← 返回 Skills 市场

SecOpsAI for OpenClaw

Name: SecOpsAI for OpenClaw
Author: techris93

作者 Onyedika Christopher Agada · GitHub ↗ · v0.3.6 · MIT-0

cross-platform ⚠ suspicious

288

总下载

当前安装

版本数

在 OpenClaw 中安装

/install secopsai-skill

功能描述

Conversational SecOps for OpenClaw audit logs. Run the live detection pipeline, inspect findings, triage incidents, and get mitigation guidance — all from chat.

安全使用建议

This skill is internally consistent with its claimed purpose, but be aware: it runs shell commands and can modify your local SOC database. Before installing or enabling autonomous usage: 1) verify and review the referenced GitHub repo (https://github.com/Techris93/secopsai.git) yourself; 2) ensure the agent's exec tool runs under an account with limited privileges; 3) backup the SOC DB (data/openclaw/findings/openclaw_soc.db) before enabling write/automation; 4) require explicit confirmation for any triage/auto-apply actions; and 5) be mindful that supply-chain checks and pipeline runs may contact external registries or services—audit network activity if needed.

功能分析

Type: OpenClaw Skill Name: secopsai-skill Version: 0.3.6 The secopsai-skill bundle (primarily SKILL.md) provides an interface for a security operations tool that requires broad shell execution privileges. While the behavior is aligned with its stated purpose of log auditing and triage, the command mappings contain significant vulnerabilities, such as potential shell injection via unvalidated placeholders like '<analyst note>' and '<FINDING_ID>'. These high-risk capabilities, combined with the ability to modify local databases and scan external package repositories, warrant a suspicious classification despite the lack of clear malicious intent.

能力评估

✓ Purpose & Capability

The skill's name/description (conversational SecOps for OpenClaw) matches the instructions: it runs local secopsai CLI commands against OpenClaw audit logs and performs triage. It does not request unrelated credentials, binaries, or config paths.

ℹ Instruction Scope

The SKILL.md instructs the agent to run shell commands (using an exec tool) under a local virtualenv and to read OpenClaw logs and the local SOC DB. This is expected for the stated purpose, but running arbitrary shell commands and modifying the SOC DB are sensitive actions; the doc does include explicit safety defaults and requires explicit confirmation for write/triage actions.

✓ Install Mechanism

There is no automated install spec (instruction-only). The README recommends a manual git clone and virtualenv setup from a GitHub repo, which is proportionate. No downloads from unknown hosts or archived installers are specified in the skill itself.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths beyond standard $HOME locations. The paths referenced (~/secopsai, ~/.openclaw/logs/, data/openclaw/findings/openclaw_soc.db) are coherent with its purpose.

✓ Persistence & Privilege

The skill does not request always:true and is user-invocable; it can perform writes to the local SOC store as part of triage but the SKILL.md requires user confirmation before write operations. It does not modify other skills or global agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install secopsai-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /secopsai-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.3.6

Switched from legacy soc_store triage steps to the native secopsai triage investigate/close flow. Added native orchestrator, queue, and apply-action guidance. Added supply-chain false-positive action guidance. Updated safety language for write operations.

v0.3.4

Initial release of the secopsai-skill (v1.0.0): - Provides conversational SecOps workflows for OpenClaw audit logs via chat. - Supports listing, summarizing, triaging, and mitigating findings from the local SOC store. - Enables live detection pipeline runs and daily security summaries. - Integrates threat intelligence (IOC) matching and feeds without paid enrichment by default. - Enforces safety defaults: read-only operations preferred, explicit confirmation required for write actions.

v0.3.3

SecOpsAI Skill v0.3.0 introduces a complete redesign, expanding from credential hygiene to full conversational SecOps for OpenClaw. - Replaces previous credential audit checks with SOC-level findings management, triage, and mitigation. - Adds commands to run the detection pipeline, show/triage findings, and summarize results in chat. - Supports structured mitigation guidance and local threat intelligence (IOC) matching. - Emphasizes read-only defaults and explicit consent for write/triage actions. - Integrates with OpenClaw logs and requires virtualenv-based CLI usage. - Provides detailed command mappings for all supported user interactions.

v0.3.2

No changes detected in this version. - This release does not include any updates or modifications to the skill. - All features and documentation remain unchanged from the previous version.

v0.3.0

- Updated installation instructions: GitHub/manual install is now the preferred default, with the hosted script as an optional shortcut. - Clarified that users should be directed to the repo/manual setup path first when seeking installation guidance. - Added a tip noting `--json` can be used before subcommands in exec commands. - No changes to command mappings or agent behavior.

v0.2.0

Version 0.2.0 introduces threat intelligence support and additional safety defaults. - Added support for local-first IOC (threat intelligence) pipeline: refresh feeds and match IOCs against OpenClaw replay. - New user phrases and command mappings for refreshing threat intel (“refresh intel”) and matching IOCs (“match intel”). - Updated skill behaviour: By default, require user confirmation before any write/triage action. - Added safety guidance: encourages backup of the SOC database and careful use of automation. - No code changes detected; update is documentation-only.

v0.1.0

SecOpsAI 1.0.0 initial release: - Adds conversational SecOps skill for OpenClaw audit logs, including findings list, detailed inspection, triage, and mitigation guidance. - Maps user phrases to shell commands via the exec tool, using the secopsai CLI in a dedicated virtualenv. - Supports one-command daily pipeline runs, finding summaries, and breakdowns by severity. - Enables triage (disposition, status, analyst note) and detailed finding inspection by ID. - Offers structured mitigation steps and check commands for malware or exfiltration activity. - Provides guidance for daily summary automation via OpenClaw cron job.

元数据

Slug secopsai-skill

版本 0.3.6

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 7

常见问题

SecOpsAI for OpenClaw 是什么？

Conversational SecOps for OpenClaw audit logs. Run the live detection pipeline, inspect findings, triage incidents, and get mitigation guidance — all from chat. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 288 次。

如何安装 SecOpsAI for OpenClaw？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install secopsai-skill」即可一键安装，无需额外配置。

SecOpsAI for OpenClaw 是免费的吗？

是的，SecOpsAI for OpenClaw 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

SecOpsAI for OpenClaw 支持哪些平台？

SecOpsAI for OpenClaw 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 SecOpsAI for OpenClaw？

由 Onyedika Christopher Agada（@techris93）开发并维护，当前版本 v0.3.6。