← 返回 Skills 市场
Security Hardening Toolkit V1.0
作者
~K¹yle Million
· GitHub ↗
· v1.0.0
· MIT-0
97
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install security-hardening-toolkit-v1-0
功能描述
Provides audit checklists and configuration guidance to secure OpenClaw/Aegis deployments by preventing instance exposure, credential leaks, malicious skill...
安全使用建议
This is a coherent, instruction-only hardening checklist. Before following commands: (1) review each shell command — don't run them blindly; (2) be aware some steps (writing /etc/default/aegis, restarting the gateway) require root/administrative privileges and will affect runtime behavior; (3) follow secure operational order when rotating keys (creating and verifying new keys before revoking is usually safer than revoking first); (4) consider using a secrets manager instead of world-editing /etc files; (5) back up openclaw.json before edits. If you want automated remediation rather than manual instructions, request a reviewed automation script or a skill that declares the exact operations and required privileges.
功能分析
Type: OpenClaw Skill
Name: security-hardening-toolkit-v1-0
Version: 1.0.0
The toolkit is a defensive security suite designed to audit and harden OpenClaw instances. It provides instructions and shell commands for network exposure checks (using ss and curl), credential discovery/isolation (using find and grep), and incident response. The content is strictly aligned with its stated purpose of improving security posture and includes legitimate detection patterns for common attack vectors like unauthorized persistence or data exfiltration. No malicious intent, obfuscation, or unauthorized data access was identified.
能力标签
能力评估
Purpose & Capability
The name/description (security hardening for OpenClaw/Aegis) matches the instructions: network checks, credential audits, skill-verification checklists and remediation steps. No unrelated credentials, binaries, or external services are demanded by the skill itself.
Instruction Scope
Instructions direct the operator to read configuration and workspace files (~/.openclaw/openclaw.json, ~/.openclaw/workspace/*), generate and store secrets in /etc/default/aegis, and restart the gateway. Those actions are relevant to hardening, but they require care (file edits, service restart, potential root privileges). The guide also recommends grep scans for token patterns and moving keys — expected for an audit, but operators should review commands before running them.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. This is low-risk from an installation/execution perspective.
Credentials
The SKILL.md references many service tokens (OPENAI_API_KEY, GITHUB_TOKEN, STRIPE_SECRET_KEY, etc.) only as examples of credentials to audit and rotate; it does not require or declare any environment variables. This breadth is justified for an inventory/rotation checklist, but users should note the guidance assumes access to those tokens to rotate them and recommends storing secrets in a system path that requires elevated permissions.
Persistence & Privilege
The skill does not request persistent presence (always: false) nor attempt to modify other skills. It instructs edits to local config files (openclaw.json) and system files (/etc/default/aegis) which is reasonable for hardening but requires appropriate privileges — not an autonomous privilege escalation request from the skill itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-hardening-toolkit-v1-0 - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-hardening-toolkit-v1-0触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
OpenClaw Security Hardening Toolkit v1.0.0 — Initial Release
- Addresses the top five attack vectors in OpenClaw deployments: instance exposure, credential leakage, malicious skill installation, unauthorized gateway access, and post-compromise recovery.
- Provides actionable checklists and command-line audits for instance exposure, credential storage practices, API key rotation, and secure gateway binding.
- Introduces a pre-installation skill verification protocol to detect and block malicious SKILL.md files before activation.
- Recommends access control best practices, including gateway token management and session sandboxing configuration.
- Includes practical audit commands, templates, and step-by-step hardening instructions for immediate use.
元数据
常见问题
Security Hardening Toolkit V1.0 是什么?
Provides audit checklists and configuration guidance to secure OpenClaw/Aegis deployments by preventing instance exposure, credential leaks, malicious skill... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。
如何安装 Security Hardening Toolkit V1.0?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-hardening-toolkit-v1-0」即可一键安装,无需额外配置。
Security Hardening Toolkit V1.0 是免费的吗?
是的,Security Hardening Toolkit V1.0 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Security Hardening Toolkit V1.0 支持哪些平台?
Security Hardening Toolkit V1.0 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security Hardening Toolkit V1.0?
由 ~K¹yle Million(@thebrierfox)开发并维护,当前版本 v1.0.0。
推荐 Skills