← 返回 Skills 市场
113
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install slowmist-security-cc
功能描述
SlowMist AI Agent Security Review — comprehensive security framework for skills, repositories, URLs, on-chain addresses, and products (Claude Code version)
安全使用建议
This skill appears to be a genuine security-review framework and is mostly self-contained (markdown guidance only). Before installing or enabling it: 1) Confirm you are comfortable with the skill reading/writing in your agent's ~/.claude directories (it recommends writing logs and reading CLAUDE.md / memory files); if not, run it in a sandboxed agent or deny filesystem access. 2) If you intend to use on-chain AML features (MistTrack/Dune), expect to provide API keys—verify where those keys would be used and do not supply unrelated credentials. 3) Because the skill can record persistent audit logs, review the exact log location and content format so sensitive data isn't stored unintentionally. 4) Keep the 'human approval' requirement for HIGH/REJECT findings — do not allow unattended autonomous actions for sensitive operations. If you want a safer test, run the skill in a restricted environment, inspect any created log files, and only then allow broader access.
功能分析
Type: OpenClaw Skill
Name: slowmist-security-cc
Version: 1.0.0
The bundle is a comprehensive security review framework (SlowMist Security Review) designed to guide an AI agent in auditing external inputs like skills, repositories, URLs, and blockchain addresses. It consists entirely of defensive instructions, checklists, and pattern libraries (e.g., red-flags.md, social-engineering.md) aimed at identifying malicious behavior in other software. There is no evidence of malicious intent, data exfiltration, or unauthorized execution; the framework is transparently documented and aligns perfectly with its stated purpose of enhancing agent security.
能力标签
能力评估
Purpose & Capability
Name/description match the actual content: the SKILL.md and the reference documents implement a security-review framework for repos, skills, URLs, on‑chain addresses and products. No unexpected binaries or credentials are requested. One mismatch: the instructions repeatedly reference agent-local paths (e.g., ~/.claude/, CLAUDE.md, memory logs) and logging to ~/.claude/projects/... — these filesystem interactions are plausible for a review tool but are not declared in the skill's metadata as required config paths.
Instruction Scope
Instructions stay within the stated purpose (routing different review types, scanning code blocks, red-flag patterns, requiring human approval for HIGH/REJECT). However, multiple reference docs instruct the agent to read agent config and memory files (CLAUDE.md, ~/.claude settings, memory files) and to append audit logs to agent memory paths. Reading agent identity/memory is highly sensitive; while it can be justified for an audit, the skill does not declare or warn explicitly that it will access these sensitive files, nor does metadata request permission scopes/paths.
Install Mechanism
Instruction-only skill with no install spec and no code to download or execute. This is low-risk from an install mechanism perspective; nothing is written to disk by an installer step in the package itself.
Credentials
The skill declares no required environment variables and no primary credential, which is consistent with an instruction-only audit framework. References mention optional integrations (MistTrack API, Dune MCP) for AML scoring; those would require credentials if used, but the skill does not declare them. If you plan to use AML features, expect to supply API keys/credentials outside the skill metadata.
Persistence & Privilege
The framework recommends writing audit logs to ~/.claude/projects/<project>/memory/slowmist-security-log.md and references agent config paths. That creates persistent artifacts in the agent's directories. This is not inherently malicious, but it is persistent and touches agent-local state — the skill metadata does not declare required config paths or mention persistent log creation explicitly.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install slowmist-security-cc - 安装完成后,直接呼叫该 Skill 的名称或使用
/slowmist-security-cc触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of SlowMist AI Agent Security Review for Claude Code.
- Provides a comprehensive security framework for reviewing skills, repositories, URLs, on-chain addresses, and products.
- Introduces clear quick-decision cards, 4-level risk ratings, and trust principles for all external inputs.
- Defines activation triggers and step-by-step security review processes for common scenarios.
- Includes reference guides for supply chain, social engineering, and code red flags.
- Supports review logging for traceability and memory across projects.
- Adapts all core framework features to the Claude Code platform.
元数据
常见问题
Slowmist Security Cc 是什么?
SlowMist AI Agent Security Review — comprehensive security framework for skills, repositories, URLs, on-chain addresses, and products (Claude Code version). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 113 次。
如何安装 Slowmist Security Cc?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install slowmist-security-cc」即可一键安装,无需额外配置。
Slowmist Security Cc 是免费的吗?
是的,Slowmist Security Cc 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Slowmist Security Cc 支持哪些平台?
Slowmist Security Cc 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Slowmist Security Cc?
由 Jialin(@0xcjl)开发并维护,当前版本 v1.0.0。
推荐 Skills