← 返回 Skills 市场
caidongyun

安全技能插座

作者 caidongyun · GitHub ↗ · v2.2.1 · MIT-0
cross-platform ⚠ suspicious
260
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install security-skill-hub
功能描述
安全技能插座 - 统一的安全技能管理和调用平台 这是一个安全技能的"插座"框架,提供统一的安全能力入口。已集成以下技能: **全网技能搜索 (ClawHub)**: - clawhub: 从 clawhub.com 搜索安装全网技能 **信息收集类**: - collector-strategy: 采集策略Ski...
安全使用建议
This skill is an aggregator that instructs the agent to download and run other security skills (via clawhub) and to read/write ~/.openclaw/workspace/skills. The metadata omits required binaries and provenance. Before installing: 1) Confirm the source repository or homepage and review its code/commits; 2) Ensure 'clawhub' is a trusted installer and inspect what it will download; 3) Do not run these tools with elevated privileges; 4) Prefer installing in an isolated/sandboxed environment and review each child skill's required credentials before granting them; 5) If the author cannot provide a verifiable source or a list of vetted skill packages, treat installs as high risk.
功能分析
Type: OpenClaw Skill Name: security-skill-hub Version: 2.2.1 The skill bundle acts as a centralized 'Security Skill Hub' or registry, providing instructions for an AI agent to route requests to various security-related tools (e.g., vulnerability scanners, IOC validators, and malware analyzers). It includes metadata in `_meta.json` and organizational instructions in `SKILL.md` that define how to use a skill manager called `clawhub` to search and install additional capabilities from `clawhub.com`. No malicious code, data exfiltration logic, or harmful prompt injections were found; the bundle's behavior is entirely consistent with its stated purpose of managing security skills.
能力评估
Purpose & Capability
The described purpose (a hub/plug-in manager for security skills) is coherent with the SKILL.md content. However, the instructions reference using the 'clawhub' CLI and managing files under ~/.openclaw/workspace/skills, yet the skill metadata declares no required binaries or config paths. That mismatch (declaring nothing required while the runtime doc expects a CLI and a workspace path) is unexplained.
Instruction Scope
SKILL.md tells the agent to search, install, update and compose third-party skills (e.g., using 'clawhub install', reading/writing ~/.openclaw/workspace/skills). Although the file itself doesn't include code, following these instructions will cause network downloads and filesystem writes and will enable running other skills with potentially broader privileges. There is no guidance about vetting, sandboxing, or limiting what gets installed.
Install Mechanism
There is no install spec (instruction-only), which is low-risk by itself, but the instructions explicitly rely on an external installer (clawhub) to download and install skills. That transfers install risk to clawhub and any skills it fetches; the hub provides no provenance, checksums, or trusted sources. The lack of declared dependency on the clawhub binary is inconsistent.
Credentials
The skill declares no required environment variables or credentials (which is reasonable for a hub). However, the hub is explicitly intended to install and orchestrate many downstream security skills—those child skills may request unrelated secrets/permissions. The hub gives no guidance about which credentials those downstream skills may require.
Persistence & Privilege
always:false (normal) and the skill does not request elevated privileges. It does assume a workspace path (~/.openclaw/workspace/skills) for storing skills, meaning it expects to write to the user's home directory. That behavior is plausible for a hub but should be explicit in metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install security-skill-hub
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /security-skill-hub 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.1
- 新增与完善了 SKILL.md 文档,详细梳理与分组所有已集成技能及其应用场景 - 扩展了说明文档,增加了调用示例、技能注册与扩展指引 - 明确了每类安全能力对应的技能及触发关键词,提升易用性 - 细化对 ClawHub 全网技能搜索与技能管理的使用说明 - 信息结构更清晰,便于查找与组合安全技能
元数据
Slug security-skill-hub
版本 2.2.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

安全技能插座 是什么?

安全技能插座 - 统一的安全技能管理和调用平台 这是一个安全技能的"插座"框架,提供统一的安全能力入口。已集成以下技能: **全网技能搜索 (ClawHub)**: - clawhub: 从 clawhub.com 搜索安装全网技能 **信息收集类**: - collector-strategy: 采集策略Ski... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 260 次。

如何安装 安全技能插座?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-skill-hub」即可一键安装,无需额外配置。

安全技能插座 是免费的吗?

是的,安全技能插座 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

安全技能插座 支持哪些平台?

安全技能插座 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 安全技能插座?

由 caidongyun(@caidongyun)开发并维护,当前版本 v2.2.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论