← 返回 Skills 市场
553
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-security-check
功能描述
Security self-check for OpenClaw deployments. Audits openclaw.json config and host security in one pass: gateway exposure, auth mode, token strength, channel...
安全使用建议
This skill appears to do what it claims (a quick OpenClaw config + host audit) and the bundled script is readable — good signs. Before installing or enabling automated invocation: 1) Review the full scripts/security-check.sh yourself to verify behavior (it is included). 2) Use the script in read-only/reporting mode first (scripts/security-check.sh or --json) to see findings. 3) Do NOT allow the agent to run auto-fix commands without explicit, interactive confirmation; the fixes use sudo, apt, chmod, sed and can lock you out if misapplied. 4) If you plan to schedule checks, schedule only read-only reports; never auto-apply fixes from cron/heartbeat. 5) Backup ~/.openclaw/openclaw.json and ensure you have a second active SSH session before applying SSH/firewall changes. 6) Prefer running the audit in a staging environment first. If you want, restrict the skill so it can only produce reports and not execute remediation steps autonomously.
功能分析
Type: OpenClaw Skill
Name: openclaw-security-check
Version: 1.0.0
The skill performs system-level security audits and remediation, including modifying SSH configurations and firewall rules (SKILL.md). While these actions are aligned with its stated purpose, the shell script (scripts/security-check.sh) contains a code injection vulnerability where configuration values from openclaw.json are unsafely interpolated into a python3 command string via the jq_val function. This allows for potential arbitrary code execution if the configuration file contains maliciously crafted channel names or keys.
能力评估
Purpose & Capability
The name/description state a fast OpenClaw config + host security audit; the bundled script reads ~/.openclaw/openclaw.json, inspects firewall/SSH/listening ports, and scans channel policies and file permissions — all consistent with the stated checks. There are no unrelated credentials, binaries, or external endpoints requested.
Instruction Scope
The shipped script is read-only and implements the 10 checks described in SKILL.md. However SKILL.md also documents an 'Auto-Fix Flow' with concrete commands (apt install ufw, chmod, sed edits to /etc/ssh/sshd_config, firewall enable, openclaw gateway restart) that modify system state and require sudo. The documentation says to confirm with the user first, but that is a policy-level instruction — the agent could be asked to run fixes unless you enforce confirmation. Also the SKILL.md suggests adding the script to periodic heartbeat/cron which would make the checks automatic; ensure fixes are not automated without explicit approval.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled shell script. That is low-risk from an installation perspective — nothing is downloaded or written during install.
Credentials
The skill requires no environment variables or external credentials. It reads HOME and system files (/etc/ssh/sshd_config, ~/.openclaw/openclaw.json), which is proportionate to auditing host and config. The auto-fix commands require elevated privileges (sudo) which is expected for the kinds of system changes suggested but increases potential impact if executed without supervision.
Persistence & Privilege
always:false (no forced inclusion) and default autonomous invocation is allowed (disable-model-invocation:false). Autonomous invocation alone is normal, but combined with documented auto-fix recipes increases blast radius: if the agent is permitted to run fixes automatically, it could install packages or modify SSH/firewall settings. Prefer to require explicit user confirmation before any fix actions and avoid scheduling auto-fix via heartbeat/cron unless you trust the environment.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-security-check - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-security-check触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 10-point security audit for OpenClaw deployments. Checks gateway bind/auth/token, channel DM/group policies, config permissions, plaintext secrets, host firewall, SSH hardening, and exposed ports. Includes executable bash script with human-readable and JSON output modes, plus auto-fix recipes.
元数据
常见问题
OpenClaw Security Check 是什么?
Security self-check for OpenClaw deployments. Audits openclaw.json config and host security in one pass: gateway exposure, auth mode, token strength, channel... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 553 次。
如何安装 OpenClaw Security Check?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-check」即可一键安装,无需额外配置。
OpenClaw Security Check 是免费的吗?
是的,OpenClaw Security Check 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Security Check 支持哪些平台?
OpenClaw Security Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Security Check?
由 Madoka(@guoqunabc)开发并维护,当前版本 v1.0.0。
推荐 Skills