← 返回 Skills 市场
davida-ps

picoclaw-self-pen-testing

作者 davida-ps · GitHub ↗ · v0.0.1 · MIT-0
cross-platform ✓ 安全检测通过
38
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install picoclaw-self-pen-testing
功能描述
Picoclaw-only local posture-review skill focused on read-only findings and safe operator remediation guidance.
使用说明 (SKILL.md)

Picoclaw Posture Review (separate package)

Purpose: keep Picoclaw posture-review checks isolated from the broader guardian package so moderation-sensitive checks can be versioned/published independently.

Scope

This skill only performs local, read-only posture-review analysis against an existing Picoclaw posture profile.

It flags:

  • public Web UI exposure
  • disabled UI auth
  • unrestricted workspace/tooling
  • unsigned verification mode
  • MCP trust-boundary review needs
  • scheduler persistence review
  • plaintext secret markers
  • multi-channel auth review

Usage

node scripts/self_pen_test.mjs --profile ~/.picoclaw/security/clawsec/current-profile.json

Validation

python utils/validate_skill.py skills/picoclaw-self-pen-testing
node skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs
安全使用建议
This package appears coherent and read-only: it only parses the JSON profile file you explicitly pass and prints findings. Before installing, verify the package source (homepage/owner) and license (AGPL implications for redistribution). Run the included unit test locally (node test/self_pen_test.test.mjs) to confirm behavior. Note the README references a python validation script that isn't packaged—ignore or supply your own validator. Most importantly, only point --profile at files you intend to inspect (do not feed it arbitrary sensitive files), and review the small JS files yourself if you want to be certain they only read and summarize the profile. If you need stronger guarantees, run the CLI in a sandboxed environment or with a copy of the profile that has secrets redacted.
功能分析
Type: OpenClaw Skill Name: picoclaw-self-pen-testing Version: 0.0.1 The skill is a local security auditing tool designed to perform read-only posture reviews of Picoclaw configuration profiles. The code in lib/self_pen_test.mjs and scripts/self_pen_test.mjs purely analyzes JSON input for security weaknesses (e.g., disabled authentication or exposed interfaces) and outputs a report. There is no evidence of network egress, data exfiltration, or malicious execution; the behavior is entirely consistent with the documentation provided in SKILL.md and skill.json.
能力评估
Purpose & Capability
Name/description say 'local posture-review' and the package contains a small Node-based engine and CLI that reads a profile JSON and emits findings. Declared requirement of node and optional PICOCLAW_HOME are appropriate and proportional. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions require an explicit --profile path and the CLI only reads that file, runs in-memory checks, and prints JSON. This matches the stated read-only scope. Minor note: SKILL.md/README mention a python utils/validate_skill.py validation command that is not included in the package—this is a documentation/test mismatch but not a runtime risk. Also: because the tool reads whatever profile path you supply, do not point it at files containing secrets unless you intend local inspection.
Install Mechanism
No install spec is provided (instruction-only skill) and the package includes only small JS modules and a script; nothing is downloaded or executed from remote URLs. This is low-risk for installation.
Credentials
The skill requires no credentials or sensitive environment variables. The manifest declares an optional PICOCLAW_HOME only. There are no unexpected required env vars or keys.
Persistence & Privilege
always is false, the package states 'Read-only/on-demand; no scheduler is installed', and the code does not write to system paths or modify other skills. It runs on-demand with no autonomous persistence requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install picoclaw-self-pen-testing
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /picoclaw-self-pen-testing 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Release 0.0.1 via CI
元数据
Slug picoclaw-self-pen-testing
版本 0.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

picoclaw-self-pen-testing 是什么?

Picoclaw-only local posture-review skill focused on read-only findings and safe operator remediation guidance. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 38 次。

如何安装 picoclaw-self-pen-testing?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install picoclaw-self-pen-testing」即可一键安装,无需额外配置。

picoclaw-self-pen-testing 是免费的吗?

是的,picoclaw-self-pen-testing 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

picoclaw-self-pen-testing 支持哪些平台?

picoclaw-self-pen-testing 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 picoclaw-self-pen-testing?

由 davida-ps(@davida-ps)开发并维护,当前版本 v0.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论