← 返回 Skills 市场
Protocol Doc Auditor
作者
andyxinweiminicloud
· GitHub ↗
· v1.0.0
407
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install protocol-doc-auditor
功能描述
Helps detect hidden attacks in API and protocol documentation. Scans integration guides for dangerous instructions like curl|bash, credential harvesting, and...
安全使用建议
This skill appears internally consistent. Before installing: (1) confirm you trust the skill publisher since source/homepage is unknown, (2) restrict the agent's network access if you run it against sensitive internal docs, and (3) remember the auditor flags patterns but cannot guarantee detection of novel or obfuscated attacks — for high-risk integrations follow up with manual review.
功能分析
Type: OpenClaw Skill
Name: protocol-doc-auditor
Version: 1.0.0
The OpenClaw skill 'protocol-doc-auditor' is designed to detect malicious instructions within API and protocol documentation. While its `SKILL.md` contains examples of dangerous commands like `curl | bash` and `cat ~/.ssh/id_rsa.pub`, these are presented as *input* that the auditor analyzes and flags as risky, not as instructions for the AI agent to execute. The skill's stated purpose is defensive, and its required binaries (`curl`, `python3`) are consistent with fetching and analyzing documentation. There is no evidence of intentional harmful behavior, data exfiltration, or prompt injection against the agent itself.
能力评估
Purpose & Capability
Name and description claim a document-auditor for protocol docs; requiring curl (to fetch a URL) and python3 (to parse/analyze text) is reasonable and proportional to that purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines itself to analyzing provided URLs or text content for risky patterns (curl|bash, credentials in URLs, telemetry setup, etc.). It does not instruct the agent to read user files, environment secrets, or system configuration, nor to exfiltrate data to third parties.
Install Mechanism
Instruction-only skill with no install spec or downloads. This is low-risk — nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are required. The absence of sensitive requirements matches the auditor's function (text analysis of docs).
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is allowed by default but is not combined with other red flags here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install protocol-doc-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/protocol-doc-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of protocol-doc-auditor.
- Scans API and protocol documentation for hidden attack vectors and dangerous setup instructions.
- Detects risky patterns such as `curl | bash`, credential exposure, data leakage, irrevocable identity binding, and privilege escalation.
- Provides an audit report with risk assessments and safer alternatives for each instruction.
- Rates overall document safety as SAFE / CAUTION / DANGEROUS.
元数据
常见问题
Protocol Doc Auditor 是什么?
Helps detect hidden attacks in API and protocol documentation. Scans integration guides for dangerous instructions like curl|bash, credential harvesting, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 407 次。
如何安装 Protocol Doc Auditor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install protocol-doc-auditor」即可一键安装,无需额外配置。
Protocol Doc Auditor 是免费的吗?
是的,Protocol Doc Auditor 完全免费(开源免费),可自由下载、安装和使用。
Protocol Doc Auditor 支持哪些平台?
Protocol Doc Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Protocol Doc Auditor?
由 andyxinweiminicloud(@andyxinweiminicloud)开发并维护,当前版本 v1.0.0。
推荐 Skills