← 返回 Skills 市场
SkillGuard Hardened
作者
2404589803
· GitHub ↗
· v1.0.5
· MIT-0
299
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install skillguard-hardened
功能描述
Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI inten...
安全使用建议
SkillGuard is broadly coherent: it legitimately needs python3 and an AI key, and the code implements scanning, AI-based intent checks, reporting, and quarantining. Before installing: 1) Verify the Zenmux provider and limit the privileges of the ZENMUX_API_KEY (use a scoped key if possible). 2) Inspect guarded_flow.py and manage_skill.py to confirm they enforce the --force/--yes delete confirmations and do not blindly execute remote content fetched via npx/curl/wget. 3) Validate the remote-update hosts (moltbook.com and fluxapay.xyz); confirm they are official/trusted sources for policy/manifest updates or remove/unconfigure remote updates. 4) Confirm the configured allowed_roots/quarantine/report directories map to a workspace you control (avoid unexpected absolute paths like /root/clawd unless that is intended). 5) Run the skill in an isolated test environment first and review logs/reports to ensure remediation actions behave as described. If you are concerned about autonomous invocation, do not grant the agent permission to call this skill automatically until you have tested it.
功能分析
Type: OpenClaw Skill
Name: skillguard-hardened
Version: 1.0.5
SkillGuard is a comprehensive security auditing and remediation framework for OpenClaw skills. It implements static analysis (lib/analyzers.py), AI-driven intent auditing (lib/ai_audit.py), and controlled remediation actions like quarantine and deletion (lib/remediation.py). The code includes robust safety features, such as path-traversal protection via _assert_safe_target, domain whitelisting for remote updates (moltbook.com, fluxapay.xyz), and mandatory manual flags (--force --yes) for destructive operations. The high-privilege capabilities (file deletion and command execution) are strictly aligned with its stated purpose as a security tool.
能力评估
Purpose & Capability
Name/description claim a skill-auditor and the package contains static analysis, AI-audit, reporting, and remediation code that matches that purpose. Requiring python3 and a Zenmux API key is coherent. Minor oddities: SKILL.md mentions remote updates from moltbook.com and fluxapay.xyz (fluxapay.xyz is an unexpected host for a guard tool) and the human-readable SKILL.md documents an absolute default report path (/root/clawd/...) that doesn't match the policy placeholders used by the code (which render paths from the workspace). These should be verified but do not by themselves contradict the stated purpose.
Instruction Scope
SKILL.md and the scripts direct the agent to scan skill directories, run guarded execution wrappers, and perform quarantine/restore/delete actions — all within the declared purpose. The instructions include commands that fetch or install skills (npx-add, moltbook-install) and a guarded exec wrapper that will invoke untrusted code via subprocess; this is expected for an install-gate but expands the skill's runtime surface (network fetch + executing wrapped binaries). Confirm the guarded execution flow does not blindly execute remote content without verification.
Install Mechanism
There is no external install spec (instruction-only install behavior); the package contains Python scripts and no download/install step is required by the skill itself. This is the lower-risk model for a code-included skill.
Credentials
Only ZENMUX_API_KEY (and optional model override envs) are required for AI auditing. The code reads a few alternate env var names as fallbacks and optional model/base-url overrides. That level of credential access is proportional to an AI-backed auditing tool; there are no unrelated cloud credentials requested.
Persistence & Privilege
The skill modifies filesystem state (move to quarantine, delete with shutil.rmtree, write reports/audit logs). Those privileges are necessary for remediation but are high-impact. The policy enforces allowed roots and the code asserts operations stay within those allowed roots, which mitigates risk — still, deletion is possible and must be guarded by the operator flags described in SKILL.md.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skillguard-hardened - 安装完成后,直接呼叫该 Skill 的名称或使用
/skillguard-hardened触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
Switch ZenMux AI auditing from Anthropic-compatible messages to ZenMux OpenAI-compatible chat completions, default model openai/gpt-5.4, and refresh skill metadata wording.
v1.0.4
- Added auto-remediation support to scan command (`--auto-remediate quarantine|delete`) for bulk quarantine or deletion of risky skills.
- Introduced "clean" and "disinfect" commands in manage_skill.py to automatically quarantine or delete a skill based on a scan result.
- Extended documentation with new usage examples for auto-remediation, clean, and disinfect flows.
- Default remediation now only targets skills marked as BLOCK or QUARANTINE, and still requires explicit confirmation for deletion.
v1.0.3
skillguard-hardened v1.0.3
- Updated version number to 1.0.3.
- No functional or documentation changes detected aside from version increment.
v1.0.2
**Summary:**
Malicious test fixtures have been removed from the distribution for increased security and package hygiene.
- Removed all included malicious skill test fixtures from the package.
- Updated documentation to clarify security capabilities and explain the removal of test fixtures.
- No functional changes to core scanning or guarded execution logic.
- Safer distribution, with test artifacts now generated dynamically at test time only.
v1.0.1
- Added full English/Chinese (bilingual) documentation for all features, usage, and safety model.
- Improved readability by dividing sections into concise English headlines with corresponding Chinese explanations in parentheses.
- No functional or command changes—documentation only.
v1.0.0
Initial release of skillguard-hardened.
- Provides security auditing for OpenClaw skills using local rules and DeepSeek intent review.
- Supports scan, install check, update check, and execution check with structured JSON reporting.
- Includes quarantine, restore, and explicit delete management commands.
- Integrates with agent workflows via guarded installation and update flows.
- DeepSeek API key required for semantic audits; falls back to local rules if unset.
- Default actions are PASS, WARN, BLOCK, or QUARANTINE; delete requires explicit confirmation.
元数据
常见问题
SkillGuard Hardened 是什么?
Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI inten... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 299 次。
如何安装 SkillGuard Hardened?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillguard-hardened」即可一键安装,无需额外配置。
SkillGuard Hardened 是免费的吗?
是的,SkillGuard Hardened 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SkillGuard Hardened 支持哪些平台?
SkillGuard Hardened 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SkillGuard Hardened?
由 2404589803(@2404589803)开发并维护,当前版本 v1.0.5。
推荐 Skills