← 返回 Skills 市场
418
总下载
1
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install scanner-for-openclaw
功能描述
Security expert for OpenClaw deployments. Audits local configuration files for vulnerabilities in network settings, channel policies, and tool permissions. P...
安全使用建议
This skill appears to be what it says: a local, static-config security scanner for OpenClaw. Before installing or automating it: 1) verify the package version and source (files show version 1.0.4 but registry metadata lists 1.0.5), 2) confirm whether OPENCLAW_CONFIG is intended to be required or optional (clawhub.json declares envRead but top-level metadata did not), 3) ignore/clarify the README line about optional external tools (lsof/ss) since the code avoids subprocesses, 4) run the scanner in a safe environment (or review scripts) and backup your configs before applying any remediation steps—the playbook marks service restarts and CLI actions as [OPERATOR], so those should be performed by an admin. If you plan to allow the agent to invoke this skill autonomously, ensure you’re comfortable with it reading the listed config files and writing report files in your workspace.
功能分析
Type: OpenClaw Skill
Name: scanner-for-openclaw
Version: 1.0.5
The OpenClaw Security Scanner is a legitimate utility designed to perform static analysis of local configuration files to identify security misconfigurations. The code in `scripts/security_scan.py` strictly adheres to its stated purpose, avoiding risky operations like network probing or subprocess execution, and its declared permissions in `clawhub.json` are appropriately restricted to reading specific configuration paths and writing reports. Documentation in `SKILL.md` and the `references/` directory provides helpful security guidance while explicitly labeling high-risk remediation steps as operator-only actions.
能力评估
Purpose & Capability
The skill claims to perform pure static analysis of OpenClaw configuration files and the Python scripts do exactly that: they read typical OpenClaw config paths, examine gateway/channel/tool settings, and produce findings. This capability aligns with the stated purpose. Minor mismatch: README mentions `lsof`/`ss` as 'optional' for port detection, but the SKILL.md, clawhub.json, and security_scan.py explicitly avoid subprocess/network use — this is likely leftover documentation and should be cleaned up.
Instruction Scope
SKILL.md instructs the agent to read local config files, run the provided scanner or CLI wrapper, and produce reports; the scanner code only accesses declared config paths and the OPENCLAW_CONFIG env var. There are no instructions to access unrelated files, external endpoints, or to execute system commands.
Install Mechanism
No install spec is provided (instruction-only entry point), so nothing is pulled from arbitrary URLs. The included packaging script writes tarballs to /tmp which is normal for packaging. Overall install risk is low.
Credentials
Permissions declared in clawhub.json (read specific OpenClaw config paths, read OPENCLAW_CONFIG env var, write report files) map to the scanner's needs. However, the top-level registry metadata in the submission lists 'Required env vars: none' while clawhub.json and the scanner reference OPENCLAW_CONFIG — a metadata/documentation inconsistency. Confirm whether OPENCLAW_CONFIG is optional or required before granting env access.
Persistence & Privilege
The skill is not force-included (always:false) and does not request elevated persistent privileges. It does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with broad or unusual access here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install scanner-for-openclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/scanner-for-openclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
No file changes detected; version bump only.
No functional or documentation updates in this release.
v1.0.4
- removed 1 file(s).
- Updated SKILL.md and bundle contents.
v1.0.3
- Added initial test suite for the security scanner.
- Included test package structure (tests/__init__.py).
- Added security scan tests (tests/test_security_scan.py) to improve reliability and enable automated testing.
v1.0.2
1.0.2 - Remove external network access
- Removed GitHub API fetching to eliminate outbound HTTP requests
- Scanner now operates fully offline on local configuration only
- Resolves ClawHub suspicious flag for network activity
v1.0.1
1.0.1 - Remove external network access
- Removed GitHub API fetching to eliminate outbound HTTP requests
- Now operates fully offline, scanning only local configurations
- GitHub security issues and CVE checks are no longer included
- Addresses ClawHub suspicious flag for outbound requests
v1.0.0
openclaw-security-scanner 1.0.0 - Initial release
- Scans OpenClaw deployments for security vulnerabilities in network configurations, channel policies, and tool permissions.
- Audits integration channels (Telegram, WhatsApp, Web) for unsafe policies.
- Analyzes GitHub for relevant security issues and CVEs affecting OpenClaw.
- Provides remediation steps for each finding, including risk level, impact, and rollback plan to ensure safe changes.
- Generates actionable, Markdown-formatted reports for administrators.
- Requires minimum OpenClaw version 2026.3.0.
元数据
常见问题
Config Security Scanner 是什么?
Security expert for OpenClaw deployments. Audits local configuration files for vulnerabilities in network settings, channel policies, and tool permissions. P... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 418 次。
如何安装 Config Security Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install scanner-for-openclaw」即可一键安装,无需额外配置。
Config Security Scanner 是免费的吗?
是的,Config Security Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Config Security Scanner 支持哪些平台?
Config Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Config Security Scanner?
由 zoowii(@zoowii)开发并维护,当前版本 v1.0.5。
推荐 Skills