← 返回 Skills 市场

Security Scanner Triage

Name: Security Scanner Triage
Author: okikesolutions

作者 okikeSolutions · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ✓ 安全检测通过

132

总下载

当前安装

版本数

在 OpenClaw 中安装

/install security-scanner-triage

功能描述

Triage security/virus scanner findings for skills and automations. Use when scanner reports mixed-risk findings (defaults, credential handling, data routing,...

使用说明 (SKILL.md)

Security Scanner Triage

Workflow

Normalize findings

Convert scanner text into discrete claims.
Group by category: data routing, credentials, defaults, docs mismatch, privilege/persistence.

Verify against code/docs

Locate exact file/line evidence.
Mark each claim as:
- Confirmed
- Partially confirmed
- Not reproducible

Risk rate

Critical / High / Medium / Low
Include blast radius and exploitability notes.

Remediation plan

Provide minimal patch order:
1. safety first
2. behavior/docs consistency
3. version bump and publish notes

Verification

Provide re-scan checklist and expected clean-state signals.

Output format

Use references/output-template.md.

Guardrails

Never leak secrets from .env.
Distinguish trust/disclosure issues from active vulnerabilities.
Always separate "data-routing transparency" findings from "security-impact" findings.

安全使用建议

This is an instruction-only triage workflow and appears internally consistent. Before installing, ensure you: 1) only run it against the repository or skill bundle you intend triaged (avoid granting access to system-wide files), 2) provide the scanner output as input rather than giving blanket filesystem access, and 3) confirm the agent follows the guardrail to never read or transmit secrets (e.g., .env). If you need automated/remote triage that will inspect many repos or system files, consider adding explicit scope limits or technical controls first.

功能分析

Type: OpenClaw Skill Name: security-scanner-triage Version: 0.1.0 The skill bundle is a purely instructional framework for triaging security scanner findings. It provides a structured workflow for normalizing claims, verifying evidence, and creating remediation plans using a provided template (references/output-template.md). The instructions in SKILL.md include explicit guardrails against leaking secrets from environment files and contain no malicious execution patterns or harmful prompt injection attempts.

能力评估

✓ Purpose & Capability

The skill is an instruction-only triage workflow for scanner findings and requests no env vars, binaries, or installs — this matches the described purpose.

ℹ Instruction Scope

SKILL.md stays on-topic (normalize claims, verify evidence, rate risk, remediation, re-scan checklist). It asks the agent to "locate exact file/line evidence," which is appropriate, but is somewhat open-ended about which files may be inspected; guardrails note not to leak .env secrets. Recommend limiting file scope to the target repo and published skill files to avoid accidental access to unrelated system secrets.

✓ Install Mechanism

No install spec and no code files — lowest-risk delivery model (instruction-only).

✓ Credentials

No environment variables, credentials, or config paths are requested. Declared guardrails explicitly instruct not to leak secrets.

✓ Persistence & Privilege

always:false and default invocation settings; the skill does not request persistent presence or elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install security-scanner-triage
安装完成后，直接呼叫该 Skill 的名称或使用 /security-scanner-triage 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release: clarifies routing-vs-security distinction and adds evidence/risk output structure.

元数据

Slug security-scanner-triage

版本 0.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题