← 返回 Skills 市场
kukano996

OpenClaw 安全审计器 🛡️

作者 库咔Kuka · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
150
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-security-auditor-main
功能描述
[MANDATORY PRE-CHECK - STOP AND READ BEFORE ANY TOOL CALL] 本 skill 在每次工具调用前强制执行安全审计。触发场景:(1) 删除文件(exec 中的 rm/del/rmdir/Remove-Item),(2) 覆写文件(write/edit 已存在文件...
安全使用建议
This skill appears to do what it says: perform pre-invocation safety checks on commands and paths and request user confirmation for high-risk operations. Points to consider before enabling: (1) always:true makes the skill active for every agent run — if you run unattended scripts or other skills that expect unimpeded tool calls, change metadata to always:false or test first in a controlled environment; (2) review the risk_assessor.py and the pattern lists if you need different thresholds or to avoid false positives; (3) because confirmations require user interaction, automated pipelines may hang waiting for '确认' responses — plan for that; (4) verify the skill source/trust (owner ID and repo links in README) before deployment. If you want maximum safety, run it; if you need unattended automation, set always:false or whitelist specific operations.
功能分析
Type: OpenClaw Skill Name: openclaw-security-auditor-main Version: 1.0.0 The bundle is a defensive security tool designed to act as a guardrail for OpenClaw agents. It implements a 'Security Auditor' that intercepts tool calls to assess risks associated with system commands and file paths across Windows, macOS, and Linux. The logic, contained in SKILL.md and scripts/risk_assessor.py, uses extensive regex patterns to identify and block critical actions (like disk formatting or system directory deletion) or require user confirmation for high-risk operations (like deleting user files or accessing .ssh folders). No malicious behavior, data exfiltration, or obfuscation was detected.
能力评估
Purpose & Capability
Name/description, SKILL.md, README, references and the Python assessor all implement a file/command risk-auditor. There are no unrelated required env vars, binaries, or config paths. The included risk_assessor.py and references match the stated purpose.
Instruction Scope
SKILL.md mandates pre-tool-call checks and defines explicit block/confirm/allow flows for commands and paths. This is consistent with the auditor role. Note: the instructions give the skill broad discretion to pause/deny tool calls — this is expected for a pre-audit skill but may interrupt automated workflows or other skills that expect transparent execution.
Install Mechanism
Instruction-only skill with a harmless local Python helper; there is no install spec that downloads remote code or writes arbitrary binaries. No high-risk install behavior detected.
Credentials
No credentials, env variables, or external endpoints are requested. The code reads local context (cwd, home) and expands env vars for path normalization — appropriate for path/command risk assessment and proportionate to purpose.
Persistence & Privilege
metadata sets always:true and the documentation explicitly states the skill has highest priority and auto-loads. That is coherent with a system-level pre-checker, but always:true grants this skill forced presence in all agent runs which can block or alter behavior. Consider whether you want that enforced for all sessions.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-security-auditor-main
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-security-auditor-main 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
**qclaw-security-auditor v1.0.0 Initial Release** - Introduces a mandatory pre-check skill enforcing strict security audits before tool operations. - Checks for risky file deletions, overwrites, dangerous commands, and sensitive path actions; classifies by risk level (extremely high, high, medium, low). - Blocks or requires explicit user confirmation before executing high-risk operations (e.g. system/critical directory removal, bulk deletes, installations). - Provides clear user notifications for blocked or high-risk actions, including required confirmation processes. - Supersedes previous OpenClaw security audit checks with a system-wide, always-on, preemptive design.
元数据
Slug openclaw-security-auditor-main
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

OpenClaw 安全审计器 🛡️ 是什么?

[MANDATORY PRE-CHECK - STOP AND READ BEFORE ANY TOOL CALL] 本 skill 在每次工具调用前强制执行安全审计。触发场景:(1) 删除文件(exec 中的 rm/del/rmdir/Remove-Item),(2) 覆写文件(write/edit 已存在文件... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 150 次。

如何安装 OpenClaw 安全审计器 🛡️?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-auditor-main」即可一键安装,无需额外配置。

OpenClaw 安全审计器 🛡️ 是免费的吗?

是的,OpenClaw 安全审计器 🛡️ 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClaw 安全审计器 🛡️ 支持哪些平台?

OpenClaw 安全审计器 🛡️ 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw 安全审计器 🛡️?

由 库咔Kuka(@kukano996)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论