← 返回 Skills 市场
813
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sys-guard-linux-remediator
功能描述
Provides forensically-safe Linux threat detection, network and process analysis, integrity verification, controlled firewall and service remediation preservi...
安全使用建议
This skill is coherent for a sysadmin/incident responder, but it performs privileged operations. Before using: (1) only run commands if you understand their impact and have physical/forensic custody policies in place, (2) work on a forensic copy or isolated host when possible to avoid contaminating evidence, (3) inspect and verify any scripts you download (check authorship, hashes, and review code) before making them executable, (4) prefer package-manager installs for trusted tooling when practical, and (5) document and backup current firewall and system state before persisting changes so remediation is reversible. If you lack deep Linux incident-response experience, consult a professional — these commands can disrupt production systems or destroy forensic value if misused.
功能分析
Type: OpenClaw Skill
Name: sys-guard-linux-remediator
Version: 1.0.0
The skill is designed for Linux incident response and remediation, requiring high privileges and access to critical system functions. While the `SKILL.md` documentation is extensive and includes robust 'Safety Guardrails' explicitly designed to prevent harmful actions (e.g., `rm -rf /`, `iptables -F` without checks, broad `pkill`), it instructs the agent to download and execute Python forensic tools from an external GitHub repository (`DidierStevens/DidierStevensSuite`) using `sudo wget`. This introduces a significant supply chain vulnerability (Remote Code Execution risk) if the external source were ever compromised, despite the current benign intent and the legitimacy of the tools. There is no evidence of intentional malicious behavior or prompt injection designed to exfiltrate data or establish persistence, but the `wget` command represents a critical vulnerability.
能力评估
Purpose & Capability
Name/description match the SKILL.md: the instructions are a coherent set of forensic collection, analysis, integrity checks, and controlled remediation steps appropriate to a Linux incident response tool.
Instruction Scope
Instructions instruct running many privileged system utilities (ss, journalctl, tcpdump, lsof, strace, rpm/apt verification, iptables/nft/firewalld changes) and to download forensic Python tools into /opt. This is consistent with incident response, but these operations require root and can alter evidence or system state if run incorrectly; the guide notes some cautions but gives broad operational discretion.
Install Mechanism
No install spec (instruction-only) which reduces install-time risk. The SKILL.md does instruct using wget to fetch scripts from raw.githubusercontent.com (Didier Stevens Suite) into /opt and make them executable; raw.githubusercontent.com is a known host and Didier Stevens' tools are common forensic helpers, but any remote-script download should be validated before execution.
Credentials
The skill requests no environment variables or external credentials. It does require root/sudo to perform many steps — appropriate and expected for system remediation. There are no unexplained credential or config-path requests.
Persistence & Privilege
The skill does not request always:true and provides no self-install. It does contain instructions to persist firewall rules and to write files under /opt and /etc (e.g., persisting iptables rules), which are legitimate for remediation but are significant system changes; use with caution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sys-guard-linux-remediator - 安装完成后,直接呼叫该 Skill 的名称或使用
/sys-guard-linux-remediator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of sys-guard-linux-remediator: a Linux incident response and remediation skill.
- Forensic-safe threat detection and evidence collection with minimal system disruption
- Comprehensive firewall detection and handling (iptables, nftables, firewalld)
- Toolkit for live analysis: network, process, integrity, malware/risk, and user activity inspection
- Structured, reversible remediation steps with operational safety guardrails
- Clear guidance for distribution variations, forensic hygiene, and persistent threat checks
元数据
常见问题
Linux Incident Remediator 是什么?
Provides forensically-safe Linux threat detection, network and process analysis, integrity verification, controlled firewall and service remediation preservi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 813 次。
如何安装 Linux Incident Remediator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sys-guard-linux-remediator」即可一键安装,无需额外配置。
Linux Incident Remediator 是免费的吗?
是的,Linux Incident Remediator 完全免费(开源免费),可自由下载、安装和使用。
Linux Incident Remediator 支持哪些平台?
Linux Incident Remediator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Linux Incident Remediator?
由 kiaraho(@kiaraho)开发并维护,当前版本 v1.0.0。
推荐 Skills