← 返回 Skills 市场
149
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install portable-deployment-audit
功能描述
Read-only security auditing for OpenClaw deployments, repositories, and local project directories. Scan an explicit target directory for exposed credentials,...
安全使用建议
This skill appears to do what it claims: a read-only, file-based audit. Before installing/using it, ensure you have node available (the SKILL.md runs the script with 'node' but the registry metadata doesn't declare node), read the script yourself if you're concerned, and avoid pointing the scanner at sensitive system files or absolute paths you don't want inspected (don't pass --env-file or --dockerfile pointing to secrets unless you intend to). Run it locally or in an isolated environment first and use --format json for CI parsing. If you need higher assurance, confirm (search the script) that there are no network calls or child_process execs (the provided code shows none).
功能分析
Type: OpenClaw Skill
Name: portable-deployment-audit
Version: 1.0.2
The portable-deployment-audit skill is a read-only security utility designed to scan local directories for credentials, risky configurations, and Docker/Git misconfigurations. The implementation in scripts/audit.cjs uses standard Node.js file system APIs for inspection and contains no network activity, shell execution, or data exfiltration logic. The SKILL.md instructions are well-aligned with the tool's stated purpose and do not attempt to manipulate the agent into performing unauthorized actions.
能力评估
Purpose & Capability
Name/description match the included script. The script inspects repository/project files (env, Dockerfile, compose, source files) and reports findings; this aligns with a portable read-only audit.
Instruction Scope
SKILL.md instructs running the script via node (node command shown), but the registry metadata lists no required binary — declaring 'node' as a required binary would be more accurate. The script collects some host metadata (os.hostname()) which is not mentioned in the prose; it also accepts explicit --env-file and --dockerfile paths (which can point anywhere the invoking user has read access). The script asserts it does not execute external binaries and the code shown contains only filesystem inspection (no child_process or network calls).
Install Mechanism
No install spec is provided and there are no downloads or extract operations — the skill is delivered as files (script + SKILL.md). This is low-risk compared with remote installers.
Credentials
The skill does not request any environment variables or credentials. It does read files discovered under the target directory and will also read any explicit file paths passed via --env-file/--dockerfile, which is reasonable for an auditor but means callers should not point it at sensitive files in shared hosts. The script records hostname and platform in its runtime metadata (minor identifying info).
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify agent/system configuration; execution is on-demand and local.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install portable-deployment-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/portable-deployment-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Now performs security audits using file inspection only; no external binaries or shell commands are executed.
- Audits explicit port exposure hints from config and compose files instead of actively inspecting listening ports.
- Adjusted `--allow-port` to suppress expected configured/published ports.
- Git exposure check now flags directory exposure and missing `.gitignore`, without using git commands.
- Documentation updated to clarify scope and file-inspection-only nature of all checks.
v1.0.1
Version 1.0.1
- Added support for `--exclude-dir` to skip specified directories during audits.
- Introduced `--allow-port` to suppress expected listening port findings.
- Docker checks now inspect compose files and detect additional risks (root/privileged runtime, host networking, published ports).
- Text output now includes short remediation recommendations for findings.
v1.0.0
Initial release of portable-deployment-audit.
- Provides read-only security audits for OpenClaw deployments, repositories, and local project directories.
- Scans target directories for exposed credentials, risky configuration, listening ports, Dockerfile issues, Git exposure, and Unix permission problems.
- Offers flexible output with JSON reporting and configurable strict mode for CI integration.
- Allows selection of specific scan types (credentials, configs, ports, docker, git, permissions).
- Fully read-only—no automatic fixes or file modifications.
元数据
常见问题
portable-deployment-audit 是什么?
Read-only security auditing for OpenClaw deployments, repositories, and local project directories. Scan an explicit target directory for exposed credentials,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 149 次。
如何安装 portable-deployment-audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install portable-deployment-audit」即可一键安装,无需额外配置。
portable-deployment-audit 是免费的吗?
是的,portable-deployment-audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
portable-deployment-audit 支持哪些平台?
portable-deployment-audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 portable-deployment-audit?
由 WeiHan(@otweihan)开发并维护,当前版本 v1.0.2。
推荐 Skills