数据
Slug openclaw-security-auditor
版本 1.0.0
许可证
累计安装 17
当前安装数 16
历史版本数 1
常见问题

OpenClaw Security Auditor 是什么?

Audit OpenClaw configuration for security risks and generate a remediation report using the user's configured LLM. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2350 次。

如何安装 OpenClaw Security Auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-auditor」即可一键安装,无需额外配置。

OpenClaw Security Auditor 是免费的吗?

是的,OpenClaw Security Auditor 完全免费(开源免费),可自由下载、安装和使用。

OpenClaw Security Auditor 支持哪些平台?

OpenClaw Security Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, windows)。

谁开发了 OpenClaw Security Auditor?

由 Muhammad Waleed(@muhammad-waleed381)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论