← 返回 Skills 市场
tiger-xzp

security plugins

作者 tank · GitHub ↗ · v1.0.21 · MIT-0
cross-platform ⚠ suspicious
205
总下载
0
收藏
0
当前安装
14
版本数
在 OpenClaw 中安装
/install senpub
功能描述
Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...
安全使用建议
This skill is an installer script that will contact external endpoints (embedded domains), create and store a local device id, write login state under a .state directory, and update the local OpenClaw plugin configuration (including writing ApiKey/AppId) and restart the OpenClaw gateway. Before installing: (1) verify the service domains and the package owner (no homepage/owner metadata is provided here), (2) inspect the bundled scripts (bundle.cjs) yourself or run in an isolated/staging VM, (3) back up existing OpenClaw config and plugin directories, (4) be aware credentials may appear transiently in process arguments and logs so check local audit/logging policies, and (5) if you proceed, monitor network traffic and consider rotating any issued keys after testing. If you are not sure you trust the external endpoints or cannot validate the publisher, treat this as untrusted code and do not run it on production hosts.
功能分析
Type: OpenClaw Skill Name: senpub Version: 1.0.21 The ClawSentry skill bundle is designed to install and configure a security plugin by executing a minified Node.js script (scripts/bundle.cjs). This script performs network requests to external domains (clawsentry.cn) to manage authentication tokens and uses shell commands to modify the local OpenClaw configuration and restart services. While the behavior is transparently documented in SKILL.md and aligns with the stated purpose of a security installer, the use of minified code, background process spawning for credential polling, and direct shell execution for configuration updates are high-risk behaviors that warrant a suspicious classification.
能力标签
crypto
能力评估
Purpose & Capability
The name/description match the actual operations: the bundle script installs/cleans/updates the ai-assistant-security-openclaw plugin, updates OpenClaw config, and restarts the gateway. The external API endpoints embedded in the bundle are consistent with a login/token flow for the plugin. The lack of homepage/author metadata reduces provenance but does not contradict purpose.
Instruction Scope
SKILL.md instructs the agent/user to run the included Node script which: creates a local device id, polls an external login API, writes login state under .state/, installs/updates plugin config via the local openclaw CLI, and restarts openclaw gateway. These steps stay within the installer’s scope but include high-impact host actions (removing plugin dirs, writing credentials into config, restarting services) and transient exposure of credentials in process args/logs (which the SKILL.md itself calls out).
Install Mechanism
No external install spec — the script is bundled in the skill (bundle.cjs). The script makes HTTPS calls to embedded domains but does not download arbitrary code at runtime. Executing a bundled Node script that runs shell commands is expected for an installer, but it is still executing code on the host, so verify the bundle before running.
Credentials
The skill requests no environment variables or unrelated credentials. It does, however, read/write local plugin configuration and will persist ApiKey/AppId into OpenClaw's plugin config after authorization — which is necessary for its stated function but is sensitive and should be expected by the user.
Persistence & Privilege
always:false and agent-autonomy defaults are OK. The installer intentionally modifies OpenClaw configuration, removes plugin directories, and restarts the OpenClaw gateway — these are high-privilege host changes but are coherent with an installer. There is no evidence it attempts to persist outside its own config/state paths beyond updating OpenClaw plugin settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install senpub
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /senpub 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.21
No changes detected in this version. - Version 1.0.21 does not include any file changes or user-facing updates.
v1.0.20
Version 1.0.20 of the ClawSentry skill - No file or documentation changes detected in this release. - All instructions, use cases, and privacy notes remain unchanged. - No new features, fixes, or updates were introduced in this version.
v1.0.19
No visible changes in this release (1.0.19); the SKILL.md file remains unchanged. - No updates or modifications detected in this version.
v1.0.18
No functional changes; SKILL.md updated for more detailed privacy and operational information. - Expanded Data & Privacy section to clarify login state persistence, credential handling, and host process exposure. - Documented inclusion of `ApiKey` and `AppId` in config and polling logs after authorization. - Clarified usage of local `openclaw` CLI for configuration and service restart. - Updated local files and host changes sections for more accurate descriptions.
v1.0.17
No functional code changes in this version; documentation expanded for transparency and clarity. - Added Data & Privacy section outlining how device identifiers are handled and what information is sent externally. - Described external network targets and the purpose of outgoing HTTPS requests. - Detailed local files created or modified by the install script. - Clarified changes made to the host via OpenClaw CLI operations. - No file or code changes detected; content updates limited to SKILL.md documentation.
v1.0.16
No functional changes in this version. - Documentation in SKILL.md has been significantly condensed and simplified. - All technical and background details about script operations, network endpoints, file operations, data collection, security measures, and installation risks have been removed. - The focus is now on basic use cases and clear step-by-step usage instructions.
v1.0.15
- Initial release of ClawSentry skill to install and configure security plugins for OpenClaw, including `ai-assistant-security-openclaw`. - Bundled script fully automates plugin installation, login token generation, and updates configuration upon successful login. - Stores login state and monitoring logs locally, with all communication and sensitive data encrypted. - Details security risks, operational transparency, and manual verification steps to ensure safe installation. - Usage instructions provided for both automated and manual setup scenarios.
v1.0.6
- Updated API endpoints to use fully qualified HTTPS URLs for login token creation and status checking. - No functional code changes; documentation improved to clarify exact remote endpoints used. - Ensures greater transparency regarding network communications and remote interactions.
v1.0.5
No user-visible changes in this version. - Version 1.0.5 released with no detected file changes.
v1.0.4
No user-visible changes in this release. - Version 1.0.4 released with no file changes detected.
v1.0.3
No user-visible changes in this release. - Version updated to 1.0.3 with no file changes detected. - No functional or documentation updates from the previous version.
v1.0.2
No user-facing changes in this release. - Internal version bump to 1.0.2. - No modifications detected in skill files or documentation.
v1.0.1
Version 1.0.1 - Expanded documentation in SKILL.md for greater transparency about script functionality and third-party dependencies. - Added a detailed "Script Source" section to clarify the origin and contents of the bundled script. - Included explicit risk considerations, including notes on possible arbitrary code execution. - Enhanced verification and safety instructions for users prior to script execution. - Provided an alternative manual installation path for cautious users. - No code changes; documentation only.
v1.0.0
Initial release of ClawSentry for OpenClaw. - Installs and configures the ai-assistant-security-openclaw plugin in one step. - Automates device fingerprint creation and secure login token management. - Handles login status monitoring with background process and logs activity. - Updates plugin configuration with encrypted API keys on successful login. - Stores all sensitive and operational data securely within the .state directory. - Includes clear usage instructions and security considerations.
元数据
Slug senpub
版本 1.0.21
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 14
常见问题

security plugins 是什么?

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 205 次。

如何安装 security plugins?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install senpub」即可一键安装,无需额外配置。

security plugins 是免费的吗?

是的,security plugins 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

security plugins 支持哪些平台?

security plugins 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 security plugins?

由 tank(@tiger-xzp)开发并维护,当前版本 v1.0.21。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论