← 返回 Skills 市场
jkahn-tr

OpenClaw Security Scanner

作者 Jkahn-tr · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2030
总下载
0
收藏
19
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-security-scanner
功能描述
Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scor...
安全使用建议
This appears to be a coherent, local-only OpenClaw security scanner, but take these precautions before running it: 1) Inspect the full oc-security-scan.sh yourself (especially the truncated tail) to confirm there are no network calls (curl/wget/nc) or unexpected uploads. 2) Run without --fix first to review findings; do not run --fix unattended. 3) Run as a non-root user unless you explicitly need deeper checks, and back up configs before applying fixes. 4) Be aware the script will read config and secrets files (e.g., secrets.env) to check for plaintext tokens — that is expected behavior for a scanner but means the script has access to sensitive data while running. 5) If you need highest assurance, run it in an isolated environment (VM/container) and review any fix commands the script proposes before accepting them.
功能分析
Type: OpenClaw Skill Name: openclaw-security-scanner Version: 1.0.0 The `oc-security-scan.sh` script uses `eval` to execute remediation commands when the `--fix` flag is provided. Although the `fix_cmd` values are hardcoded within the script itself and not derived from untrusted input, the use of `eval` is an inherently risky practice and represents a shell injection vulnerability pattern. This is a flaw that could allow attacks if the `fix_cmd` were ever to be dynamically constructed or influenced by external factors, classifying it as suspicious. No evidence of malicious intent, such as data exfiltration, persistence, or unauthorized network calls, was found; the script adheres to its stated 'local-only' claims.
能力评估
Purpose & Capability
Name/description match the actual behavior: the script inspects OpenClaw config, network exposure, file permissions, tokens, and guardrails. It does not declare unrelated credentials or external services and relies on standard UNIX tools and optional OPENCLAW_HOME, which is proportional to its purpose.
Instruction Scope
SKILL.md instructs running the included bash script. The script legitimately reads config files (openclaw.json, secrets.env, alternate locations), examines listening ports and permissions, and can apply fixes when --fix is passed. It uses eval to execute user-confirmed fix commands and parses JSON via grep; both are expected but warrant review. The provided script text was truncated in the listing — I could not verify the final portions for hidden network calls or other unexpected behavior, so review of the full file before running --fix is recommended.
Install Mechanism
No install spec; this is instruction-only with an included script. That is low-risk compared with arbitrary remote installers. The script is stored in the skill bundle and executed locally.
Credentials
The skill requests no external credentials and only optionally reads OPENCLAW_HOME and local OpenClaw files (config, secrets). Reading secrets.env and config files is appropriate for a scanner, but those files may contain sensitive data — the script promises local-only operation and read-only by default; confirm that before running and avoid providing secrets via other environment variables.
Persistence & Privilege
Skill does not request persistent presence (always:false). It does not modify anything unless --fix is explicitly supplied and prompts for confirmation. Model invocation/autonomy flags are default and acceptable.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-security-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-security-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — local security assessment & hardening for OpenClaw installations
元数据
Slug openclaw-security-scanner
版本 1.0.0
许可证
累计安装 19
当前安装数 19
历史版本数 1
常见问题

OpenClaw Security Scanner 是什么?

Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scor... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2030 次。

如何安装 OpenClaw Security Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-scanner」即可一键安装,无需额外配置。

OpenClaw Security Scanner 是免费的吗?

是的,OpenClaw Security Scanner 完全免费(开源免费),可自由下载、安装和使用。

OpenClaw Security Scanner 支持哪些平台?

OpenClaw Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw Security Scanner?

由 Jkahn-tr(@jkahn-tr)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论