← 返回 Skills 市场
OpenClaw Security Suite
作者
xunxingyuan
· GitHub ↗
· v0.2.3
· MIT-0
363
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-security-suite
功能描述
Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code.
安全使用建议
This package appears to implement what it claims (static scanning + AI review) but there are several things to consider before installing:
- Provenance: the source/homepage is unknown. Prefer packages with a known author or a public repository you can inspect.
- Node requirement mismatch: SKILL.md expects the 'node' binary; ensure your runtime provides Node and that dependencies (@babel packages) are installed.
- Data exposure: the 'review' action inserts full file contents into an LLM prompt (ctx.llm.generate). If your agent's LLM provider is external, any secrets or sensitive code will be sent to that provider. Only run 'review' on non-sensitive code or ensure the LLM provider and contract are acceptable.
- Sandboxing limits: vm_runner.ts uses Node's node:vm; that is NOT a hardened sandbox for running untrusted code. The README notes they replaced vm2 with node:vm—that reduces guarantees against sandbox escapes. Do not use this skill to execute untrusted code expecting strong isolation.
- Path scope: scanSkill reads all .ts/.js files in the provided directory. Don't point it at system or secrets directories (e.g., /, home, or /etc).
- Auditing: before granting access, inspect the package source yourself (or in an isolated environment), verify package.json dependencies, and consider running scans in an isolated VM or container. Ask the author for a repository or signed releases if you need higher assurance.
What would change my assessment to 'benign': an authoritative source/repo with history; clearer SKILL metadata (node requirement); removal or explicit limitation of sending full file contents to external LLMs (or an opt-in with clear warning); and a safer, documented sandboxing strategy (or avoiding execution entirely).
功能分析
Type: OpenClaw Skill
Name: openclaw-security-suite
Version: 0.2.3
The skill provides security scanning and AI-assisted code review but exhibits high-risk behavior by allowing arbitrary file system access via the 'path' parameter in index.ts without sanitization. While this is aligned with its stated purpose, it could be exploited to read sensitive files (e.g., .env, /etc/passwd). Additionally, the bundle includes an insecure Node.js VM sandbox (scanner/vm_runner.ts) and a runtime guard (guard/runtime_guard.ts) that are defined but not integrated into the main execution flow, which is atypical for a production-ready security tool.
能力评估
Purpose & Capability
The code and SKILL.md align with the described purpose: AST scanning, keyword scanning, an LLM-based review, and some runtime guards. Small inconsistencies: SKILL.md lists 'node' as a required binary while the registry metadata earlier said none; README and changelog claim a VM sandbox feature but the runtime code does not consistently use the vm runner (vm_runner.ts exists but is not invoked by the scanner). The package.json declares @babel parser/traverse dependencies which are expected for AST scanning.
Instruction Scope
The skill accepts a path and will read all .ts/.js files in that path — so it can read arbitrary files the agent user points it at (this is expected for a scanner but raises data-exposure risk if used on sensitive dirs). The AI review embeds the full file contents into a prompt and calls ctx.llm.generate, which will send the raw code (and any secrets inside it) to the LLM provider; that is a clear data-exfiltration risk if the LLM is external. The code uses node:vm.runInContext in vm_runner.ts (a file present), and the README touts sandboxing, but node:vm is not a secure sandbox for untrusted code and the project explicitly removed vm2 — that change reduces rather than increases guarantees. Also, ai_review simply forwards raw LLM output without JSON validation/parsing, which is brittle and could be manipulated.
Install Mechanism
There is no install spec (no remote downloads, no install script), which reduces supply-chain risk. However package.json declares npm dependencies (@babel/parser and @babel/traverse) that must be installed to run the scanner; those are from public npm and are expected for AST parsing. No obscure URLs or archive downloads are used.
Credentials
The skill does not request environment variables, credentials, or config paths. It flags process.env and sensitive file paths in its patterns (appropriate for scanning), but it does not itself require secrets. This is proportionate to its stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. disable-model-invocation is false (normal), which means the agent can invoke it autonomously — that is the expected behavior for a skill of this type but note that autonomous invocation plus the data-exfiltration mechanism (sending code to an LLM) increases blast radius.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-security-suite - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-security-suite触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.3
Release version 0.2.3
v0.2.2
Release version 0.2.2
v0.2.1
Consolidate into openclaw-security-suite
v0.2.0
Consolidate into openclaw-security-suite
元数据
常见问题
OpenClaw Security Suite 是什么?
Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 363 次。
如何安装 OpenClaw Security Suite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-suite」即可一键安装,无需额外配置。
OpenClaw Security Suite 是免费的吗?
是的,OpenClaw Security Suite 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Security Suite 支持哪些平台?
OpenClaw Security Suite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Security Suite?
由 xunxingyuan(@xunxingyuan)开发并维护,当前版本 v0.2.3。
推荐 Skills