← 返回 Skills 市场

Security-Shield

Name: Security-Shield
Author: z-hussein

作者 ZHDesignS · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

501

总下载

当前安装

版本数

在 OpenClaw 中安装

/install security-shield

功能描述

Security best practices for credential protection, information disclosure prevention, and operational integrity.

安全使用建议

This skill is an instruction-only security reference and appears internally consistent and low-risk: it contains advice, refusal patterns, and safe placeholder examples and does not request credentials or install code. Before installing, consider provenance — the package owner and homepage are not well identified, so verify you trust the source or review the included files yourself. If you plan to act on the audit commands included (nmap, gobuster, grep, etc.), only run them against systems you own or have explicit permission to test. Finally, remember that autonomous invocation is allowed by default on the platform; if you prefer manual control, keep the skill user-invocable and avoid enabling it as a permanent/always-included component.

功能分析

Type: OpenClaw Skill Name: security-shield Version: 1.1.0 The skill bundle defines a security-focused system prompt but includes 'Workflow Compatibility' features in SKILL.md and README.md that act as documented bypasses (e.g., using 'TESTING:' or 'EDUCATIONAL:' prefixes) to lower the agent's security restrictions. Furthermore, references/audit-checklist.md contains a collection of high-risk pentesting commands and exploitation patterns (e.g., nmap, sqlmap, and path traversal strings). While these are presented for auditing purposes, they provide a functional toolkit and a standardized bypass mechanism that could be exploited via prompt injection to perform unauthorized actions or extract sensitive information.

能力评估

ℹ Purpose & Capability

The skill's name and description (security best practices) align with its contents: guidance, audit checklists, and safe examples. It requests no credentials, binaries, installs, or config access — which is appropriate for an advisory/reference skill. Note: the source/homepage and owner metadata are minimal/unknown; provenance is not demonstrated in the package metadata, which is something to consider before trusting it unreservedly.

✓ Instruction Scope

SKILL.md and all reference documents restrict behavior to high-level guidance, refusal patterns, placeholder examples, and recommended audit commands. There are no instructions that tell the agent to read local secrets, access unrelated environment variables, or transmit data externally. The included command snippets (e.g., git grep, find, nmap) are reasonable for an audit checklist but should only be used on authorized systems.

✓ Install Mechanism

No install spec and no code files mean nothing will be written to disk or executed by an installer. This is the lowest-risk form (instruction-only). Documentation references a 'clawhub install' command as usage, but no automated install payload is provided in the bundle.

✓ Credentials

The skill does not request environment variables, credentials, or config paths. The guidance explicitly discourages sharing secrets and uses placeholder examples. There are no disproportionate secret requests in the manifest or SKILL.md.

✓ Persistence & Privilege

The skill does not request always:true or any elevated system privileges. It is user-invocable and can be invoked autonomously (the platform default), which is expected for skills; there is no indication it attempts to modify other skills or system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install security-shield
安装完成后，直接呼叫该 Skill 的名称或使用 /security-shield 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

security-shield v1.0.2 - Updated security guidance to a principle-based approach, focusing on high-level best practices and operational integrity. - Streamlined and generalized rules to emphasize objective evaluation and consistent response standards. - Clarified placeholder usage and disclosure criteria to avoid confusion and misuse. - Added guidance for rule modification, workflow integration, and handling testing/educational scenarios. - Removed specific pattern strings and implementation references for improved security and clarity.

v1.0.1

Enhanced security-shield skill with improved workflow compatibility and debugging. - Added support for legitimate development, testing, and educational scenarios with a new workflow compatibility mode. - Updated rules to allow temporary suspension of protections by authorized administrators in controlled settings. - Improved user responses to be more informative about security measures and exceptions. - Maintained strict protection against credential leakage, prompt injection, and social engineering, with clearer guidance for edge cases. - Included explicit steps for logging exceptions and supporting educational explanations where appropriate.

v1.0.0

security-shield 1.0.0 - Initial release of a comprehensive security and safety skill. - Defends against prompt injection, jailbreaks, social engineering, and credential leakage. - Defines strict rules for credential protection, system prompt secrecy, and resistance against manipulation. - Provides clear user-facing responses to sensitive or suspicious requests. - Includes a quick-reference checklist and guidance for safe, legitimate security tasks using placeholder data only.

元数据

Slug security-shield

版本 1.1.0

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 3

常见问题

Security-Shield 是什么？

Security best practices for credential protection, information disclosure prevention, and operational integrity. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 501 次。

如何安装 Security-Shield？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-shield」即可一键安装，无需额外配置。

Security-Shield 是免费的吗？

是的，Security-Shield 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Security-Shield 支持哪些平台？

Security-Shield 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Security-Shield？

由 ZHDesignS（@z-hussein）开发并维护，当前版本 v1.1.0。