← 返回 Skills 市场
328
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install security-2
功能描述
Runs a backend-backed live safety check for instructions that may trigger tool execution, external calls, file edits, permission changes, destructive or irre...
使用说明 (SKILL.md)
Run backend-backed live safety checks
Use this skill to gate instructions that may trigger tools or state changes behind a backend-backed safety decision before execution.
This skill is for live instruction and operation safety only. For pre-install repository auditing, use skill-audit.
Maintainer-only validation assets are excluded from ClawHub uploads.
Scope
- Included:
- live instruction safety checks through
scripts/safety.py - backend-backed retry/error normalization for pre-execution decisions
- live instruction safety checks through
- Not included:
- pre-install repository auditing (
skill-audit) - content masking or restoration workflows (
privacy-protector) - request/response gateway routing (
modeio-middleware)
- pre-install repository auditing (
Working directory
Run these commands from inside the security folder.
Requirements
- Hard requirement:
python3 - Required package for successful live checks:
requests - Required runtime condition: network reachability to the safety backend
- Optional override:
SAFETY_API_URL
Core commands
python3 scripts/safety.py -i "Delete /tmp/cache/build-123.log" \
-c '{"environment":"local-dev","operation_intent":"cleanup","scope":"single-resource","data_sensitivity":"internal","rollback":"easy","change_control":"none"}' \
-t "/tmp/cache/build-123.log" --json
python3 scripts/safety.py -i "DROP TABLE users" \
-c '{"environment":"production","operation_intent":"destructive","scope":"broad","data_sensitivity":"regulated","rollback":"none","change_control":"ticket:DB-9021"}' \
-t "postgres://prod/maindb.users" --json
Context contract
Pass --context as JSON with these keys when the instruction may change state:
{
"environment": "local-dev|ci|staging|production|unknown",
"operation_intent": "read-only|cleanup|maintenance|migration|permission-change|destructive|unknown",
"scope": "single-resource|bounded-batch|broad|unknown",
"data_sensitivity": "public|internal|sensitive|regulated|unknown",
"rollback": "easy|partial|none|unknown",
"change_control": "ticket:\x3Cid>|approved-manual|none|unknown"
}
--target should be a concrete resource identifier such as an absolute path, table name, service name, or URL.
Runtime notes
- Success envelope:
success,tool,mode,data - Error envelope:
success,tool,mode,error - Error types:
validation_error,dependency_error,network_error,api_error - For state-changing work, provide both
--contextand--targetso the backend has enough context to judge risk - If the check fails with network/API/dependency issues, do not silently proceed
- The CLI forwards the request and returns the backend result; it does not locally enforce caller policy
Caller policy guidance
approved |
risk_level |
Agent action |
|---|---|---|
true |
low |
Proceed. |
true |
medium |
Proceed and mention the risk. |
false |
medium |
Require explicit confirmation before proceeding. |
false |
high |
Block by default and require explicit override. |
false |
critical |
Block and require explicit acknowledgement before any override. |
Resources
scripts/safety.py— live safety check entry pointARCHITECTURE.md— command-safety package boundaries
When not to use
- Pre-install or repository-level inspection that should happen before any execution attempt
- Pure planning, summarization, or clearly read-only analysis with no tool call or state-change path
- Data transformation tasks that need to rewrite or mask content rather than score runtime safety
- Local routing or middleware scenarios where you need to sit in front of upstream model traffic
安全使用建议
This skill appears to do what it says: send instructions and a small context/target object to a safety backend and return a decision. Before installing or using it, make sure you trust the backend endpoint (default: https://safety-cf.modeio.ai or any URL set via SAFETY_API_URL). Do not pass secrets or full connection strings as the --target or in the instruction/context unless you control or trust the backend. Ensure the 'requests' package is available in your runtime. If you need offline or local-only checks, consider running a local mock endpoint and set SAFETY_API_URL accordingly or avoid using the skill for highly sensitive targets.
功能分析
Type: OpenClaw Skill
Name: security-2
Version: 0.1.0
The skill provides a legitimate utility for performing remote safety checks on agent instructions by sending them to a backend API (safety-cf.modeio.ai). The implementation in modeio_guardrail/cli/safety.py and scripts/safety.py is transparent, well-documented, and includes robust error handling and retry logic. While the skill transmits instruction data to an external endpoint, this behavior is the core stated purpose of the tool and is clearly described in SKILL.md and ARCHITECTURE.md, with no evidence of malicious intent, obfuscation, or unauthorized data exfiltration.
能力评估
Purpose & Capability
Name/description match the implementation: a Python CLI that posts an instruction + optional context/target to a safety backend. Required runtime (python3, requests, network) is appropriate for this purpose and no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and the CLI only describe submitting the instruction, context, and target to the configured backend and returning a normalized success/error envelope. The instructions do not instruct reading unrelated files or system secrets, but callers are explicitly asked to provide concrete targets (paths, DB tables, URLs) which may contain sensitive data.
Install Mechanism
No install spec that downloads arbitrary code; code is included in the package and the runtime dependency is the widely used 'requests' Python package. No remote downloads or archive extraction are performed by an installer.
Credentials
The skill does not request credentials, which is appropriate, but it allows overriding the backend via SAFETY_API_URL and will POST instruction/context/target (potentially containing sensitive identifiers or even connection strings) to that endpoint. If SAFETY_API_URL is pointed at an untrusted endpoint, sensitive data can be exfiltrated. This is a functional necessity but increases risk and should be treated cautiously.
Persistence & Privilege
The skill does not request permanent system presence (always=false), does not modify other skills or system-wide settings, and is user-invocable. Autonomous invocation is allowed (platform default) but not an additional privilege requested by the skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of the security skill for backend-backed live safety checks.
- Enables live instruction and operation safety checks before executing potentially risky commands.
- Requires Python 3 and network reachability to a safety backend.
- Provides a CLI for evaluating the safety of instructions that may trigger side effects or state changes.
- Introduces a context contract for passing operational details to the backend.
- Offers clear caller policy guidance based on backend risk scoring.
- For read-only or pre-install auditing, recommends using other dedicated skills.
元数据
常见问题
Security 是什么?
Runs a backend-backed live safety check for instructions that may trigger tool execution, external calls, file edits, permission changes, destructive or irre... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 328 次。
如何安装 Security?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-2」即可一键安装,无需额外配置。
Security 是免费的吗?
是的,Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Security 支持哪些平台?
Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security?
由 modeioai(@modeioai)开发并维护,当前版本 v0.1.0。
推荐 Skills