← 返回 Skills 市场
Ralph Ultra Security Audit
作者
dorukardahan
· GitHub ↗
· v3.0.0
726
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ralph-ultra
功能描述
Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough secu...
安全使用建议
This skill is a powerful, open-ended audit runner: it tells the agent to read code, environment variables, git history, database constraints, and to generate proof-of-concept exploits. That is coherent for a deep audit, but the skill metadata does not declare what credentials or files it will need — so installing it could allow the agent to access sensitive data without you knowing upfront. Before installing or running: (1) only run in an isolated/staging environment or sandbox with no production secrets; (2) require the author to document exact inputs, expected repo paths, and credential requirements; (3) restrict the agent's filesystem/DB access to read-only snapshots where possible; (4) decide whether you permit automatic PoC generation (it can create exploit code); and (5) consider manual human review of findings before any remediation is applied. If you need higher assurance, ask the publisher to add explicit required env/config entries and scope constraints in the SKILL.md so required privileges are visible before installation.
功能分析
Type: OpenClaw Skill
Name: ralph-ultra
Version: 3.0.0
The skill bundle is classified as suspicious due to the extensive and high-risk capabilities it instructs the AI agent to perform, even though these actions are framed within the context of a 'deep security audit'. Instructions in `SKILL.md` include explicit command execution (`git rev-parse --show-toplevel`), broad file system access (reading code, `.env` files, git history for 'secret detection', CI/CD configs, and writing to `.ralph-report.md`), network enumeration ('endpoint enumeration', 'exposed ports'), and 'penetration test simulation' with 'Red Team Mindset' and 'proof-of-concept' generation. While these actions are necessary for a thorough security audit, they represent significant potential for abuse or unintended harm if the agent were compromised or if the instructions were subtly subverted, making it a high-risk tool rather than benign.
能力评估
Purpose & Capability
The name/description (deep 1,000‑iteration security audit) aligns with the SKILL.md: it explicitly instructs exhaustive checks across code, infrastructure, dependencies, and secrets. That capability legitimately requires broad access to code, repos, and environments, so the purpose is coherent — but the metadata does not declare the access/credentials this requires, which is unexpected.
Instruction Scope
The runtime loop explicitly directs the agent to 'read actual code, check libraries, check DB constraints, check environment' and to provide proof-of-concept exploits where applicable. These are open-ended instructions that give the agent broad discretion to access arbitrary files, environment variables, git history, and potentially run or craft exploit code. The SKILL.md does not limit scope (e.g., to a specific repo path or read-only snapshot) or describe safe guardrails for destructive actions.
Install Mechanism
Instruction-only skill with no install spec and no code files executed by the platform — lowest install risk. There is no remote download or package installation declared.
Credentials
The skill declares no required env vars, credentials, or config paths, but the instructions require access to secrets, databases, git history, and environment drift checks. That mismatch means the skill will likely need credentials or filesystem access at runtime that are not surfaced up front for users to review — a proportionality and transparency issue.
Persistence & Privilege
always:false and no persistent install or modification of other skills. The skill saves progress to .ralph-report.md every 50 iterations (local file), which is expected for a multi-step audit; there is no declared attempt to modify system-wide agent settings or other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ralph-ultra - 安装完成后,直接呼叫该 Skill 的名称或使用
/ralph-ultra触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
Latest update
v2.0.0
Initial publish — security audit skill (10/100/1K/10K iterations)
元数据
常见问题
Ralph Ultra Security Audit 是什么?
Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough secu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 726 次。
如何安装 Ralph Ultra Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ralph-ultra」即可一键安装,无需额外配置。
Ralph Ultra Security Audit 是免费的吗?
是的,Ralph Ultra Security Audit 完全免费(开源免费),可自由下载、安装和使用。
Ralph Ultra Security Audit 支持哪些平台?
Ralph Ultra Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ralph Ultra Security Audit?
由 dorukardahan(@dorukardahan)开发并维护,当前版本 v3.0.0。
推荐 Skills