← 返回 Skills 市场
ruijh

OpenClaw Security Handbook (CN)

作者 ruijh · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
98
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-security-handbook-cn
功能描述
基于 ZAST.AI 安全手册的 OpenClaw 安全审计与加固技能。运行全面安全诊断(内置 audit + 手册补充项),生成结构化报告,提供交互式修复引导,支持定时审计调度。触发场景:安全审计、安全加固、漏洞检查、security audit、hardening、暴露检查。
安全使用建议
This skill is internally consistent for performing a local OpenClaw security audit, but it will read sensitive local files (logs, session files, MEMORY.md, installed skill sources) to look for secrets and risky code. Before running: 1) ensure you trust the skill and run it on a machine where exposing those files to the agent is acceptable (prefer a disposable VM); 2) review the included scripts and the commands in references/fix-commands.md — especially any commands that write tokens to ~/.openclaw/.env or delete directories; 3) do not blindly accept automatic fixes for operations that modify tokens/configs or remove files — back up before applying fixes; 4) the publish script will attempt to package/publish only if you run it and confirm. If you want minimal risk, run the audit commands manually and inspect the generated JSON/report rather than allowing automated fix actions.
功能分析
Type: OpenClaw Skill Name: openclaw-security-handbook-cn Version: 1.0.0 The skill bundle is a legitimate security auditing and hardening tool designed for the OpenClaw environment. It performs comprehensive checks for file permissions, secret leaks in logs, exposed network ports, and suspicious patterns in other installed skills using standard system commands (ls, stat, grep, find, ss). The logic in SKILL.md and scripts/security-report.py follows a 'user-in-the-loop' model, requiring explicit confirmation before applying any fixes, and the provided commands are well-aligned with its stated purpose of security diagnostics based on the ZAST.AI Security Handbook.
能力评估
Purpose & Capability
Name/description match the actual behavior: it runs `openclaw security audit --json`, parses results, performs local checks under ~/.openclaw, and offers remediation guidance. The files included (report generator and checklist/fix docs) are consistent with a security handbook/diagnostic skill.
Instruction Scope
The SKILL.md and scripts instruct the agent to read many local files (configs, sessions, logs, memory, installed skills), run local network/port checks, and inspect a sandbox docker container. This is expected for a security audit, but these actions will access potentially sensitive data (API keys, session logs, MEMORY.md). The skill emphasizes user confirmation before destructive changes, which is appropriate.
Install Mechanism
No install spec; instruction-only skill with two helper scripts. Nothing is downloaded or written by an automated installer. The publish script calls packaging/publishing tools on-demand and prompts for confirmation.
Credentials
The skill declares no required env vars or credentials, and its checks operate on local OpenClaw files only (proportional). One caution: the provided fix examples include commands that append tokens to ~/.openclaw/.env (echo >>), which would store secrets in plaintext if used; the docs also advise not to write plaintext, a slight contradiction that the user should review before running.
Persistence & Privilege
always:false and no system-wide modifications by default. Some recommended manual remediation steps (chattr, iptables, rm -rf, revoking keys) require elevated privileges or are destructive, but SKILL.md states these need explicit user confirmation.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-security-handbook-cn
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-security-handbook-cn 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Comprehensive security audit and hardening tool based on ZAST.AI Security Handbook (Chinese version).
元数据
Slug openclaw-security-handbook-cn
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

OpenClaw Security Handbook (CN) 是什么?

基于 ZAST.AI 安全手册的 OpenClaw 安全审计与加固技能。运行全面安全诊断(内置 audit + 手册补充项),生成结构化报告,提供交互式修复引导,支持定时审计调度。触发场景:安全审计、安全加固、漏洞检查、security audit、hardening、暴露检查。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 98 次。

如何安装 OpenClaw Security Handbook (CN)?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-handbook-cn」即可一键安装,无需额外配置。

OpenClaw Security Handbook (CN) 是免费的吗?

是的,OpenClaw Security Handbook (CN) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClaw Security Handbook (CN) 支持哪些平台?

OpenClaw Security Handbook (CN) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw Security Handbook (CN)?

由 ruijh(@ruijh)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论