← 返回 Skills 市场

SKILL Sonar

Name: SKILL Sonar
Author: yxf203

作者 Xiaofang Yang · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ✓ 安全检测通过

598

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skill-sonar

功能描述

Lifecycle guard. Route to preflight or runtime.

安全使用建议

This skill appears coherent and low-risk: it is purely documentation that defines preflight/runtime guard behavior and makes no external calls or credential requests. Before installing, verify the skill's origin/author (the registry metadata shows an opaque owner ID), review the preflight and runtime documents yourself to ensure the guard logic matches your expectations, and test it in a non-production environment. Note that the documents are policy-level guidance only — they cannot by themselves enforce sandboxing or prevent code execution; confirm your agent runtime will actually follow the guard steps (triage prompts, user confirmations) and that you won't grant the skill extra capabilities (e.g., file-system or network access) beyond its intended read-only review of the skill package.

功能分析

Type: OpenClaw Skill Name: skill-sonar Version: 1.0.2 The 'skill-sonar' bundle is a defensive security framework designed to provide preflight auditing and runtime protection for OpenClaw agents. It contains comprehensive instructions (SKILL.md, preflight-guard.md, runtime-guard.md) that guide the agent to treat all external skill artifacts and tool outputs as untrusted (P0). While the files contain sensitive indicators such as regex patterns for API keys and references to private directories like ~/.ssh/ (found in preflight/preflight-guard.md), these are used strictly as detection signatures to alert users to risks in other skills. The logic is consistently aligned with its stated purpose of safety enforcement and does not exhibit malicious intent or unauthorized data access.

能力评估

✓ Purpose & Capability

Name/description (lifecycle guard / routing to preflight or runtime) matches the included files and declared behavior. All included documents (preflight and runtime guards, checklists, stage guards) are relevant to the stated purpose. No unrelated binaries, env vars, or external endpoints are requested.

✓ Instruction Scope

SKILL.md and the referenced guard documents restrict actions to reviewing the skill's own package, performing triage, and gating risky operations. The preflight guard explicitly forbids reading paths outside the candidate skill directory. There are no directives to exfiltrate data, call external endpoints, or read unrelated system files. The guidance is prescriptive rather than open-ended.

✓ Install Mechanism

No install specification and no code files — this is instruction-only. Nothing will be downloaded or written to disk by an installer. This is the lowest-risk install profile and is proportionate for a documentation-based guard skill.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. All checks and policies operate on documents bundled in the skill. There are no unexplained secret accesses or requests for unrelated tokens or files.

ℹ Persistence & Privilege

The skill is not always-on and does not request elevated privileges; model invocation is allowed (default), which is normal. Because this skill functions as a guard that could influence agent decision-making, you should ensure your agent runtime enforces these guard policies rather than assuming the skill can enforce isolation or system-level protections on its own.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skill-sonar
安装完成后，直接呼叫该 Skill 的名称或使用 /skill-sonar 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Updated runtime guard to include four new focused checklists: mode transition, provenance, sensitive resources, and triage. - Removed nine previously separate preflight area checklists, using only one file. - No changes to routing or user-facing instructions. - Improves organization of runtime safety checks.

v1.0.1

- area5-injection-resistance. Wording update Rephrased several descriptive examples that were triggering false positives in static regex scanners. No changes to detection logic or coverage scope.

v1.0.0

Initial release of skill-sonar. - Introduces automatic routing between preflight and runtime guards based on skill status and context. - Differentiates between analysis of the skill itself (preflight) and actions taken during execution (runtime). - Supports user overrides and risk-based escalation. - Loads guard files only when needed. - Provides constraints for language output, advisories, and escalation on bypass attempts.

元数据

Slug skill-sonar

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

SKILL Sonar 是什么？

Lifecycle guard. Route to preflight or runtime. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 598 次。

如何安装 SKILL Sonar？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-sonar」即可一键安装，无需额外配置。

SKILL Sonar 是免费的吗？

是的，SKILL Sonar 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

SKILL Sonar 支持哪些平台？

SKILL Sonar 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 SKILL Sonar？

由 Xiaofang Yang（@yxf203）开发并维护，当前版本 v1.0.2。