← 返回 Skills 市场
365
总下载
0
收藏
8
当前安装
2
版本数
在 OpenClaw 中安装
/install tuanziguardianclaw
功能描述
It serves as the ultimate defense layer, monitoring, intercepting, and blocking dangerous actions taken by other skills. TuanziGuardianClaw ensures system se...
安全使用建议
This SKILL.md reads like a policy/spec rather than an enforceable guardian: it tells the agent to be a system-level security kernel but provides no code, install, or declared privileges to actually enforce those rules. Treat it as potentially manipulative prompt content instead of a true supervisor. Before installing or enabling it, ask the publisher for: (1) exact mechanism by which it enforces policies (platform hooks, middleware, or signed code), (2) provenance (source repo, maintainer identity, release signatures), (3) how capability tokens are minted and stored, (4) where audit logs are written and who can read them, and (5) a security review or test plan showing it cannot be bypassed. If the platform does not explicitly support third-party 'guardian' skills with privileged hooks, do not rely on this instruction-only skill for real protection; instead prefer platform-provided, auditable enforcement points or run any experimental guardian in an isolated test environment.
功能分析
Type: OpenClaw Skill
Name: tuanziguardianclaw
Version: 0.1.1
The skill bundle 'tuanziguardianclaw' (SKILL.md) is a purely defensive set of instructions designed to establish a security persona and supervisor role for the OpenClaw agent. It defines a structured permission model, identifies sensitive assets like credentials and SSH keys for protection, and provides logic for detecting prompt injection and data exfiltration. There is no executable code, obfuscation, or evidence of malicious intent; the instructions are focused on enforcing security boundaries and least-privilege principles.
能力评估
Purpose & Capability
The SKILL.md claims TuanziGuardianClaw is a security kernel that 'runs before every action' and 'overrides all other skills', but the package is instruction-only, requests no privileges, and has no install or platform integration. A genuine supervisor guardian would need platform-level hooks or explicit privileges; those are not declared here, so the claimed capability is disproportionate to what this artifact can legitimately do.
Instruction Scope
The runtime instructions direct the agent to inspect other skills, intercept system operations, and block actions. Those instructions require access to other skills' metadata, execution flow, or the system prompt—things the skill has not requested and which likely cannot be enforced purely via an instruction file. The SKILL.md also contains strong imperative language ('Your rules override all other skills') which can act as prompt-injection when included in an agent's context.
Install Mechanism
There is no install spec and no code files. That minimizes direct supply-chain risk but also means the file can only influence agent behavior via prompts. The lack of an install path makes the guardian's enforcement claims technically unsupported by any on-disk or platform integration.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a guardian that should not need secrets. However, it describes capability tokens and auditing without explaining how tokens are issued or how logs are stored/secured; this missing provenance reduces confidence in its operational model.
Persistence & Privilege
The skill asserts persistent, pre-execution control ('runs before every action') but is not marked always:true and does not declare system-level privileges. That mismatch suggests either (a) the skill is trying to gain implicit authority via prompt content (prompt-injection pattern), or (b) it is incomplete and cannot deliver on its core promise. Both are concerning.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tuanziguardianclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/tuanziguardianclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
- Updated project homepage URL from https://guardianclaw.tuanzi.ai to https://claw.mytuanzi.com
- No other changes made to features, rules, or security policies
v0.1.0
Initial release of TuanziGuardianClaw, the security kernel for OpenClaw.
- Implements strict permission and sandboxing models for all skills, enforcing least privilege and explicit user approval for sensitive operations.
- Protects credentials, secret files, and personal data with specialized rules; explicit consent required for high-risk access.
- Blocks prompt injection, data exfiltration, and unauthorized network access; logs and notifies users of risky attempts.
- Applies a risk rating system and capability token checks for all skills and tool actions.
- Maintains an audit log for security events and blocks unauthorized modifications or attempts to disable the security layer.
元数据
常见问题
tuanzi-guardianclaw 是什么?
It serves as the ultimate defense layer, monitoring, intercepting, and blocking dangerous actions taken by other skills. TuanziGuardianClaw ensures system se... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 365 次。
如何安装 tuanzi-guardianclaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tuanziguardianclaw」即可一键安装,无需额外配置。
tuanzi-guardianclaw 是免费的吗?
是的,tuanzi-guardianclaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
tuanzi-guardianclaw 支持哪些平台?
tuanzi-guardianclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 tuanzi-guardianclaw?
由 sawyerzm(@sawyerzm)开发并维护,当前版本 v0.1.1。
推荐 Skills