← 返回 Skills 市场

ShellWard Security Guide

Name: ShellWard Security Guide
Author: jnmetacode

作者 jnMetaCode · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

437

总下载

当前安装

版本数

在 OpenClaw 中安装

/install shellward-security-guide

功能描述

OpenClaw 安全部署指南 / Security deployment guide — help users secure their OpenClaw installation

使用说明 (SKILL.md)

ShellWard Security Deployment Guide / 安全部署指南

When the user invokes this skill, provide a complete security deployment checklist based on the following best practices. Check the current system state using available tools and give actionable recommendations.

Security Checklist

1. Network Control / 网络控制

Check if OpenClaw gateway port (19000/19001) is exposed to public network
Recommend binding to 127.0.0.1 or using a reverse proxy with authentication
Suggest firewall rules: ufw allow from 127.0.0.1 to any port 19000
For cloud servers: check security group rules

2. Container Isolation / 容器隔离

Recommend running OpenClaw in Docker with restricted capabilities:

docker run --cap-drop=ALL --cap-add=NET_BIND_SERVICE \
  --read-only --tmpfs /tmp \
  -u 1000:1000 \
  openclaw

Suggest resource limits: --memory=2g --cpus=1
Mount only necessary directories

3. Credential Management / 凭证管理

Scan for plaintext secrets in .env, .bashrc, environment variables
Recommend using a secret manager (Vault, doppler, etc.)
Check file permissions on sensitive files (should be 0600)
Suggest chmod 600 ~/.env ~/.ssh/* ~/.aws/credentials

4. Audit Logging / 审计日志

Verify ShellWard audit log is active at ~/.openclaw/shellward/audit.jsonl
Show recent security events
Recommend log rotation and backup strategy
Suggest sending critical events to external SIEM

5. Plugin Security / 插件安全

List all installed plugins and check for known risks
Disable auto-update for plugins
Only install from trusted sources
Scan plugin code for suspicious patterns

6. Patch Management / 补丁管理

Check current OpenClaw version
Report known vulnerabilities for current version
Recommend upgrade path
Check Node.js version (must be >= 22.12)

Available Commands

Remind the user about ShellWard's quick commands:

/security — Full security status overview
/audit [count] [filter] — View audit log
/harden — Scan for issues, /harden fix to auto-fix
/scan-plugins — Scan plugins for security risks
/check-updates — Check versions and vulnerabilities

Response Style

Be concise and actionable
Use the user's language (detect from their message)
Prioritize critical issues first
For each issue, provide the exact command to fix it
Ask for confirmation before executing destructive operations

安全使用建议

This skill looks coherent for its stated purpose but it will ask the agent to read sensitive local files (env, SSH keys, AWS creds), audit logs, and plugin code. Before using it: (1) prefer running it on a test or staging host or with read-only access; (2) do not paste cloud/provider credentials unless you trust the source (the package has no homepage/source repo listed); (3) review any 'auto-fix' actions and require manual confirmation before destructive fixes; and (4) if the skill asks to send data to external services (SIEM or other endpoints), validate where data will go and redact secrets if necessary.

功能分析

Type: OpenClaw Skill Name: shellward-security-guide Version: 1.0.0 The skill is a security deployment guide designed to help users harden their OpenClaw installation. It provides a comprehensive checklist covering network control, container isolation, credential management, and audit logging, using standard security practices (e.g., ufw, chmod 600, Docker resource limits). While it instructs the agent to scan for secrets and system vulnerabilities in files like SKILL.md, the intent is clearly defensive, and it explicitly requires user confirmation before performing any destructive operations.

能力评估

✓ Purpose & Capability

Name/description (OpenClaw security deployment guide) align with the SKILL.md: it instructs checks for network exposure, container hardening, credential management, audit logs, plugins, and patching — all appropriate for a security guide.

ℹ Instruction Scope

The runtime instructions explicitly ask the agent to inspect local state (ports, firewall, ~/.env, ~/.bashrc, ~/.ssh, ~/.aws/credentials, ~/.openclaw/shellward/audit.jsonl), list and scan plugin code, and check Node/OpenClaw versions. Those actions are coherent for a security scanner but involve reading sensitive files and potentially sending findings externally; the SKILL.md is somewhat broad ('Check the current system state using available tools') which grants the agent discretionary scope.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — lowest disk/write risk. Nothing is downloaded or installed by the skill itself.

ℹ Credentials

The skill declares no required env vars or credentials, yet instructs scanning environment variables and credential files (including AWS creds). Reading those items is reasonable for a security guide, but the skill does not request or document how cloud credentials would be accessed — users should not provide cloud/provider credentials unless explicitly needed and verified.

✓ Persistence & Privilege

Flags show always:false and user-invocable:true; disable-model-invocation:false (normal). The skill does not request persistent presence or modify other skills or global agent config.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install shellward-security-guide
安装完成后，直接呼叫该 Skill 的名称或使用 /shellward-security-guide 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — OpenClaw security deployment checklist with 6 audit categories

元数据

Slug shellward-security-guide

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题