← 返回 Skills 市场
tktk-ai

TK Security Auditor

作者 tktk-ai · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
95
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tk-security-auditor
功能描述
Run security audits on Linux servers, web applications, and cloud infrastructure. Checks SSH hardening, firewall rules, open ports, SSL/TLS config, file perm...
安全使用建议
This skill appears to be a legitimate on-host security auditor, but it omits some important operational details. Before using it: (1) Do not run remediation commands blindly — review and test each fix in a staging environment and back up configs (eg /etc/ssh/sshd_config). (2) Expect it to require root/sudo and tools like nmap, openssl, ufw, apt, and possibly cloud CLIs; verify those are present or install them yourself. (3) For cloud audits, do not hand over long-lived cloud credentials; prefer scoped, temporary credentials or run the audit from CI/hosts that already have appropriately limited access. (4) Ask the skill/agent to perform a read-only audit first and list exact commands it would run before asking it to apply changes. If you cannot verify the commands or the agent's source, treat remediation steps as suggestions only.
功能分析
Type: OpenClaw Skill Name: tk-security-auditor Version: 1.0.0 The 'security-auditor' skill is a legitimate tool designed for server hardening and vulnerability assessment. The instructions in SKILL.md and the remediation commands in references/common-fixes.md align with industry-standard security best practices (e.g., SSH hardening, firewall configuration, and file permission audits) without any evidence of data exfiltration, obfuscation, or malicious intent.
能力评估
Purpose & Capability
The skill's name, description, and instructions align with performing server and web application audits and producing remediation commands. However, the SKILL.md also claims cloud infrastructure reviews but does not declare or document any required cloud credentials, CLIs (aws/gcloud/doctl), or API access mechanisms — this is a notable omission that reduces coherence for the cloud-audit capability.
Instruction Scope
The runtime instructions include commands that read the entire filesystem (find /), inspect services, run network checks (openssl, nmap) and provide copy-paste remediation that edits system configuration files (sed on /etc/ssh/sshd_config, remounting /tmp, enabling UFW, restarting services). Those actions are within a security-audit remit, but the SKILL.md gives no explicit safety steps (take backups, run in audit-only mode, require confirmation before applying fixes), increasing risk if applied blindly.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write new binaries to disk or download remote code. That minimizes install-time risk.
Credentials
The skill declares no required environment variables or primary credentials, yet the instructions reference tools and operations that typically require: root/sudo privileges and third-party CLIs or utilities (nmap, openssl, ufw, apt, fail2ban, possibly cloud CLIs). The lack of declared credential/tool requirements is an omission that may surprise users and lead the agent to request sensitive access interactively.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-level presence or modify other skills' configuration. Autonomous invocation is allowed by default but is not combined with other elevated privileges here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tk-security-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tk-security-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — Linux server, web app, and cloud infrastructure security auditing with fix commands
元数据
Slug tk-security-auditor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

TK Security Auditor 是什么?

Run security audits on Linux servers, web applications, and cloud infrastructure. Checks SSH hardening, firewall rules, open ports, SSL/TLS config, file perm... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 95 次。

如何安装 TK Security Auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tk-security-auditor」即可一键安装,无需额外配置。

TK Security Auditor 是免费的吗?

是的,TK Security Auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

TK Security Auditor 支持哪些平台?

TK Security Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 TK Security Auditor?

由 tktk-ai(@tktk-ai)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论