← 返回 Skills 市场

Openclaw360

Name: Openclaw360
Author: 326668808

作者 WalkerX · GitHub ↗ · v0.1.11 · MIT-0

cross-platform ✓ 安全检测通过

403

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openclaw360

功能描述

Runtime security skill for AI agents — prompt injection detection, tool call authorization, sensitive data leak prevention, skill security scanning, and one-...

安全使用建议

Things to consider before installing: - The skill bundle contains only instructions; installing requires running pip to fetch code from GitHub. Review the referenced repo and the exact pinned commit (5fd69db) before installing to ensure the code matches expectations. - The tool will create ~/.openclaw360/, generate an Ed25519 identity key (0600), keep audit logs and backups there — confirm you are comfortable storing these artifacts locally and check permissions. - The documented behavior allows a degraded fallback (continue operation) if checks fail; if you need hard enforcement, confirm or modify that policy in the tool's config. - The agent will not autonomously invoke this skill (disable-model-invocation: true), but when you enable the proactive protection mode the agent will call the local CLI before inputs/tools/outputs — be cautious when asking it to scan arbitrary directories (it reads files you point it at). - If you cannot or will not review the upstream source, treat the pip-install-from-GitHub step as a moderate trust decision and consider installing into an isolated virtualenv before granting broader access. Confidence note: assessment is 'benign' but confidence is medium because the skill bundle omits code — verifying network/no-network runtime behavior and exact implementation requires inspecting the upstream repository at the pinned commit.

功能分析

Type: OpenClaw Skill Name: openclaw360 Version: 0.1.11 The openclaw360 skill is a comprehensive security utility designed to provide runtime protection for AI agents, including prompt injection detection, tool call authorization, and sensitive data masking. It operates locally, stores data in a dedicated directory (~/.openclaw360/), and uses Ed25519 signatures for log and backup integrity. The instructions guide the agent to implement a 'security middleware' pattern by checking inputs and tool calls via a CLI tool installed from a pinned GitHub commit (https://github.com/milu-ai/openclaw360), which is consistent with its stated purpose and lacks evidence of malicious intent.

能力评估

✓ Purpose & Capability

Name/description (runtime security, prompt-injection/tool/output checks, skill scanning, backup/restore) align with the declared requirements: only python3 and a dedicated ~/.openclaw360 config tree. The metadata.install commands (pip from the repo) are logically required to obtain the tool.

ℹ Instruction Scope

SKILL.md instructs the agent to invoke a local CLI (openclaw360) for prompt/tool/output checks and to scan user-specified Skill directories. Commands read user-supplied text, SKILL.md files in paths the user provides, and audit logs under ~/.openclaw360/. This stays within the stated security purpose, but the instructions also explicitly say the agent will continue execution if checks fail (degraded mode), which is a design choice users should be aware of.

ℹ Install Mechanism

Installation is via pip from a pinned GitHub commit (git+https://github.com/milu-ai/openclaw360.git@5fd69db) or a venv variant. Using a pinned commit is better than an unpinned install, but fetching and executing code from a remote repo is moderate risk. The skill bundle itself contains no code to audit, so verification requires the external repo review.

✓ Credentials

No environment variables or unrelated credentials are requested. The skill only needs and will create/read files under ~/.openclaw360/ (config, identity keys, audit, backups). Those local config paths are proportionate to the described functionality.

✓ Persistence & Privilege

disable-model-invocation: true and always: false are set (agent won't be auto-triggered). The skill only requests to create and manage its own ~/.openclaw360/ tree (including an Ed25519 identity key with 0600), which is consistent with local audit/backup functionality and not an elevated or system-wide privilege.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openclaw360
安装完成后，直接呼叫该 Skill 的名称或使用 /openclaw360 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.11

openclaw360 v0.1.11 - Added support for new backup-list trigger type: pre_restore. - Enhanced backup-clean and backup-clean [--dry-run] CLI options for safer backup management. - Updated documentation to reflect these options and usage. - No changes to logic or behaviors outside of improved backup operations and command documentation.

v0.1.10

**Clarifies active protection logic and invocation policy.** - Updated documentation to explicitly clarify the relationship between `disable-model-invocation: true`, user-initiated protection mode, and when CLI-based security checks are allowed. - Added explanation that active protection and CLI checks require explicit user request, and this does not conflict with the disable-model-invocation setting. - Enhanced downgrade behavior description: clarified that failed security checks notify the user but do not block agent operation, and explained the security design trade-off. - Provided clarifications regarding agent/skilled behavior when active protection is enabled at user request. - No changes to code or features; documentation and instruction clarifications only.

v0.1.9

**openclaw360 v0.1.9 changelog** - Added section detailing "主动防护模式" (proactive runtime protection), clarifying when and how to invoke security checks at input, tool call, and output stages. - Describes new CLI invocation patterns for check-prompt, check-tool, and check-output, along with decision handling (allow/block/confirm) and error fallback behavior. - Emphasizes agent-level integration for runtime checks without relying on platform hooks. - Clarifies downgrade/fallback mechanisms if security CLI commands fail or are unavailable. - No changes to code execution, permissions, or installation steps; documentation update only.

v0.1.8

- Updated skill version from 0.1.6 to 0.1.8. - Promoted the "install" field to the top-level frontmatter, providing clear installation commands. - Changed scan-skills execution and report rules from strict ("必须严格遵守"/"强制") to recommendations ("建议遵循"/"推荐"), making reporting templates and rules more flexible. - Minor edits to rules language regarding scan and reporting steps to soften mandatory instructions and allow more leeway in result formatting and response phrasing. - No changes to core functionality or security logic.

v0.1.7

**Added one-click backup and restore feature for security configuration and audit data.** - Introduced new `backup`, `restore`, `backup-list`, `backup-verify`, and `backup-clean` commands for managing secure backups. - Updated permissions and data handling to include `~/.openclaw360/backups/` directory and signed backup manifests. - Instructions and rules now specify atomic backup behavior and smart clean-up logic. - Security scanning/reporting rules clarified and strengthened, with stricter enforcement of language, output templates, and reporting requirements. - Documentation expanded to reflect enhanced data protection in backup and restore workflows.

v0.1.6

- Clarified that all post-install commands run locally with no network requests, and that network behavior can be reviewed via the open-source repo. - Updated scan-skills instructions: clarified default/typical scan directories and explicitly stated sensitive directories are not accessed. - Enhanced documentation around Skill scan paths to distinguish between openclaw360 and OpenClaw platform directories. - No functional or code changes; documentation only.

v0.1.5

openclaw360 0.1.5 - Updated SKILL.md to set `disable-model-invocation: true` as a top-level frontmatter field (previously under metadata). - Updated pinned commit hash in install instructions for both pip and venv methods. - Minor documentation clarifications; no code or functionality changes.

v0.1.4

- Updated pinned commit hash in pip install command for improved code consistency and integrity. - Clarified permission, reading, and writing behaviors in the SKILL.md for better transparency. - Refined data handling and network access descriptions; now explicitly lists which files and directories are accessed or excluded. - Simplified instructions and feature descriptions, making the documentation more concise and user-friendly. - Removed redundant details from usage and scan-report rules, while retaining core security principles.

v0.1.3

**Summary:** Improves security transparency and operational safety, clarifies "read-only" design, and adds install instructions to metadata. - Declares all functionality as pure read-only analysis (no shell commands, file modification, or outbound network requests). - Expands and clarifies Permissions, Data Handling, and Network Access sections; affirms no telemetry or background activity. - Introduces install instructions directly within metadata.install for user reference and reproducibility. - Enhances security guarantees: MIT license, source-verifiable, no code execution or subprocess calls, and no external data flows. - Clarifies doc- and script-based sensitive data distinction in audit/scanning reports. - Updates example commands, scan report display rules, and ALL operational instructions for consistency with safer usage.

v0.1.2

openclaw360 v0.1.2 changelog: - Expanded and clarified skill security scanning rules, including strict reply and language requirements. - Detailed requirements and templates for scan report structure, with a two-stage (summary/detail) presentation process. - Added explicit instructions to run scan-skills only once per scan and to wait for full output before replying. - Further specified prompt injection detection methods, risk formulas, and tool-call authorization process. - Improved documentation for DLP coverage, audit logging, and user communication practices.

v0.1.1

- Added explicit requirement for user confirmation before installation, detailing created files and directories. - Enhanced security: now requires all installs to use a pinned commit hash (not just a tag) for source code integrity. - Clarified that all data remains local; Ed25519 identity keys are only used for audit log signing. - Updated instructions: network access is only allowed for install (once) and user-triggered rules update—no background or automatic network requests. - Improved documentation of new command-line options (`check-prompt`, `check-tool`, `check-output`) and mandatory local directories. - Restricted model invocation by adding `disable-model-invocation: true` in metadata.

v0.1.0

Initial release of openclaw360 - Provides runtime security protection for AI agents with prompt injection detection, tool call authorization, sensitive data leak prevention, and skill security scanning. - All data is processed locally; audit logs store only SHA-256 hashes; no data is sent to external servers. - Installation workflow supports both direct pip install and venv fallback for compatibility. - Skill security scanning supports static analysis, JSON output, and minimum score filters. - Does not require sudo or access to sensitive system directories; needs Python 3.10+.

元数据

Slug openclaw360

版本 0.1.11

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 12

常见问题

Openclaw360 是什么？

Runtime security skill for AI agents — prompt injection detection, tool call authorization, sensitive data leak prevention, skill security scanning, and one-... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 403 次。

如何安装 Openclaw360？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw360」即可一键安装，无需额外配置。

Openclaw360 是免费的吗？

是的，Openclaw360 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Openclaw360 支持哪些平台？

Openclaw360 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Openclaw360？

由 WalkerX（@326668808）开发并维护，当前版本 v0.1.11。