← 返回 Skills 市场
1629
总下载
1
收藏
3
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-triage
功能描述
Incident response and forensics for agent workspaces. Investigate compromises, build timelines, assess blast radius, and collect evidence. Cross-references data from warden, ledger, signet, and sentinel for unified analysis. Free alert layer — upgrade to openclaw-triage-pro for automated containment, remediation playbooks, and evidence export.
安全使用建议
This appears to be a coherent local triage tool, but review and treat it carefully before use: 1) Inspect the full scripts/triage.py for any network or subprocess commands that could transmit data; although the SKILL.md says 'no network calls', the code imports subprocess — verify there are none. 2) Run it against a copy of the workspace (or point --workspace to a snapshot) first to avoid accidental changes. 3) Expect it to collect and store potentially sensitive files (hashes, configs, credentials it finds) under .triage/evidence — protect that output. 4) Always run the evidence/collection command before any remediation/quarantine actions, and keep backups. 5) If you need higher assurance, run the script in an isolated environment (air‑gapped or with network blocked) and consider a quick code audit focusing on any subprocess calls, file writes, and any uses of network/socket libraries.
功能分析
Type: OpenClaw Skill
Name: openclaw-triage
Version: 1.0.2
The OpenClaw Triage skill is a security tool designed for incident response and forensics within an agent workspace. Its code (`scripts/triage.py`) and documentation (`SKILL.md`, `README.md`) consistently describe functions for investigating, timeline building, scope assessment, evidence collection, and automated containment/remediation. The script explicitly states and adheres to 'No External Dependencies' and 'No network calls'. While it scans for credential patterns and exfiltration URLs, this is for detection and reporting, not for actual exfiltration. Actions like quarantining skills, locking critical files, and disabling suspicious hooks are defensive measures. Subprocess calls are made safely to other local OpenClaw security tools for remediation. There is no evidence of malicious intent, prompt injection, or unauthorized harmful behavior.
能力评估
Purpose & Capability
Name/description describe workspace triage and the skill only requires python3 and local filesystem access. Declared cross‑references (.integrity, .ledger, .signet, .sentinel) match the checks implemented in the script.
Instruction Scope
Instructions and the script read the entire workspace, build timelines, compute hashes, and copy security tool data into .triage/evidence. This is expected for forensics, but it will access and collect potentially sensitive files (credentials, skill code, configs). The SKILL.md claims 'no network calls' and the visible code appears local‑only, but the script imports subprocess and other modules — review the remainder of the file for any network invocations before running in production.
Install Mechanism
No install spec; the skill is instruction/code only and requires only python3 on PATH. Nothing is downloaded or written to system locations outside the workspace when run.
Credentials
The skill requests no environment variables, no external credentials, and only accesses workspace files and known OpenClaw tool paths. The lack of declared secrets is proportionate to the stated purpose.
Persistence & Privilege
The tool writes state/evidence and may create quarantine/backups under .triage within the workspace (normal for a triage tool). always:false (not force‑installed). If you run remediation/quarantine actions those will modify workspace files — follow the guidance to take evidence first.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-triage - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-triage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Removed all references to openclaw-triage-pro and upgrade prompts from documentation.
- README and SKILL.md now describe only the core free features included with openclaw-triage.
- No changes to commands, outputs, or forensic capabilities.
v1.0.1
- Updated README.md to improve formatting and clarity.
- No changes to code or functionality.
- Documentation provides more consistent and readable instructions for users.
v1.0.0
Initial release of openclaw-triage: unified incident response and forensics for agent workspaces.
- Investigate workspace compromises, build event timelines, assess blast radius, and collect forensic evidence.
- Integrates data from warden, ledger, signet, and sentinel for comprehensive analysis.
- Command-line interface for full investigations, timeline creation, blast radius assessment, evidence collection, and quick status checks.
- Includes incident severity scoring and exit codes for automated workflows.
- No external dependencies; runs locally on Python 3 (Darwin, Linux, Win32).
- Upgrade option available for advanced containment and remediation (openclaw-triage-pro).
元数据
常见问题
Openclaw Triage 是什么?
Incident response and forensics for agent workspaces. Investigate compromises, build timelines, assess blast radius, and collect evidence. Cross-references data from warden, ledger, signet, and sentinel for unified analysis. Free alert layer — upgrade to openclaw-triage-pro for automated containment, remediation playbooks, and evidence export. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1629 次。
如何安装 Openclaw Triage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-triage」即可一键安装,无需额外配置。
Openclaw Triage 是免费的吗?
是的,Openclaw Triage 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Triage 支持哪些平台?
Openclaw Triage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 Openclaw Triage?
由 AtlasPA(@atlaspa)开发并维护,当前版本 v1.0.2。
推荐 Skills