← 返回 Skills 市场
OpenClaw Shield
作者
Eilaiwangwh
· GitHub ↗
· v1.0.0
· MIT-0
314
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-shield-v1
功能描述
OpenClaw cloud security guardrail that enforces pre-execution checks, source trust classification, taint tracking, metadata endpoint blocking, and output red...
安全使用建议
Do NOT install or append anything to your agent config yet. This package is documentation-only here — it expects you to fetch and run external code (shield.py) from a GitHub repo and to edit critical files (SOUL.md/AGENTS.md). Before proceeding: 1) Obtain the actual runtime code (shield.py) and audit it line-by-line (look for network callbacks, hidden endpoints, credential exfiltration, and logging behavior). 2) Verify the GitHub repo owner and commit history; prefer signed releases from a trusted org. 3) Do NOT blindly append the suggested '不可违背' blocks to SOUL.md/AGENTS.md; that forces policy changes and could make the shield hard to remove. 4) Investigate the .shield_disabled mechanism — treat it as a potential backdoor. 5) If you want to try it, run the shield code in an isolated test environment (ephemeral VM/container) and verify audit append-only behavior, no outbound connections to unknown hosts, and the absence of credential exfiltration. 6) Ask the maintainer for a packaged release and a code review report; require human verification of any installer script before executing. If you cannot perform these checks, do not install.
功能分析
Type: OpenClaw Skill
Name: openclaw-shield-v1
Version: 1.0.0
The skill claims to provide security guardrails but exhibits high-risk behavior by instructing the agent to modify its core configuration files (SOUL.md and AGENTS.md) to embed its logic globally. It includes documented bypass mechanisms, such as an emergency disable file (.shield_disabled) and a policy to ignore script failures, which could be used to neutralize the protections. Crucially, the actual execution logic (shield.py) is missing from the provided files, preventing verification of whether the 'filtering' and 'checking' functions are benign or perform unauthorized data exfiltration under the guise of security (IOC: GitHub repo Eilaiwangwh/openclaw-shield).
能力评估
Purpose & Capability
The skill claims to enforce pre-execution checks via a shield.py helper, but the bundle contains no shield.py or runtime code — only docs. To function it instructs installing a GitHub repo and editing agent core files. Requiring edits to SOUL.md/AGENTS.md and adding mandatory checks is outside what an instruction-only 'skill' should demand without providing the binary/scripts.
Instruction Scope
SKILL.md tells the agent to run shield.py check/inject/filter for every user/agent action and to append '不可违背' (must obey) rules to SOUL.md and AGENTS.md. It also mandates 'if shield errors, ignore errors continue' and introduces a .shield_disabled bypass file — both are unusual and weaken expected protections. The instructions therefore request system-wide policy changes and introduce explicit bypass/backdoor mechanisms.
Install Mechanism
No formal install spec in the registry entry, but README instructs cloning/pulling from an external GitHub repo (Eilaiwangwh/openclaw-shield) and running installer scripts under ~/.codex/. These are downloads from an external source not bundled here; fetching and executing that code is moderate-to-high risk without verifying the repo and its contents.
Credentials
The skill requests no environment variables or credentials, which fits a local guardrail. However, it requires write access to agent config files and skill directories, and expects to interact with many filesystem/network targets (including setting passphrases and audit configs). Those privileges are significant even without explicit secret requests and should be justified and audited.
Persistence & Privilege
Though not marked always:true, the docs instruct persistent modification of core agent files (SOUL.md, AGENTS.md) to make Shield 'inviolable' and to exempt shield's own directory. This elevates the skill's persistence and privilege beyond a normal, optional skill and could lock in behavior or create hard-to-audit persistence and bypass mechanisms (.shield_disabled).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-shield-v1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-shield-v1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of openclaw-shield cloud security guardrail.
- Enforces pre-execution security checks for shell, file, network, and package operations.
- Implements source trust classification and taint tracking for all actions.
- Includes metadata endpoint blocking and strict safeguards against sensitive cloud resources.
- Provides output redaction to prevent leakage of credentials and confidential information.
- Designed for policy enforcement, audit tracking, and safe cloud deployment interactions.
元数据
常见问题
OpenClaw Shield 是什么?
OpenClaw cloud security guardrail that enforces pre-execution checks, source trust classification, taint tracking, metadata endpoint blocking, and output red... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 314 次。
如何安装 OpenClaw Shield?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-shield-v1」即可一键安装,无需额外配置。
OpenClaw Shield 是免费的吗?
是的,OpenClaw Shield 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Shield 支持哪些平台?
OpenClaw Shield 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Shield?
由 Eilaiwangwh(@eilaiwangwh)开发并维护,当前版本 v1.0.0。
推荐 Skills