← 返回 Skills 市场
213
总下载
1
收藏
0
当前安装
11
版本数
在 OpenClaw 中安装
/install securityvitals
功能描述
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.
安全使用建议
This skill appears to do exactly what it says: run a local OpenClaw audit/health/version check and report a constrained set of fields. Before installing or running it: (1) ensure you trust the installed openclaw CLI because `openclaw update status` may contact OpenClaw's update registry; (2) run scans as a user with least privilege — some health probe error strings could include diagnostic data, so avoid running in an environment where that output would expose secrets; and (3) note that the clawvitals.io dashboard and plugin are separate — this skill is stateless and does not send scan data to that dashboard by itself. If you need extra assurance, inspect the OpenClaw audit/health outputs locally to confirm nothing sensitive would be exposed by the limited fields the skill extracts.
功能分析
Type: OpenClaw Skill
Name: securityvitals
Version: 1.4.8
The securityvitals (ClawVitals) skill is a security auditing tool designed to scan OpenClaw installations. It operates by executing a specific set of local CLI commands (`openclaw security audit`, `openclaw health`, `openclaw update status`, etc.) and parsing their JSON output to generate a security score and remediation report. The skill instructions in `SKILL.md` explicitly forbid the storage or display of sensitive credentials and secrets. It requests no network permissions, although it notes that the `openclaw update status` command may trigger the CLI's native update check. The code and instructions are transparent, aligned with the stated purpose, and contain no indicators of malicious intent or data exfiltration.
能力标签
能力评估
Purpose & Capability
Name/description (security vitals for OpenClaw) match the actual behavior: the skill runs OpenClaw and node CLI commands to collect audit, health, version, and update-status information. The two required binaries (openclaw, node) are appropriate and proportional to the stated purpose.
Instruction Scope
SKILL.md tightly limits which commands to run and exactly which fields to extract, and it instructs not to show raw output or secrets. Two caveats: (1) `openclaw update status --json` may cause the OpenClaw CLI itself to contact its update registry (this is documented), and (2) the skill extracts `probe.error` from channel health output which could, in some unusual failure modes, contain diagnostic strings with sensitive info. The instructions constrain reporting, but operators should be aware of those two disclosure surfaces.
Install Mechanism
No install spec and no code files — the skill is instruction-only. Nothing is downloaded or written to disk by the skill itself, minimizing install-time risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The lack of secrets or unrelated env vars is proportionate to a diagnostics-only tool.
Persistence & Privilege
always is false (no forced global inclusion) and the skill is stateless per its documentation. It does not modify other skills or system-wide settings and does not request persistent presence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install securityvitals - 安装完成后,直接呼叫该 Skill 的名称或使用
/securityvitals触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.8
Fix SKILL.md contradictions flagged by security review: clarify network access claim, clarify detail field display rule
v1.4.7
Rollback: restore original skill description and tags (v1.4.6 incorrectly included plugin capabilities in description)
v1.4.6
Resilience improvements: NC-OLLAMA-001 discovers port from OLLAMA_HOST env var, NC-NET-001 expands to 10 default ports with user-configurable extra_ports, NC-TUNNEL-001 checks multiple config paths and detects non-Cloudflare tunnels. New clawvitals help command. Pre-publish security review fixes.
v1.4.5
Fix listing title via --name flag.
v1.4.4
Fix ClawHub listing title — SecurityVitals now has its own frontmatter with correct displayName: SecurityVitals.
v1.4.3
Fix ClawHub listing title — add displayName to SKILL.md frontmatter.
v1.4.2
Sync with ClawVitals v1.4.2: 3 new stable controls (NC-OC-012 Critical, NC-OC-013 Critical, NC-OC-014 High), skill version header in output, tightened data extraction scope.
v1.3.2
v1.3.2: Same SECURITY.md fix as ClawVitals.
v1.3.1
v1.3.1: Same fixes as ClawVitals — correct requires.bins, clarified network posture.
v1.3.0
v1.3.0: Shorter description (removed 'for OpenClaw'), declared required binaries in metadata.
v1.2.9
v1.2.9: Initial SecurityVitals publish — same content as ClawVitals, alternate slug for search discoverability.
元数据
常见问题
SecurityVitals 是什么?
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 213 次。
如何安装 SecurityVitals?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install securityvitals」即可一键安装,无需额外配置。
SecurityVitals 是免费的吗?
是的,SecurityVitals 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SecurityVitals 支持哪些平台?
SecurityVitals 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SecurityVitals?
由 BK-CM(@bk-cm)开发并维护,当前版本 v1.4.8。
推荐 Skills