← 返回 Skills 市场
jose-compu

Self-Improving Security

作者 José I. O. · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ✓ 安全检测通过
100
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install self-improving-security
功能描述
Captures vulnerabilities, misconfigurations, access control violations, compliance gaps, incident response patterns, and threat intelligence to enable contin...
安全使用建议
This skill appears to do what it says: create/append security learning and incident logs and inject bootstrap reminders. Before installing or enabling hooks: 1) Review the scripts (scripts/*.sh) and hook handlers for yourself — they will run with your agent's permissions. 2) Prefer the activator-only (UserPromptSubmit) setup; be cautious enabling PostToolUse/error-detector because it reads tool output (CLAUDE_TOOL_OUTPUT) that may contain secrets — ensure you trust the environment and that the detector won't forward sensitive content. 3) If using the manual git clone URL, verify the repository source and contents before running any scripts. 4) Ensure file permissions are correct (chmod +x scripts/*.sh) and prefer dry-run options (extract-skill.sh --dry-run) when available. 5) Follow the skill's redaction guidance strictly: never store unredacted secrets or PII in .learnings/.
功能分析
Type: OpenClaw Skill Name: self-improving-security Version: 1.2.0 The bundle is a defensive security framework designed to help AI agents identify, log, and remediate security findings. It includes scripts for environment initialization, error detection, and skill scaffolding (e.g., `extract-skill.sh`, `activator.sh`), all of which are aligned with the stated purpose of continuous security improvement. The instructions in `SKILL.md` and the OpenClaw hooks (`handler.js`) emphasize strict redaction of sensitive data like API keys and PII, and no evidence of data exfiltration, unauthorized execution, or malicious intent was found.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The name/description (capture security learnings, incidents, and promote patterns to runbooks) matches the shipped files and scripts: markdown templates, log scaffolding, a small activator reminder, an error-detection pattern-checker, and helpers to scaffold extracted skills. No unrelated credentials, binaries, or install steps are required.
Instruction Scope
Runtime instructions create/read .learnings/ files and optionally inject a reminder into OpenClaw workspaces; the activator only prints a reminder. The error-detector reads CLAUDE_TOOL_OUTPUT (user-provided command output) and scans it for security keywords — it does not forward raw output but will emit a detection marker. User must follow the redaction guidance: the skill relies on the operator to avoid recording secrets. Consider reviewing the scripts before enabling PostToolUse hooks because they operate on potentially sensitive tool output.
Install Mechanism
No automatic install spec is provided (instruction-only), so nothing is downloaded or extracted by the platform. The SKILL.md suggests manual git clone or clawdhub install; manual cloning is explicit and under user control. As with any manual clone, treat the referenced GitHub repo as a supply-chain source and review code before executing scripts.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only environment value the scripts read is CLAUDE_TOOL_OUTPUT (for the optional error-detector hook) — which is proportional to the stated optional feature and documented with a caution about sensitive content.
Persistence & Privilege
always is false and the skill does not request permanent platform privileges. Hooks add a virtual reminder file on agent bootstrap (handler mutates event.context.bootstrapFiles), which is consistent with an opt-in reminder hook. The skill does not modify other skills or system-wide configs beyond instructions to copy hook files into the user's hooks directory if the user opts in.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install self-improving-security
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /self-improving-security 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
**Version 1.1.0** - Added stackability contract for multi-skill installations. - Added namespaced logging guidance (`.learnings/security/`) for coexistence with other skills. - Added required `Skill: security` metadata field and cross-skill precedence/ownership rules. - Clarified hook arbitration model (single dispatcher, dedupe, rate limiting).
v1.1.0
self-improving-security v1.1.0 - Updated the sensitive data redaction table to clarify token types: now specifies "Access tokens (JWT, bearer, session)". - Added a new note: "No credentials or access tokens are required by this skill." - No functional or file changes detected—documentation-only update for clarity around secret/token handling and onboarding.
v1.0.0
Self-Improving Security Skill v1.0.0 - Initial release capturing and logging vulnerabilities, misconfigurations, access violations, compliance gaps, incident response, and threat intelligence for continuous improvement. - Provides strict guidance on redacting sensitive data before logging, with a reference table for redaction formats. - Details quick-reference actions for a range of security events, mapping them to proper log files and categories. - Includes setup and integration instructions for OpenClaw and generic agents, ensuring consistent logging across environments. - Promotes mature security patterns to runbooks, checklists, and workspace documentation for long-term maturity. - Offers optional hooks for automated session reminders and initialization.
元数据
Slug self-improving-security
版本 1.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Self-Improving Security 是什么?

Captures vulnerabilities, misconfigurations, access control violations, compliance gaps, incident response patterns, and threat intelligence to enable contin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。

如何安装 Self-Improving Security?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install self-improving-security」即可一键安装,无需额外配置。

Self-Improving Security 是免费的吗?

是的,Self-Improving Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Self-Improving Security 支持哪些平台?

Self-Improving Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Self-Improving Security?

由 José I. O.(@jose-compu)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论