← 返回 Skills 市场
martin2877

Tophant Clawvault Operator

作者 Ali0th · GitHub ↗ · v0.2.5 · MIT-0
cross-platform ⚠ suspicious
130
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install tophant-clawvault-operator
功能描述
Operate ClawVault services, configuration, vault presets, and scanning from OpenClaw
安全使用建议
This skill appears coherent for operating a local ClawVault installation, but consider the following before installing: - Prerequisites: confirm ClawVault was installed by the corresponding installer skill and that the installer's venv (the SKILL.md / SECURITY.md reference) exists as expected. The operator calls the 'claw_vault' module and relies on that installation. - File reads: the 'scan-file' command will read any path you pass it. Do not scan sensitive files unless you intend to expose their contents to the skill's runtime environment. - Process control: the skill runs subprocesses (pgrep, start via Python -m claw_vault, os.kill). Review platform policies if you need strict process isolation. - Local-only network: the skill claims to only contact 127.0.0.1; verify that the dashboard binds to localhost if you need to avoid remote access. - Review upstream packages: because the operator invokes the installed 'claw_vault' package, verify the integrity/source of that package (installed venv) to avoid running malicious code from upstream packages. - If you require strong isolation, run this skill in a disposable VM/container or audit the code and the installed clawvault package first. I have high confidence the package is internally consistent with its stated purpose. If you want, I can point out the exact lines that read/write the config, run pgrep/kill, or perform the local HTTP calls so you can review them yourself.
功能分析
Type: OpenClaw Skill Name: tophant-clawvault-operator Version: 0.2.5 The tophant-clawvault-operator skill is a management tool for the ClawVault security service, providing commands to start/stop services, manage local YAML configurations, and scan text or files for sensitive data. The implementation in clawvault_ops.py uses standard Python libraries and subprocess calls to interact with the local claw_vault module and its configuration directory (~/.ClawVault/). All requested permissions (execute_command, read_files, write_files, network) are well-justified and restricted to local operations, with no evidence of data exfiltration, prompt injection, or malicious intent.
能力标签
cryptorequires-walletrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description (operate ClawVault: start/stop/status, config, vault presets, scanning) align with the included Python tool and the requested permissions (execute_command, read_files, write_files, network). No unrelated secrets or cloud credentials are requested.
Instruction Scope
SKILL.md and clawvault_ops.py limit network access to local dashboard (127.0.0.1) and operate on ~/.ClawVault/ and files explicitly supplied to scan-file. This is expected for a local operator, but scan-file reads arbitrary user-supplied paths — granting read_files allows the skill to read any file you point it at. The SKILL.md contains examples showing prompt-injection strings (e.g., 'Ignore previous instructions...') as scan targets; this is probably illustrative rather than an attempt to manipulate the evaluator.
Install Mechanism
No install spec is provided (instruction-only install). Code is bundled with the skill (clawvault_ops.py) and expects ClawVault to be previously installed by the installer skill. No remote downloads or extracted archives are performed by the skill package itself.
Credentials
No environment variables or external credentials are required. Declared requirements (pyyaml, requests) are consistent with YAML parsing and HTTP calls to the local dashboard. The permissions requested (read/write under ~/.ClawVault/, execute commands, local network probes) are proportional to the stated functionality.
Persistence & Privilege
always is false and model-invocation is allowed (the platform default). The skill does not request elevated system-wide persistence or modify other skills. Its write scope is limited to ~/.ClawVault/.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tophant-clawvault-operator
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tophant-clawvault-operator 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.5
Rename local operator package to tophant-clawvault-operator, align command docs with slash name, and hide local scan commands.
v0.2.4
v0.2.4 — Shortened in-skill disclosure, moved detail to SECURITY.md The verbose capability enumeration introduced in v0.2.3 caused the ClawHub LLM scanner to over-flag each enumerated capability as a separate concern. This release restores a concise top-level description in SKILL.md and README.md and relocates the complete capability/risk disclosure to a dedicated SECURITY.md. - SKILL.md and README.md: single-sentence summary, pointing to SECURITY.md for detail. - SECURITY.md (new): full capability list, what the skill does and does not touch, runtime prerequisite, sensitive command modes (scan-file / local-scan / skill_audit / scan-schedule-add), permissions table. No code changes. Same runtime behavior as v0.2.3.
v0.2.3
v0.2.3 — Expanded capability disclosure (scan: suspicious → clean) Documentation-only update addressing three re-evaluated ClawHub scanner findings: 1. Instruction Scope (was: concern) — SKILL.md and README.md now explicitly disclose that scan-file, local-scan, and scan-schedule-add read user-supplied paths, and that local-scan --type skill_audit specifically reads files under other installed OpenClaw skill directories. 2. Purpose & Capability (was: note) — Clarified the venv arrangement: the python3 declared in requires.bins launches clawvault_ops.py, which then dispatches into ~/.clawvault-env/ for ClawVault operations. 3. Credentials (was: note) — Broader file-read capability is now surfaced up-front so read_files permission is clearly justified. No code changes.
v0.2.2
v0.2.2 — Binary dependency declaration (scan: note → ok) Addresses the "Purpose & Capability" note flagged by ClawHub security scanner. Changes: - skill.json now declares `pgrep` alongside `python3` in `metadata.openclaw.requires.bins`. The operator script has always used pgrep for service-status checks; this version makes that dependency explicit in the manifest so the scanner and OpenClaw can verify the runtime environment up-front. - SKILL.md frontmatter mirrors the same declaration. No code changes.
v0.2.1
v0.2.1 — Documentation hardening (no code changes) Mirrors the documentation update in tophant-clawvault-installer v0.2.1. No behavior changes. - Added "Capability Disclosure" section to SKILL.md clarifying that the operator skill only reads/writes ~/.ClawVault/, starts/stops existing processes, and talks to localhost:8766. It installs nothing and modifies no systemd units. - Explicit statement that the skill refuses to run if the installer's venv at ~/.clawvault-env/ is missing.
v0.2.0
First public release (v0.2.0) 25 operational commands grouped into six categories: - Service lifecycle: start, stop, status - Threat scanning: scan, scan-file - Configuration: config-show, config-get, config-set, config-append, config-remove (hot-patches live config via dashboard API) - Vault presets: 21 built-in presets covering general, engineering, compliance, and organization scenarios (developer-workflow, source-code-repo, ci-cd-pipelines, mobile-dev, cloud-infra, database-protection, crypto-wallet, financial-strict, healthcare-hipaa, gdpr-compliance, legal-contracts, hr-recruiting, backup-archive, enterprise-internal, communication-logs, audit-only, plus 5 originals) - Local filesystem scans: local-scan with credential/vulnerability/skill_audit types, cron scheduling, and history - Per-agent config: granular detection and guard-mode overrides per agent Requires tophant-clawvault-installer (v0.2.0+) to be installed first.
元数据
Slug tophant-clawvault-operator
版本 0.2.5
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Tophant Clawvault Operator 是什么?

Operate ClawVault services, configuration, vault presets, and scanning from OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 130 次。

如何安装 Tophant Clawvault Operator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tophant-clawvault-operator」即可一键安装,无需额外配置。

Tophant Clawvault Operator 是免费的吗?

是的,Tophant Clawvault Operator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Tophant Clawvault Operator 支持哪些平台?

Tophant Clawvault Operator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Tophant Clawvault Operator?

由 Ali0th(@martin2877)开发并维护,当前版本 v0.2.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论