← 返回 Skills 市场
atlaspa

OpenClaw Warden Pro

作者 AtlasPA · GitHub ↗ · v1.0.1
darwinlinuxwin32 ✓ 安全检测通过
1296
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-warden-pro
功能描述
Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces.
安全使用建议
This skill appears to do what it says: it scans the workspace and can automatically restore files, rename skill directories to quarantine them, and run git rollbacks. Before installing or enabling automatic hooks, do the following: 1) Review the full integrity.py script locally to confirm there are no unexpected network calls or hidden behavior (the provided code appears local only). 2) Ensure you have backups of your workspace (and your git history) — 'protect' may restore or roll back files automatically. 3) Install and verify git is available if you plan to use rollback; the registry entry doesn't list git as a required binary but the feature expects a git repo. 4) Test the tool in a disposable test workspace to observe how snapshots are stored (it uses .integrity/snapshots) and how quarantine renames skill directories (prefix .quarantined-). 5) Be cautious about adding the SessionStart hook or heartbeat automation until you trust the baseline/snapshot state — automatic runs can be disruptive. If you want minimal risk, run the detection commands manually rather than wiring 'protect' to automatic startup.
功能分析
Type: OpenClaw Skill Name: openclaw-warden-pro Version: 1.0.1 The OpenClaw Warden Pro skill is a security suite designed to detect and respond to unauthorized modifications and prompt injection patterns within an agent's workspace. All code and documentation align with this stated purpose. The skill uses standard Python libraries, performs local file system operations (copy, rename), and executes local `git` commands via `subprocess` for its 'rollback' and 'protect' countermeasures. While these actions involve powerful capabilities, they are directly necessary for the skill's defensive functions (snapshot restore, skill quarantine, git rollback) and are not used for exfiltration, unauthorized remote control, persistence, or any other malicious intent. The skill explicitly states it has no external dependencies, no `pip install`, and no network calls, which is confirmed by the code. The prompt injection patterns listed are for *detection*, not for malicious instruction.
能力评估
Purpose & Capability
The name/description (workspace integrity + automated countermeasures) align with the provided script and commands (baseline, verify, protect, restore, quarantine, rollback). The declared runtime requirement is only python3, which fits the shipped Python script. Minor discrepancy: the SKILL.md and README advertise a 'git rollback' feature but the registry metadata does not declare 'git' as a required binary; the script likely invokes git or expects a git repo, so git should be present but is not listed.
Instruction Scope
SKILL.md explicitly instructs the agent to run local commands that scan the workspace and perform automated countermeasures (restore snapshots, rename skill directories to quarantine, run git rollbacks). These actions are within the declared purpose but are destructive/potentially disruptive if run without review. The SKILL.md also recommends adding an automatic SessionStart hook to run 'protect' at startup — this elevates the chance of automatic file modification. The pre-scan injection pattern ('ignore previous instructions') appears in the doc because the tool enumerates prompt-injection patterns to detect; this is expected for a security scanner.
Install Mechanism
No install spec — instruction-only + included Python script. Nothing is downloaded or executed from external URLs during installation. This is the lower-risk install model. The script writes snapshots into a .integrity directory within the workspace when baseline is taken (expected behavior).
Credentials
The skill requests no credentials or environment variables in the registry metadata. It uses OPENCLAW_WORKSPACE (documented) and the current working directory as workspace discovery mechanisms — both are reasonable for its function. No external API keys or unrelated secrets are requested.
Persistence & Privilege
always:false (good). The skill is user-invocable and allows autonomous invocation (default platform behavior). The SKILL.md recommends adding a SessionStart hook to run 'protect' automatically; enabling this gives the skill the ability to autonomously modify workspace files each session (restore, quarantine, rollback). This is coherent with the advertised 'Pro' behavior but is a high-privilege, potentially destructive operational mode that a user should opt into deliberately.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-warden-pro
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-warden-pro 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Re-publish with proper metadata
v1.0.0
Initial release of openclaw-warden-pro, the complete security layer for agent workspaces. - Adds automated threat response: restore, rollback, quarantine, and protection sweeps, enhancing detection-only free version. - Includes commands to restore files from snapshots or git history, quarantine/unquarantine skills, and perform automated protection passes. - Monitors critical, config, memory, and skill-related files for unauthorized changes with alerts. - Fully local: uses only the Python3 standard library, no external dependencies or network. - Cross-platform support for Darwin, Linux, and Windows; compatible with OpenClaw and other agent platforms.
元数据
Slug openclaw-warden-pro
版本 1.0.1
许可证
累计安装 1
当前安装数 1
历史版本数 2
常见问题

OpenClaw Warden Pro 是什么?

Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1296 次。

如何安装 OpenClaw Warden Pro?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-warden-pro」即可一键安装,无需额外配置。

OpenClaw Warden Pro 是免费的吗?

是的,OpenClaw Warden Pro 完全免费(开源免费),可自由下载、安装和使用。

OpenClaw Warden Pro 支持哪些平台?

OpenClaw Warden Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。

谁开发了 OpenClaw Warden Pro?

由 AtlasPA(@atlaspa)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论