← 返回 Skills 市场
1517
总下载
0
收藏
9
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-security-toolkit
功能描述
Security guard for OpenClaw users. Audit configs, scan secrets, manage access, and generate security reports.
使用说明 (SKILL.md)
OpenClaw Security Guard
A comprehensive security tool for OpenClaw users to protect their AI assistant.
Features
- 🔍 Security Audit - Comprehensive security configuration check
- 🔐 Secret Scanner - Detect exposed API keys and tokens
- 👥 Access Control - Manage devices, users, and permissions
- 🔑 Token Manager - Rotate and validate tokens
- 📊 Security Report - Generate detailed security reports
- 🛡️ Hardening - Apply security best practices
Requirements
- Python 3.6+
- No external dependencies (uses stdlib)
Commands
# Run security audit
python3 {baseDir}/scripts/main.py audit
# Scan for secrets
python3 {baseDir}/scripts/main.py scan
# Generate report
python3 {baseDir}/scripts/main.py report --format md
# Check token status
python3 {baseDir}/scripts/main.py token status
# Access control
python3 {baseDir}/scripts/main.py access list
# Security hardening
python3 {baseDir}/scripts/main.py harden --fix
# Quick status check
python3 {baseDir}/scripts/main.py status
Options
--format, -f \x3Cformat> Output format: json, md, table (default: table)
--lang, -l \x3Clang> Language: en, zh (default: auto-detect)
--quiet, -q Quiet mode, only output results
--verbose, -v Verbose output
--output, -o \x3Cfile> Output file path
--deep Deep scan mode
--fix Auto-fix issues where possible
Security Checks
| Category | Checks |
|---|---|
| Config | Gateway bind, auth mode, token strength |
| Secrets | API keys, tokens, passwords, private keys |
| Access | Devices, users, channels, sessions |
| Network | Public exposure, open ports |
Examples
# Full audit with auto-fix
python3 {baseDir}/scripts/main.py audit --deep --fix
# Generate markdown report
python3 {baseDir}/scripts/main.py report --format md -o security.md
# Scan for specific pattern
python3 {baseDir}/scripts/main.py scan --pattern "sk-"
# List all paired devices
python3 {baseDir}/scripts/main.py access devices
# Generate JSON report
python3 {baseDir}/scripts/main.py report --format json
Output Formats
Table (default)
🔐 OpenClaw Security Guard v1.0.0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Security Score: 72/100 ⚠️
🔴 HIGH RISK
• API Key exposed in config file
Location: ~/.openclaw/openclaw.json:15
JSON
{
"score": 72,
"findings": [...]
}
Markdown
# Security Report
**Score**: 72/100
Languages
- English (en)
- 中文 (zh)
Auto-detected based on system locale.
License
MIT
Version
v1.0.0
安全使用建议
This skill is coherent with its stated purpose: it reads OpenClaw configuration and credential files and can auto-fix issues or rotate tokens. Before installing or running with --fix/rotate: 1) Verify the skill source/author (metadata points to a GitHub repo but 'homepage' is none). 2) Back up your OpenClaw config (~/.openclaw/) because the tool may write changes. 3) Be aware token rotation and some fixes will write tokens into config and may print new tokens to stdout — avoid running where logs are captured. 4) Prefer a dry-run first (where supported) to review planned changes. 5) If you will allow autonomous invocation, remember the tool can modify local config; only enable autonomous use if you trust the code and source.
功能分析
Type: OpenClaw Skill
Name: openclaw-security-toolkit
Version: 1.0.0
The OpenClaw Security Toolkit is a legitimate administrative utility designed to audit configurations, scan for exposed secrets, and manage access controls for an OpenClaw installation. The codebase (scripts/audit.py, scripts/scanner.py, scripts/token.py) uses only Python standard libraries to perform local file operations within the ~/.openclaw directory. It includes security-conscious features such as secret masking for console output and provides automated hardening capabilities like token rotation. No evidence of data exfiltration, unauthorized network activity, or malicious prompt injection was found; the tool's behavior is entirely consistent with its stated purpose.
能力评估
Purpose & Capability
Name/description (audit, secret-scan, access control, token management) match the included scripts and config. The tool inspects ~/.openclaw paths, produces reports, and offers fixes/rotation — all consistent with the stated purpose. No unrelated external credentials or unusual binaries are required.
Instruction Scope
SKILL.md instructs running local Python scripts which scan and modify OpenClaw configuration files (e.g., ~/.openclaw/openclaw.json, ~/.openclaw/.env, ~/.openclaw/credentials/). This is expected for a security tool, but the instructions allow actions that modify local config (e.g., --fix, token rotation), so users should expect writes to local files and potential printing of new tokens to stdout.
Install Mechanism
No install spec is provided (instruction-only). The package contains Python scripts that rely on the stdlib; nothing is downloaded or executed from remote URLs during install. Risk from install mechanism is low.
Credentials
The skill does not declare required environment variables or credentials. It scans local config files for secrets (OpenAI keys, AWS keys, etc.), which is proportional to its stated purpose. No unexpected credentials or unrelated environment access are requested.
Persistence & Privilege
always is false. The tool can be invoked by the model (default platform behavior). The code can modify the OpenClaw config and rotate tokens when run with --fix/rotate, which is legitimate for a hardening tool but increases impact if executed without user control. There is no attempt to alter other skills' configs or persist itself into the agent runtime beyond standard local file writes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-security-toolkit - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-security-toolkit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the OpenClaw Security Toolkit.
- Security guard tool for OpenClaw users: audit configs, scan secrets, manage access, and generate security reports.
- Provides CLI commands for auditing, scanning, reporting, hardening, and access management.
- Supports multiple output formats: table, JSON, and markdown.
- No external dependencies; works with Python 3.6+.
- Includes options for language, verbosity, deep scans, and auto-fix.
- Documentation and usage examples included.
v0.1.0
Initial release of OpenClaw Security Guard.
- Provides auditing of security configurations for OpenClaw users
- Scans for exposed secrets including API keys and tokens
- Manages access control for devices, users, and permissions
- Supports token rotation and validation
- Generates security reports in multiple formats (table, JSON, Markdown)
- Offers hardening features to apply security best practices
- No external Python dependencies required (stdlib only)
元数据
常见问题
Openclaw Security Toolkit 是什么?
Security guard for OpenClaw users. Audit configs, scan secrets, manage access, and generate security reports. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1517 次。
如何安装 Openclaw Security Toolkit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-security-toolkit」即可一键安装,无需额外配置。
Openclaw Security Toolkit 是免费的吗?
是的,Openclaw Security Toolkit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Security Toolkit 支持哪些平台?
Openclaw Security Toolkit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Security Toolkit?
由 hkall(@hkall)开发并维护,当前版本 v1.0.0。
推荐 Skills