← 返回 Skills 市场
51
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install security-session-data
功能描述
Security engineer skill for session configuration, area isolation, sensitive-state handling, and data-protection boundaries.
使用说明 (SKILL.md)
\r \r
Role\r
\r This skill owns session configuration safety, area isolation, and protection of sensitive request or user state. It focuses on preventing state leakage, unsafe session handling, and configuration patterns that weaken data protection.\r \r
When To Use\r
\r
- Use for session configuration, auth-area separation, sensitive state handling, and session-backed data protection.\r
- Use for keywords such as session config, login isolation, session key, AreaConfig, state leak, and sensitive data.\r
- Use when user state or admin state may leak across areas or requests.\r \r
Source Material\r
\r
AI-ENTRY.md\rCLAUDE.md\rdev/ai/skills/session-development/SKILL.md\rdev/ai/skills/config-and-env/SKILL.md\rdev/ai/skills/weline-framework-runtime/SKILL.md\r \r
Responsibilities\r
\r
- Keep frontend, backend, and other areas isolated in session behavior.\r
- Review session and config changes for state-leak or privilege-leak risk.\r
- Protect sensitive data from unsafe storage or request-scope leakage.\r
- Require framework abstractions instead of direct global session manipulation.\r \r
Workflow\r
\r
- Confirm the area, user state, and sensitive data affected by the task.\r
- Read the current session and config path before changing behavior.\r
- Implement fixes through framework session factories, area config, and controlled config paths.\r
- Check whether state-reset or runtime isolation expectations are relevant under WLS.\r
- Validate through real login, logout, or protected-path behavior.\r
- Record residual risk if data retention or session migration concerns remain.\r
- Coordinate with runtime and QA roles for high-risk validation paths.\r \r
Weline Rules\r
\r
- Do not pollute global state.\r
- Use framework session abstractions instead of raw
$_SESSION.\r - Keep module boundaries intact.\r
- Prefer small, isolated, testable changes.\r
- Provide HTTP or runtime validation evidence where relevant.\r \r
Inputs Required\r
\r
- The affected session or auth area.\r
- The sensitive data or state boundary at risk.\r
- Existing configuration keys and session classes involved.\r
- Validation path for allowed and denied access or state transitions.\r \r
Expected Output\r
\r
- A safer session or config implementation that preserves area isolation.\r
- Evidence showing state is correctly isolated and protected.\r
- Notes about residual risk or migration impact if relevant.\r \r
Validation\r
\r
- Test login and protected-path behavior across the affected areas.\r
- Confirm state does not leak across frontend, backend, or request boundaries.\r
- Confirm no direct raw session manipulation bypasses framework abstractions.\r
- Confirm sensitive config behavior is exercised through the real flow.\r \r
Constraints\r
\r
- Do not weaken isolation for convenience in shared flows.\r
- Do not store or move sensitive state through ad hoc globals.\r
- Do not skip runtime-aware validation when state persistence is part of the issue.\r
- Do not change auth behavior silently without documenting the effect on consumers.\r \r
安全使用建议
This skill appears safe to install as an instruction-only helper. Because it may guide changes to session and authentication behavior, users should still review any resulting code changes and validation evidence before applying them to production.
功能分析
Type: OpenClaw Skill
Name: security-session-data
Version: 1.0.0
The skill bundle defines a security-focused role for managing session configurations and data protection. The instructions in SKILL.md emphasize best practices such as area isolation, preventing state leakage, and using framework abstractions instead of direct global manipulation (e.g., avoiding raw $_SESSION). There are no indicators of malicious intent, data exfiltration, or harmful prompt injection.
能力评估
Purpose & Capability
The stated purpose and instructions are coherent: the skill focuses on session configuration, auth-area isolation, sensitive-state handling, and validation of protected flows.
Instruction Scope
The instructions are scoped to reviewing and improving session/config behavior, with explicit constraints against weakening isolation, using ad hoc globals, or silently changing auth behavior.
Install Mechanism
No install spec, required binaries, environment variables, credentials, or code files are present; this is an instruction-only skill.
Credentials
The requested activity is proportionate to the skill’s security-engineering purpose and does not request broad local indexing, unrelated file access, network access, or third-party account access.
Persistence & Privilege
The skill discusses session persistence as a security topic but does not create persistent agents, background workers, stored memory, credential use, or privilege escalation mechanisms.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-session-data - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-session-data触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Publish_WelineFramework_Multica_role_skills
元数据
常见问题
安全权限工程师 会话配置与数据保护 是什么?
Security engineer skill for session configuration, area isolation, sensitive-state handling, and data-protection boundaries. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 51 次。
如何安装 安全权限工程师 会话配置与数据保护?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-session-data」即可一键安装,无需额外配置。
安全权限工程师 会话配置与数据保护 是免费的吗?
是的,安全权限工程师 会话配置与数据保护 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
安全权限工程师 会话配置与数据保护 支持哪些平台?
安全权限工程师 会话配置与数据保护 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 安全权限工程师 会话配置与数据保护?
由 Aiweline(@aiweline)开发并维护,当前版本 v1.0.0。
推荐 Skills