← 返回 Skills 市场
391
总下载
0
收藏
2
当前安装
9
版本数
在 OpenClaw 中安装
/install safe-skill-advisor
功能描述
Security Skill Advisor - Protect you from malicious skills on ClawHub. Provides security warnings, tool recommendations, and 30-second self-check checklist.
安全使用建议
This skill is advice-only and coherent with its purpose, but follow these precautions before acting on its recommendations: 1) Verify any external tools it recommends (visit the linked GitHub repos directly, check stars/commits and maintainer identity) before running pip install; 2) Never run curl | bash or execute unfamiliar downloaded archives — the skill itself warns against that; 3) Run third-party scanners in a sandbox or VM if possible to reduce risk; 4) Confirm the reporting email ([email protected]) is the legitimate ClawHub contact before sending sensitive evidence; 5) Remember this skill only gives guidance — actual risk comes from installing/running other tools or skills it recommends, so inspect those separately.
功能分析
Type: OpenClaw Skill
Name: safe-skill-advisor
Version: 1.7.0
The skill is a purely informational security advisor designed to educate users about potential risks on ClawHub. It contains no executable code and functions by providing the AI agent with structured instructions (SKILL.md) to deliver security warnings, checklists, and recommendations for third-party tools like 'Cisco AI Skill Scanner' and 'SecureClaw'. While it uses forceful prompt engineering ('MANDATORY INSTRUCTIONS') to define the agent's behavior, the intent is clearly aligned with its stated defensive purpose and lacks any indicators of malicious activity, data exfiltration, or unauthorized system access.
能力评估
Purpose & Capability
Name, description, and content are consistent: the skill provides advice, checklists, and tool recommendations for assessing other skills. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md only gives guidance and shell commands for users to run (e.g., pip install cisco-ai-skill-scanner, cisco-scan, secureclaw scan, history, ps, netstat). It does not instruct the AI/agent to read hidden files, environment variables, or to exfiltrate data. Note: it recommends installing third-party scanners and running system commands — these are normal for a security advisor but carry the usual user-side risk (verify tools before running).
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself (lowest install risk).
Credentials
No required environment variables, credentials, or config paths are declared or referenced. The skill's recommendations (scanners) may ask for their own credentials when used, but that is external to this skill and proportionate to its purpose.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill does not request persistent system presence or modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safe-skill-advisor - 安装完成后,直接呼叫该 Skill 的名称或使用
/safe-skill-advisor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.7.0
Version 1.7.0 brings a major rewrite and simplification of documentation for the Safe-Skill Advisor.
- Reorganized and clarified SKILL.md with distinct user and AI-facing sections.
- Added a concise "Quick Start" and usage instructions for end users.
- Expanded best-practice and self-checklists, with clearer and more actionable advice.
- Improved tool recommendation sections for Cisco AI Skill Scanner and SecureClaw, including command examples and links.
- FAQ and attack statistics are now easier to navigate and apply.
- Maintains strong, mandatory security guidance for both users and AI assistants.
v1.6.0
**Version 1.6.0 summary: Improved clarity, safety, and enforceability for security guidance.**
- Added a detailed AI system directive to enforce mandatory safety warnings, tool recommendations, reporting, and checklists.
- Clarified step-by-step requirements for common user queries: skill safety, how to check, and what to do if a skill is suspicious.
- Strengthened reminders for high-risk skill types and proactive best-practice advice.
- Included concise quick-reference and FAQ sections for consistent responses.
- Added explicit consequences for not following safety procedures.
- New README.md file introduced for additional documentation.
v1.5.1
Tag display fix - Added tags in YAML header, version number corrected
v1.5.0
Tag format fix - Added tags in body section for proper ClawHub display
v1.4.0
Metadata fix - Author name correction (Xiao Zhua), added collaboration credit (Working with Crystaria), tag display optimization
v1.3.0
English release - Full translation for global reach, optimized tags
v1.2.0
English release - Full translation for global reach
v1.1.0
标签优化 - 添加 security, audit, scanner, malware-check, best-practice 等标签,提升搜索可见性
v1.0.0
初始版本发布 - 提供安全风险提示、工具推荐、30 秒自查清单
元数据
常见问题
Safe Skill Advisor 是什么?
Security Skill Advisor - Protect you from malicious skills on ClawHub. Provides security warnings, tool recommendations, and 30-second self-check checklist. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 391 次。
如何安装 Safe Skill Advisor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-skill-advisor」即可一键安装,无需额外配置。
Safe Skill Advisor 是免费的吗?
是的,Safe Skill Advisor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Safe Skill Advisor 支持哪些平台?
Safe Skill Advisor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Safe Skill Advisor?
由 Crystaria(@crystaria)开发并维护,当前版本 v1.7.0。
推荐 Skills