← 返回 Skills 市场
373
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install security-modeio
功能描述
Runs a backend-backed live safety check for instructions that may trigger tool execution, external calls, file edits, permission changes, destructive or irre...
安全使用建议
This skill is coherent with its stated purpose: it posts instructions + context + a target to a remote safety API and returns the backend's decision. Before installing: (1) confirm you trust the default backend (https://safety-cf.modeio.ai) or set SAFETY_API_URL to a backend you control if you will pass sensitive resource identifiers; (2) don't pass secrets (passwords, full DB connection strings with credentials, private keys) in the --target or --context fields because they will be transmitted; (3) ensure the 'requests' Python package is available in the runtime environment or the CLI will raise a dependency_error; (4) review the default endpoint and code (modeio_guardrail/cli/safety.py) if you want to self-host the safety backend or verify data handling. The skill appears to do what it claims, but consider the privacy implications of sending targets/context to an external service.
功能分析
Type: OpenClaw Skill
Name: security-modeio
Version: 0.1.1
The skill is designed to send user instructions, environment context, and resource targets to an external API (https://safety-cf.modeio.ai/api/cf/safety) for safety evaluation. While this behavior is documented in SKILL.md and ARCHITECTURE.md as the primary function, the transmission of potentially sensitive operational intent and system metadata to a third-party endpoint constitutes a data outflow risk. The implementation in modeio_guardrail/cli/safety.py is transparent and lacks evidence of malicious intent, but the inherent network dependency for processing user-provided instructions warrants a suspicious classification under the provided criteria.
能力评估
Purpose & Capability
Name/description match the implementation. The code and SKILL.md implement a backend-backed safety check CLI that posts instruction/context/target to a safety API. Required binary (python3) and the mentioned dependency (requests) align with this purpose; there are no unrelated credentials or binaries requested.
Instruction Scope
The runtime instructions explicitly send the instruction text, context, and target to an external backend (default URL: https://safety-cf.modeio.ai/api/cf/safety or overridden via SAFETY_API_URL). This is expected for a backend-backed safety check, but it means anything you pass (including resource identifiers or connection strings) will be transmitted off-host. The SKILL.md notes this behavior and instructs callers to provide context/target for state-changing ops.
Install Mechanism
No install spec is provided (instruction-only install), which is low risk from arbitrary code downloads. However, the package requires the third-party 'requests' library at runtime; the code includes a shim that surfaces a dependency_error if requests is missing. There is no automated step to install requests, so the CLI will fail until requests is present.
Credentials
The skill declares no required environment variables and no credentials; it does accept an optional SAFETY_API_URL override. That is proportionate. Important: callers must avoid embedding secrets in the 'target' or 'context' fields because those values are sent to the remote safety API (examples in the docs include DB-like targets).
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request elevated agent/system privileges, does not modify other skills, and does not persist credentials. Allowing autonomous invocation is the platform default and is not grounds for concern here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-modeio - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-modeio触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
security-modeio v0.1.1
- Clarified usage guidance and scope for live safety checks, distinguishing from audit and privacy/middleware skills.
- Expanded SKILL.md with context contract details, CLI command examples, and explicit runtime/caller policy notes for approval decisions.
- Documented requirements, runtime envelopes, and error handling expectations.
- Updated resource references and linked to architecture boundaries.
元数据
常见问题
Security 是什么?
Runs a backend-backed live safety check for instructions that may trigger tool execution, external calls, file edits, permission changes, destructive or irre... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 373 次。
如何安装 Security?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-modeio」即可一键安装,无需额外配置。
Security 是免费的吗?
是的,Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Security 支持哪些平台?
Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security?
由 modeioai(@modeioai)开发并维护,当前版本 v0.1.1。
推荐 Skills