← 返回 Skills 市场
duclawbot

clawguard

作者 Duclawbot · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ 安全检测通过
229
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install opsec
功能描述
Security review and risk auditing for OpenClaw skills and deployments. Inspect third-party skills, dangerous instructions, credential requests, privilege ris...
安全使用建议
This skill is internally consistent with its stated purpose and is safe to run locally for auditing other skills. Before installing/running: (1) review rules/skill_review.json if you want different patterns or to reduce false positives, (2) note that reports are persisted under ~/.openclaw/workspace by default (set WORKSPACE_ROOT to change), and (3) treat its findings as automated signals that require manual review — the scanner can produce false positives/negatives and does not guarantee complete security. If you plan to let an autonomous agent invoke this skill, know it can read local skill directories you point it at and will write reports to the workspace; that is expected behavior but verify the agent's scope and permissions first.
功能分析
Type: OpenClaw Skill Name: opsec Version: 1.0.2 The 'clawguard' skill is a local static analysis tool designed to audit other OpenClaw skills for security risks. The core logic in scripts/lib/engine.py and scripts/review_skill.py performs pattern matching against a defined ruleset (rules/skill_review.json) to identify risky shell commands, credential requests, and sensitive path access. All operations are local-first, saving reports to the user's workspace without any evidence of data exfiltration, remote execution, or malicious prompt injection.
能力评估
Purpose & Capability
Name/description match the included code and rules. The code implements a local pattern-based scanner (rules/skill_review.json) that inspects SKILL.md, scripts, and other text files under a user-provided skill directory. There are no unrelated environment variables, remote endpoints, or cloud APIs requested.
Instruction Scope
SKILL.md describes local-first review behavior and the implementation follows that: scan_skill walks the given skill directory, reads text files, applies rules, and returns a structured report. The instructions and code do not read unrelated system config files, network endpoints, or secret-bearing env vars. The scanner excludes its own rules and references directories from inspection.
Install Mechanism
No install spec or remote downloads. The skill is instruction-only (scripts included for local execution). No archives, third-party package installs, or network fetches are performed by the code itself.
Credentials
The skill requires no credentials or sensitive environment variables. It optionally honors WORKSPACE_ROOT to choose where to persist reports; otherwise it uses a sensible per-user path (~/.openclaw/workspace). This level of access is proportionate for a reporting tool.
Persistence & Privilege
The skill writes and persists reports under the user's workspace (~/.openclaw/workspace/memory/clawguard/reports.json). This is expected for an audit tool, but users should know reports are stored locally and that the skill will create that directory if it doesn't exist. always is false and the skill does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install opsec
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /opsec 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
[email protected]: Added --summary-only decision output for faster install reviews, improved medium-severity explanation in summaries, and added optional human review notes via --note.
v1.0.1
[email protected]: Improved review precision for real third-party skills by removing markdown code-fence false positives and splitting credential mentions from explicit secret exposure guidance.
v1.0.0
[email protected]: Initial release of a local-first OpenClaw security review skill for third-party skill vetting, structured rule matching, evidence-based reporting, and JSON-friendly output.
元数据
Slug opsec
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

clawguard 是什么?

Security review and risk auditing for OpenClaw skills and deployments. Inspect third-party skills, dangerous instructions, credential requests, privilege ris... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 229 次。

如何安装 clawguard?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install opsec」即可一键安装,无需额外配置。

clawguard 是免费的吗?

是的,clawguard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

clawguard 支持哪些平台?

clawguard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 clawguard?

由 Duclawbot(@duclawbot)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论