← 返回 Skills 市场
nogravedev

Security Essentials

作者 nograve.dev · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
161
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install security-essentials
功能描述
Harden your OpenClaw agent deployment — SSH lockdown, firewall rules, automated security audits, secret rotation reminders, RAM/process monitoring, and CVE a...
安全使用建议
This skill promises sensitive, privileged changes (firewall/SSH hardening, killing processes, secret scanning, creating cron jobs, and sending alerts) but gives no technical details about how it will do that or what permissions it requires. Before installing: ask the author for the full runtime instructions and source code; require explicit explanation of what commands will run and whether sudo/root is needed; verify where reports/alerts are sent (which endpoint and who controls it); prefer a version that provides an install script from a trusted source (or packaged binaries) and a least-privilege operation mode; test in an isolated environment or VM first; do not grant elevated privileges or production credentials until you can review the implementation. If the publisher cannot provide concrete details and code, treat it as too risky to install.
功能分析
Type: OpenClaw Skill Name: security-essentials Version: 1.2.0 The bundle contains only metadata and documentation (SKILL.md) for a security hardening toolset. While it describes high-risk capabilities such as modifying firewall rules, managing SSH configurations, and scanning for secrets, these actions are explicitly aligned with the stated purpose of 'Security Essentials.' No executable code, malicious prompt injection, or exfiltration patterns were found in the provided files.
能力评估
Purpose & Capability
The description promises SSH lockdown, firewall changes, secret scans, cron jobs, process killing, and external alerts — activities that normally require root/sudo, specific binaries, or persistent installers. The skill declares no required binaries, no install steps, no config paths, and no credentials, which is inconsistent with the claimed capabilities.
Instruction Scope
SKILL.md is high-level marketing/feature text rather than concrete runtime instructions. It implies reading system state (open ports, files, secrets), modifying system configuration (SSH, firewall, cron), and sending findings to a 'preferred channel' — but gives no constraints, no target endpoints, and no explicit commands. This vagueness grants broad discretion and could lead to unbounded system access if executed.
Install Mechanism
No install spec and no code files (instruction-only), which is lower surface risk from arbitrary downloads. However, for the claimed persistent changes (cron, monitoring, auto-kill), an install or explicit agent actions would normally be required; the absence of an install mechanism is therefore unexpected and unclear.
Credentials
The skill requests no environment variables or credentials despite needing to send alerts to external channels and perform privileged system actions. Expected requirements (e.g., channel/webhook tokens, sudo access, or paths to system configs) are missing, making the declared environment footprint disproportionate and unexplained.
Persistence & Privilege
The skill's features imply creating persistent artifacts (cron jobs, monitoring processes) and making system-level changes. Although 'always' is false, autonomous model invocation is allowed by default; combined with the other inconsistencies this increases risk unless explicit safeguards and permission boundaries are provided.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install security-essentials
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /security-essentials 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Stripped to preview — full kit on Gumroad
v1.1.0
Added ClawKits suite cross-promotion links
v1.0.0
Initial release — host hardening audit, secret hygiene, process monitoring, network exposure checks, incident response playbooks
元数据
Slug security-essentials
版本 1.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Security Essentials 是什么?

Harden your OpenClaw agent deployment — SSH lockdown, firewall rules, automated security audits, secret rotation reminders, RAM/process monitoring, and CVE a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 161 次。

如何安装 Security Essentials?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-essentials」即可一键安装,无需额外配置。

Security Essentials 是免费的吗?

是的,Security Essentials 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Security Essentials 支持哪些平台?

Security Essentials 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Security Essentials?

由 nograve.dev(@nogravedev)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论