← 返回 Skills 市场
SkillFence
作者
deeqyaqub1-cmd
· GitHub ↗
· v1.0.6
1912
总下载
3
收藏
2
当前安装
7
版本数
在 OpenClaw 中安装
/install skillfence
功能描述
Runtime security monitor for OpenClaw skills. Watches what your installed skills actually DO — network calls, file access, credential reads, process activity. Not a scanner. A watchdog.
安全使用建议
SkillFence appears coherent with its purpose as a local runtime monitor. Before installing: 1) Review the monitor.js file yourself (it’s small and included) to confirm behavior you’re comfortable with. 2) Confirm you trust the source/ GitHub repo the README points to (the registry owner ID, homepage, and GitHub repo user differ — verify origin). 3) Run it as a normal user (not root) so logs and scans run with limited privileges. 4) Note it will create files in your HOME (audit log, session state, license); back up sensitive files if you need to. 5) If you plan to enable any Pro/dashboard integration, confirm what data (if any) is sent externally — the bundled code appears local-only, but documentation references an external dashboard. Finally, when using features that analyze arbitrary commands/messages, avoid passing untrusted input that might be interpreted as shell commands; the monitor inspects strings, but always be cautious.
功能分析
Type: OpenClaw Skill
Name: skillfence
Version: 1.0.6
The OpenClaw SkillFence skill is a runtime security monitor designed to detect malicious behavior in other skills. Its code (`monitor.js`) and documentation (`SKILL.md`, `README.md`) consistently describe a tool that performs system introspection (process monitoring, network connection analysis, file access timestamp checks) and code scanning of other skills. Crucially, the skill explicitly claims and the code verifies that it is 'read-only' (only modifying its own state/log files, not other system files or credentials' contents) and 'never makes outbound network requests'. The use of `execSync` for system commands (like `ps aux`, `lsof`, `ss`) and `fs.readFileSync` for scanning other skill files are necessary for its stated security purpose. Prompt injection instructions in `SKILL.md` guide the AI agent to perform security monitoring and transparently report findings, not to subvert its function or hide actions. There is no evidence of intentional harmful behavior such as data exfiltration, persistence, or unauthorized remote control.
能力评估
Purpose & Capability
The skill is described as a runtime monitor and its code implements file scanning, process checks, and network-connection inspection via local system commands. Required resources are limited to Node.js and the user's HOME filesystem (for logs/state), which is proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs running monitor.js and describes scanning installed skills, checking processes, network connections, and file metadata. The code reads skill files (readFileSync) for pattern matching and uses execSync/spawn to gather process/network state — all within monitoring scope. Minor note: SKILL.md repeatedly asserts 'never makes outbound network requests' and 'read-only' for credentials (only metadata). The included code appears to perform local checks only; however the README/marketing references a CascadeAI web dashboard / Pro features (external service) — although the bundled code does not obviously contact it, the documentation suggests an external dashboard exists. This is a small discrepancy worth noting but not disqualifying.
Install Mechanism
No installer is bundled (skill contains JS file + docs). Installation options in README point to ClawHub or a GitHub repo. No external archive downloads or opaque installers are executed by the code itself. This is low-risk as long as users pull the repo from a trusted source.
Credentials
The skill requests no environment variables or credentials and only uses process.env.HOME (or /tmp) to store logs and state. It scans skill directories under the user's home and looks for references to sensitive paths — appropriate for a monitor. It does not request unrelated cloud keys or tokens. It does read license/state files it creates in the user's HOME; that behavior is reasonable for local pro feature gating.
Persistence & Privilege
always:false and user-invocable:true. The skill writes state and an audit log under the user's HOME ('.skillfence-session.json', '.skillfence-audit.log', '.skillfence-license.json'), which is expected for a monitoring tool. It does not modify other skills or system-wide configs in the provided code. No forced global persistence is requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skillfence - 安装完成后,直接呼叫该 Skill 的名称或使用
/skillfence触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
v1.0.6 — Included monitor.js executable in package. Fixed documentation-only issue. Pro/webhook features clarified as separate web dashboard (skill never makes network requests). Credential checks explicitly only read file metadata (timestamps via stat), never file contents.
v1.0.5
v1.0.5 — Included monitor.js in package (was documentation-only before). Pro/webhook features clarified as separate web dashboard. Credential checks only read file metadata (timestamps), never contents. Skill never makes outbound network requests.
v1.0.4
v1.0.4 — Clarified that Pro/webhook features are a separate web dashboard, not part of this skill. Skill never makes outbound network requests. Credential checks explicitly only read file metadata (timestamps via stat), never file contents. Addresses OpenClaw security scanner findings.
v1.0.3
Fix metadata — remove requires block for OpenClaw compatibility
v1.0.2
v1.0.2 — Added Pro license activation (--activate), license status check (--license), and interactive threat dashboard (--dashboard). Dashboard includes click-to-expand findings with recommended actions, skills status, threat breakdown, and activity timeline. Pro features gated behind license key.
v1.0.1
SkillFence 1.0.0 initial release:
- Introduced runtime security monitoring for OpenClaw skills, tracking network calls, file access, credential reads, and process activity.
- Added monitor.js as the core engine for live and on-demand security checks.
- Removed rules.js and replaced ZeroRules functionality with comprehensive threat monitoring.
- Provided multiple commands for scanning, live monitoring, network/process/credential checks, session status, and audit logs.
- Included clear severity badges and detailed report formatting for findings.
- Offered user-invocable slash commands for quick security operations and session visibility.
v1.0.0
Initial release. Runtime security monitor for OpenClaw skills. Scans installed skills for known C2 addresses, dangerous commands, credential access, and data exfiltration patterns. Monitors active network connections, processes, and sensitive file access. Full audit trail logging.
元数据
常见问题
SkillFence 是什么?
Runtime security monitor for OpenClaw skills. Watches what your installed skills actually DO — network calls, file access, credential reads, process activity. Not a scanner. A watchdog. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1912 次。
如何安装 SkillFence?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillfence」即可一键安装,无需额外配置。
SkillFence 是免费的吗?
是的,SkillFence 完全免费(开源免费),可自由下载、安装和使用。
SkillFence 支持哪些平台?
SkillFence 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SkillFence?
由 deeqyaqub1-cmd(@deeqyaqub1-cmd)开发并维护,当前版本 v1.0.6。
推荐 Skills