← 返回 Skills 市场
revupai

RevSec Shield

作者 Nipun · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
96
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install revsec-shield
功能描述
24/7 security monitoring for your OpenClaw agent. Detects prompt injection attacks, malicious skills, and data exfiltration attempts. Delivers plain-English...
安全使用建议
Before installing: 1) Verify the vendor and backend: check the RevSec service owner, privacy policy, and where data is hosted. 2) Ask the maintainer to provide a precise data map — what exact files/fields will be sent to revsec.revt2d.com and what the service does with them. 3) Avoid echoing the API key into shells or logs; store the key in OpenClaw environment settings as recommended and ensure logs are not captured. 4) Inspect ~/.openclaw/openclaw.json yourself to see whether it contains sensitive tokens that you don't want shared; if it does, ask RevSec which fields they need and whether you can redact others. 5) Consider running the skill manually for one-time checks first instead of enabling the 5-minute cron, and confirm you can revoke the API key and remove the cron job easily. 6) If you cannot verify the backend/operator or the exact data transmitted, treat this skill as higher-risk and prefer alternatives from known/trusted vendors.
能力评估
Purpose & Capability
Name/description (agent security monitoring + WhatsApp alerts) align with the declared requirement (REVSEC_API_KEY) and instructions to register and poll a remote API. Requiring an API key for a hosted monitoring service is expected, and reading OpenClaw state/config to identify the agent is consistent with the stated purpose. The homepage is an unfamiliar domain (revsec.revt2d.com) and owner identity is unknown, so vendor trustworthiness is not established.
Instruction Scope
SKILL.md instructs the agent to read and write ~/.openclaw/revsec-state.json, read ~/.openclaw/openclaw.json, list installed skill directories, generate/stash stable agent IDs, and create a 5-minute background poll (cron). Those actions allow collection of agent configuration and the list (and possibly contents) of installed skills — reasonable for a monitor but potentially sensitive. The doc also tells the agent to echo $REVSEC_API_KEY (which may leak the key into logs) and to prefer automated curl/shell calls, increasing the chance sensitive data will be transmitted without explicit user review. The instructions do not fully describe what exact fields are sent to RevSec or what the RevSec backend will do with them.
Install Mechanism
No install spec or code files are included (instruction-only), so nothing will be downloaded or written during install beyond the state file the skill itself asks the agent to manage. This minimizes install-time risk but means runtime behavior (network calls) is the main surface to review.
Credentials
Only one environment variable (REVSEC_API_KEY) is required, which is proportionate for an authenticated hosted service. However, the instructions to echo the key and to read other local configs (openclaw.json and skill directories) increase risk of inadvertent leakage; the SKILL.md does not limit or document exactly what data is posted to the remote API.
Persistence & Privilege
The skill instructs creating/ensuring a cron job that runs every 5 minutes to poll an external service. While always:false and autonomous invocation are normal, a frequent background poll combined with the ability to read local config and installed skills raises the operational blast radius: it enables continuous exfiltration if the remote service or API key is misused. The SKILL.md does not provide opt-in controls or a clear list of transmitted fields.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install revsec-shield
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /revsec-shield 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Improved data transparency: explicit table of data transmitted, API key check without echo, WhatsApp credential clarification, privacy policy link, company identity.
v1.0.1
Improved data transparency: added exact disclosure of data sent to API. API key check no longer echoes key value.
v1.0.0
Initial public release
元数据
Slug revsec-shield
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

RevSec Shield 是什么?

24/7 security monitoring for your OpenClaw agent. Detects prompt injection attacks, malicious skills, and data exfiltration attempts. Delivers plain-English... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 96 次。

如何安装 RevSec Shield?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install revsec-shield」即可一键安装,无需额外配置。

RevSec Shield 是免费的吗?

是的,RevSec Shield 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

RevSec Shield 支持哪些平台?

RevSec Shield 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 RevSec Shield?

由 Nipun(@revupai)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论