← 返回 Skills 市场
liwiw

Runtime Monitor

作者 liwiw · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
118
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install runtime-monitor
功能描述
AI 代理运行时 I/O 安全监控 - 检测提示注入、数据外泄、危险命令
使用说明 (SKILL.md)

Runtime Monitor Skill

运行时 I/O 安全监控模块,保护 AI 代理免受安全威胁。

功能

  • 提示注入检测:识别恶意注入模式
  • 数据外泄检测:监控敏感数据传输
  • 危险命令检测:拦截高风险系统命令

使用场景

使用此技能当:

  • 需要监控工具调用的输入/输出安全
  • 检测潜在的安全攻击
  • 审计 AI 代理行为

风险等级

等级 说明
LOW 低风险,正常操作
MEDIUM 中等风险,需关注
HIGH 高风险,建议拦截
CRITICAL 严重风险,立即阻止

集成方式

from runtime_monitor import RuntimeMonitor

monitor = RuntimeMonitor()
result = monitor.detect(tool_call)

最佳实践

  1. 所有外部调用前进行风险评估
  2. 定期更新检测规则
  3. 记录所有安全事件到审计日志
安全使用建议
This skill appears to do what it says: regex-based runtime monitoring for prompt injection, secrets, and risky commands. Before installing: - Verify the actual public API/method names in runtime_monitor.py match SKILL.md/README (there are inconsistent call examples). - Review the remainder of runtime_monitor.py (file was truncated in the listing) to confirm there are no network calls, telemetry, or file writes not shown here. - Be aware the monitor will inspect any text you pass it (including secrets); logs include a truncated raw_input field. Configure logging/sanitization to avoid accidentally persisting sensitive data (or scrub inputs before sending to the monitor). - Run initially in a restricted or test environment and audit its outputs to ensure detection rules and logging behavior meet your privacy and operational requirements.
功能分析
Type: OpenClaw Skill Name: runtime-monitor Version: 1.0.0 The runtime-monitor skill is a legitimate security utility designed to protect AI agents by scanning inputs and outputs for malicious patterns. The core logic in runtime_monitor.py implements a comprehensive detection engine using regular expressions to identify prompt injection attempts, sensitive data exfiltration (e.g., API keys, SSH paths), and dangerous system commands (e.g., rm -rf, reverse shells). The skill functions as a passive monitor and does not execute any high-risk operations itself, aligning perfectly with its stated purpose of enhancing agent safety.
能力评估
Purpose & Capability
Name/description (runtime I/O security monitoring) align with the code: the Python module implements regex-based detection for prompt injection, data exfiltration patterns, and dangerous commands. The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md and README show simple integration examples (import RuntimeMonitor; call monitor.detect or monitor.monitor). There is a minor mismatch in method names between SKILL.md and README which may reflect outdated docs vs code; otherwise instructions stay within the described monitoring scope and do not direct the agent to read unrelated system files or external endpoints. The monitor will necessarily inspect any text passed to it (including secrets), and the code logs warnings and includes raw_input (truncated to 500 chars) in DetectionResult — consider this when sending sensitive data to the monitor.
Install Mechanism
No install spec and no external downloads; the skill is distributed as a Python source file only. No package installation or remote code fetches were specified.
Credentials
The skill declares no required environment variables, credentials, or config paths. The presence of regexes that detect API keys, AWS keys, GitHub tokens, etc. is appropriate for a data-exfiltration detector and does not imply the skill itself requests those secrets.
Persistence & Privilege
always is false, the skill does not request persistent/privileged installation and there is no evidence it modifies other skills or global agent settings. Logging is used but no file- or network-based persistence is visible in the provided code fragment.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install runtime-monitor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /runtime-monitor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of runtime-monitor skill. - Monitors AI agent runtime I/O for security threats. - Features detection for prompt injection, data leakage, and dangerous system commands. - Provides risk classification (LOW, MEDIUM, HIGH, CRITICAL) for easy triage. - Includes integration guide and best practices for optimal security and auditing.
元数据
Slug runtime-monitor
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Runtime Monitor 是什么?

AI 代理运行时 I/O 安全监控 - 检测提示注入、数据外泄、危险命令. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。

如何安装 Runtime Monitor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install runtime-monitor」即可一键安装,无需额外配置。

Runtime Monitor 是免费的吗?

是的,Runtime Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Runtime Monitor 支持哪些平台?

Runtime Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Runtime Monitor?

由 liwiw(@liwiw)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论