← 返回 Skills 市场

picoclaw-security-guardian

Name: picoclaw-security-guardian
Author: davida-ps

作者 davida-ps · GitHub ↗ · v0.0.1 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install picoclaw-security-guardian

功能描述

Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.

使用说明 (SKILL.md)

Picoclaw Security Guardian

Detailed architecture/operator docs: wiki/modules/picoclaw-security-guardian.md.

Goal

Provide Picoclaw with the same support-matrix security capabilities ClawSec tracks for mature platform modules:

Skill name	supported platform	security feed	config drift	agent posture-review lane	chain of supply verification
picoclaw-security-guardian	Picoclaw	Yes	Yes	Separate package	Yes

Threat model

Picoclaw is a lightweight AI gateway that can expose chat channels, a Web UI, tool execution, MCP servers, credentials, schedulers, and embedded/router deployments. This skill focuses on the trust boundaries where those features become security-sensitive.

Default safety posture

Read-only by default.
No scheduler creation in v0.0.1.
No outbound network by default.
Writes only explicit report/profile outputs under $PICOCLAW_HOME/security/clawsec/ unless the operator supplies test-local temporary paths.
Advisory checks fail closed when verification state is not verified unless the operator passes --allow-unsigned for a documented emergency/offline window.

Security advisory awareness

Use scripts/check_advisories.mjs with a local feed/cache and verification state:

node scripts/check_advisories.mjs   --feed ~/.picoclaw/security/clawsec/feed.json   --state ~/.picoclaw/security/clawsec/feed-verification-state.json

The script filters advisories for picoclaw, ai-gateway, empty/all-platform advisories, or affected package entries containing picoclaw.

Drift protection

Generate a deterministic profile:

node scripts/generate_profile.mjs   --output ~/.picoclaw/security/clawsec/current-profile.json

Compare against an approved baseline:

node scripts/check_drift.mjs   --baseline ~/.picoclaw/security/clawsec/baseline-profile.json   --current ~/.picoclaw/security/clawsec/current-profile.json   --fail-on critical

Critical drift includes public Web UI enablement, Web UI auth disablement, workspace restriction disablement, unsigned/insecure verification mode, verified-feed regression, and watched-file/release-artifact fingerprint changes.

Chain-of-supply verification

Verify a Picoclaw release artifact against a checksum manifest plus detached signature. Signed manifest verification is required for a passing supply-chain verdict:

node scripts/verify_supply_chain.mjs \
  --artifact ./picoclaw \
  --checksums ./checksums.json \
  --signature ./checksums.json.sig \
  --public-key ./feed-signing-public.pem

Checksum-only mode is integrity-only, not provenance. Use --allow-unsigned-checksums only for short, documented offline triage windows; it should not satisfy production install verification.

Operator review notes

Treat public UI binding (0.0.0.0, -public) as a critical review item until auth and network allowlists are proven.
Treat MCP servers as separate trust boundaries; review each server's filesystem, network, and credential access.
Treat third-party OpenWrt/LuCI wrappers as separate supply-chain artifacts. Verify provenance before installing them on routers.
Never leave unsigned advisory mode enabled in recurring or production checks.

Validation

python utils/validate_skill.py skills/picoclaw-security-guardian
node skills/picoclaw-security-guardian/test/profile.test.mjs
node skills/picoclaw-security-guardian/test/drift.test.mjs
node skills/picoclaw-security-guardian/test/supply_chain.test.mjs
bash -n skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

Pre-release install regression

Before publishing v0.0.1 release artifacts, run the isolated install lane from the repo root:

skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

The regression installs the skill through Picoclaw's own find_skills / install_skill path from a local ClawHub-compatible registry into an isolated Docker-hosted Picoclaw workspace with isolated HOME, PICOCLAW_HOME, and PICOCLAW_WORKSPACE. It verifies signed release-artifact preflight inputs, confirms Picoclaw's skill loader can list/load the installed skill, then runs the installed copy's profile, drift, advisory fail-closed, advisory filtering, and supply-chain verification paths against Picoclaw-style config.json and launcher-config.json files.

安全使用建议

This package appears internally consistent and implements the features it claims. Before installing or running tests: 1) Run the scripts in an isolated/test environment (the regression harness runs Docker and builds/runs Picoclaw code). 2) Only provide verified advisory feeds, checksum manifests, and public keys from trusted sources — the skill enforces signed manifests by default and using '--allow-unsigned*' flags weakens guarantees. 3) Check your PICOCLAW_HOME and any --watch / --artifact paths you pass to avoid scanning or exposing unrelated files. 4) Review the regression/test harness before running it on a machine with sensitive data (it spawns containers, generates keys, and exercises install paths). Overall the code reads as a focused Picoclaw security helper — there are no unexplained network endpoints or unrelated credential requests.

功能分析

Type: OpenClaw Skill Name: picoclaw-security-guardian Version: 0.0.1 The skill is a security auditing tool for the Picoclaw platform, providing configuration drift detection, advisory filtering, and supply-chain verification. It demonstrates security-conscious design, such as path-confinement checks in lib/profile.mjs to prevent directory traversal and Ed25519 signature verification in lib/supply_chain.mjs. The complex regression harness (test/picoclaw_security_guardian_sandbox_regression.sh) is a legitimate integration test that uses Docker and a local mock registry to verify installation workflows, and no evidence of data exfiltration, malicious execution, or prompt injection was found.

能力标签

cryptorequires-walletrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description map to the actual files and runtime behavior: scripts and libs implement advisory filtering, deterministic profile generation, drift diffing, and checksum+signature verification. Declared binaries (node) and optional env vars are Picoclaw-specific and proportionate.

✓ Instruction Scope

SKILL.md and the scripts only read Picoclaw config files / watched files, produce confined outputs under PICOCLAW_HOME, and require a local advisory feed or checksum manifests. The test/regression instructions do start Docker, run a local HTTP registry, and exercise Picoclaw-specific install flows — these are test harness actions, documented and isolated to pre-release regression.

✓ Install Mechanism

No install spec is declared (instruction-only skill). All code is included in the repo and nothing is downloaded from third-party URLs. Tests pull docker images and use system tools, but there is no external archive download at install-time in the skill manifest itself.

✓ Credentials

No required credentials or unrelated env vars are requested. Optional env vars are Picoclaw-specific (PICOCLAW_HOME, PICOCLAW_CONFIG, etc.). The code inspects config files within Picoclaw paths only, which is consistent with the stated purpose.

✓ Persistence & Privilege

Skill does not request always:true and is described as read-only/on-demand in v0.0.1. It does not modify other skills or system-wide agent settings; outputs are confined to PICOCLAW_HOME and the code enforces path confinement and symlink checks.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install picoclaw-security-guardian
安装完成后，直接呼叫该 Skill 的名称或使用 /picoclaw-security-guardian 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.0.1

Release 0.0.1 via CI

元数据

Slug picoclaw-security-guardian

版本 0.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题