← 返回 Skills 市场
poolguy24

SkillSentryOpenClaw's Always‑On Security Cop

作者 Poolguy24 · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
1110
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install skillsentry
功能描述
OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs.
安全使用建议
This package appears to be a local-only OpenClaw auditor, but several things don't add up — the SKILL.md references node scripts (panel-server.js, config.js) and a config.yaml/log path that are not included, and the shell script defaults to a developer's hardcoded path (/Users/BillyAssist/...). Before using/installing: 1) Do not schedule it in cron yet — inspect and run it manually. 2) Read scripts/audit.sh line-by-line and change WORKDIR to your OpenClaw installation (or set WORKDIR env var) so it does not scan an unexpected location. 3) Confirm the commands it calls (openclaw, session_status, nmap) exist and behave as you expect; run audit.sh in a non-privileged account first. 4) Understand it will read local 'memory' and 'skills' directories (these can contain sensitive data); if you do not want that scanned, edit SCAN_PATHS. 5) The UI described in SKILL.md will not run as-is — panel.html is static and no server code is included. 6) Only schedule persistence (cron) after you have validated the script's behavior and outputs and are satisfied it does not transmit data externally. If you need more assurance, ask the author for the missing server/config scripts and an explanation of the hardcoded paths, or run the audit in a controlled environment (container or isolated VM) first.
功能分析
Type: OpenClaw Skill Name: skillsentry Version: 1.1.0 The skill bundle is designed for local security auditing, including scanning for prompt injection patterns and local open ports. The `SKILL.md` explicitly states 'Local-only scans; no network calls outside localhost,' which is confirmed by `scripts/audit.sh` using `nmap` only on `127.0.0.1` and `grep` on local directories. While `SKILL.md` instructs the agent to set up a cron job for the audit script, the `audit.sh` script itself performs only legitimate local checks and does not exhibit any malicious behavior like data exfiltration, unauthorized remote execution, or persistence mechanisms beyond its stated auditing purpose. The `assets/panel.html` and `references/threats.md` files are informational and UI components, respectively, and contain no malicious code or instructions.
能力评估
Purpose & Capability
The declared purpose (local OpenClaw security audit and prompt-injection detection) matches the included audit.sh which scans OpenClaw status, session state, memory and skills directories and performs a localhost port scan. However SKILL.md instructs running node scripts (node scripts/panel-server.js and node scripts/config.js) and refers to config.yaml and logs/last-report.json even though those node scripts and config file are not present in the package. The audit.sh defaults to hardcoded paths under /Users/BillyAssist/clawd which appears to be a developer leftover and may not match the target system. OUTDIR is declared but never used. These inconsistencies reduce trust in the packaging and intent.
Instruction Scope
The runtime instructions ask you to present a UI, edit config.yaml, and schedule scripts/audit.sh in cron. The actual bundle only contains a static panel.html, audit.sh, and helper docs; the server and config JS files referenced are missing. The script does scan local 'memory' and 'skills' directories (which is consistent with an auditor) — these may contain sensitive content, so scanning them is warranted but must be understood. SKILL.md claims 'Local-only scans; no network calls outside localhost', and audit.sh adheres to that (it only runs a localhost nmap if present). However the instructions are vague about how cron should be set up and where outputs/logs are stored, and the claimed 'last report at logs/last-report.json' is not produced by the included script.
Install Mechanism
No install spec or remote downloads — the skill is instruction-only with a local shell script and static assets. That minimizes supply-chain risk. The only potentially sensitive operation is executing the bundled shell script; there are no external URL downloads or extracted archives in the package.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. The script does respect WORKDIR and OUTDIR environment variables if set, but defaults to a hardcoded /Users/BillyAssist/clawd path — this is odd and likely a leftover. The script reads local files (memory, skills) which are relevant for prompt-injection scans but could expose sensitive data; no network exfiltration is present in the code, but you should verify you are comfortable with local file scanning of those paths before running.
Persistence & Privilege
The skill is not configured always:true and does not autonomously install itself. However SKILL.md explicitly instructs the user to set up a cron job to run scripts/audit.sh on a cadence; that is legitimate for an auditor but creates persistent execution. You should not schedule the script until you inspect and (if needed) edit it and the referenced missing components. The skill does not modify other skills' configs in the package.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skillsentry
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skillsentry 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
- Added SkillSentry v1.1.0 featuring OpenClaw security audits and prompt injection detection. - Produces a detailed JSON report on security posture and vulnerabilities. **Checks:** ✅ Every line for PI + tool abuse ✅ Exposed API keys ✅ New files + ports ✅ Plain logs **UI:** 🔍 SCAN - Includes a local panel server for scan management, configuration, and log review. - Supports customizable scan frequency, alert types (e.g., Telegram), and detection sensitivity via config. - All operations are local; no external network calls.
元数据
Slug skillsentry
版本 1.1.0
许可证
累计安装 6
当前安装数 5
历史版本数 1
常见问题

SkillSentryOpenClaw's Always‑On Security Cop 是什么?

OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1110 次。

如何安装 SkillSentryOpenClaw's Always‑On Security Cop?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillsentry」即可一键安装,无需额外配置。

SkillSentryOpenClaw's Always‑On Security Cop 是免费的吗?

是的,SkillSentryOpenClaw's Always‑On Security Cop 完全免费(开源免费),可自由下载、安装和使用。

SkillSentryOpenClaw's Always‑On Security Cop 支持哪些平台?

SkillSentryOpenClaw's Always‑On Security Cop 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SkillSentryOpenClaw's Always‑On Security Cop?

由 Poolguy24(@poolguy24)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论