← 返回 Skills 市场
109
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install safe-fuzzer-deprecated
功能描述
Sandbox-only behavior-led gray-box skill fuzzer. Spawns a worker subagent, probes an installed target skill, deploys honeypot fixtures, and returns a structu...
安全使用建议
This skill appears to be what it claims: a sandbox-only fuzzer that spawns worker subagents and runs probes inside a locked sandbox. Before installing/running: (1) ensure you run it only in a fully isolated sandbox with agents.defaults.sandbox.mode: "all" as the SKILL.md requires; (2) confirm that tripwire/fixture semantics are synthetic (the skill claims 'synthetic_secrets_only') so the fuzzer will not look for or leak your real secrets; (3) accept that the fuzzer is allowed to read target-owned files for gray-box planning — if your installed target skill contains sensitive keys/configs, move them out of the test workspace first; (4) note the README lists recommended tooling (node, python, curl, jq) although the skill metadata doesn't declare required binaries — ensure your sandbox image provides those if you expect the worker to run tooling. If you need a stricter guarantee that no environment variables or host configs will ever be accessed, request explicit confirmation from the skill author or run a short controlled test on a disposable target first.
功能分析
Type: OpenClaw Skill
Name: safe-fuzzer
Version: 1.0.0
The safe-fuzzer skill is a security testing tool designed to perform gray-box behavioral analysis on other OpenClaw skills within a sandbox. It exhibits high-risk capabilities, including spawning and orchestrating subagent sessions (sessions_spawn), deploying honeypot fixtures with synthetic secrets (synthetic-secrets.env), and executing automated probes that exercise network egress, file manipulation, and shell execution. While the skill includes significant safety gates—such as mandatory sandbox checks and prohibitions against accessing real host credentials or environment variables—the inherent risk of automated subagent orchestration and the execution of behavioral probes against other software components aligns with the criteria for a suspicious classification.
能力评估
Purpose & Capability
Name and description match the runtime instructions: orchestration, worker-spawn, honeypot fixture deployment, and structured reporting. No credentials, binaries, or install steps are declared, which is coherent for an instruction-only orchestrator that expects a sandbox image to provide runtime tools. README lists recommended container tooling (node, npm, python3, git, curl, jq) but the skill metadata does not declare required binaries — this is a minor documentation mismatch but not a functional incoherence.
Instruction Scope
SKILL.md explicitly limits behavior to a locked sandbox, forbids reading host env/config paths, and requires preflight checks. It authorizes limited gray-box reads of target SKILL.md and ./skills/<target>/** to improve probe planning — this is reasonable for a gray-box fuzzer but could expose target-local secrets if those exist; the instructions also mandate synthetic secrets only and honeypot fixtures. Overall the scope stays within the stated fuzzer purpose, but operators should be aware that allowed 'limited reads' of target files can surface sensitive data from the target skill's workspace.
Install Mechanism
No install spec (instruction-only) — lowest-risk class. The skill expects the runtime sandbox to provide requisite binaries/images but does not attempt to download or install code itself. README notes external SAFE project references, but there is no remote installer or extraction step in the skill bundle.
Credentials
The skill declares no required environment variables or credentials (proportional). However, preset/report examples and 'tripwire_focus' mention items like 'OPENAI_API_KEY' as bait/tripwire artifacts; combined with the instruction forbidding reading host env vars, this creates potential ambiguity about whether the worker should probe for environment secrets. The SKILL.md explicitly forbids reading host environment variables and specific host config files, which is appropriate — operators should confirm how tripwire detection is implemented (fixture-based synthetic secrets vs reading real env).
Persistence & Privilege
Does not request always:true or any elevated persistent presence. The skill's model invocation is disabled for the parent, and it uses sessions_spawn/sessions_send to create worker sessions for probe execution — this is consistent with an orchestration-only role. No instructions modify other skills' configs or claim system-wide changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safe-fuzzer-deprecated - 安装完成后,直接呼叫该 Skill 的名称或使用
/safe-fuzzer-deprecated触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
safe-fuzzer 1.0.0 — Initial release
- Introduces a sandbox-only, behavior-led gray-box fuzzer for installed skills.
- Features a parent/worker model: the parent orchestrates, while a dedicated subagent executes probes against the target skill.
- Deploys honeypot fixtures and reports all file, shell, and network activity in a structured JSON risk report.
- Enforces strict sandbox preflight checks and never requests or exposes real credentials.
- Supports configurable probe presets (`min`, `balanced`, `max`) with mandatory probe order and fixture deployment.
- Requires explicit user invocation and does not auto-run in ordinary chat turns.
元数据
常见问题
SAFE-Fuzzer 是什么?
Sandbox-only behavior-led gray-box skill fuzzer. Spawns a worker subagent, probes an installed target skill, deploys honeypot fixtures, and returns a structu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 109 次。
如何安装 SAFE-Fuzzer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-fuzzer-deprecated」即可一键安装,无需额外配置。
SAFE-Fuzzer 是免费的吗?
是的,SAFE-Fuzzer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SAFE-Fuzzer 支持哪些平台?
SAFE-Fuzzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SAFE-Fuzzer?
由 agentsey(@archidoge0)开发并维护,当前版本 v1.0.0。
推荐 Skills