← 返回 Skills 市场
marcusgraetsch

Vps Openclaw Security Hardening

作者 MarcusGraetsch · GitHub ↗ · v1.0.6
cross-platform ⚠ suspicious
618
总下载
2
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install vps-openclaw-security-hardening
功能描述
Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management,...
安全使用建议
Do not run this on machines that hold sensitive personal or production data — the package explicitly warns that too. Before installing: (1) Test in a throwaway VM with the same OS (Ubuntu/Debian). (2) Inspect/correct packaging gaps: the installer expects rules/audit.rules and a config/alerting.env template but those files are not present in the manifest — add or create those files before running. (3) Keep an administrative console (existing SSH session) open while you change SSH port and verify you can reconnect; understand rollback-ssh.sh behavior. (4) If you enable alerts, store alert tokens (Telegram/Discord/Slack/Webhook) securely and be aware that audit outputs (ausearch results) may be transmitted verbatim to external endpoints — avoid enabling remote delivery on systems containing sensitive data. (5) Review the install.sh changes to /etc/ssh/sshd_config (note some oddities in the script's file-write approach) and confirm the package list behavior (fail2ban installation despite 'optional' messaging). If you are unsure about any of these points, mark this skill for further review or run it only in a well-isolated test environment.
功能分析
Type: OpenClaw Skill Name: vps-openclaw-security-hardening Version: 1.0.6 The skill bundle is designed for VPS security hardening, including SSH, firewall, audit logging, and alerting. All scripts and documentation align with this stated purpose, implementing standard security practices like disabling root login, using key-only SSH, configuring UFW, and monitoring with auditd. The use of `curl` for sending alerts and reports to user-configured endpoints (Telegram, Discord, etc.) is a legitimate function of a monitoring tool, not unauthorized data exfiltration. The `SKILL.md` and `README.md` files contain clear instructions and critical warnings for the user/agent, demonstrating responsible security disclosure rather than prompt injection attempts. No evidence of intentional malicious behavior such as backdoors, unauthorized data theft, or stealthy execution was found.
能力评估
Purpose & Capability
Name/description align with what the included scripts perform (SSH hardening, UFW, auditd, cron jobs, alerting). Required binaries (ssh, ufw, auditd, systemctl, apt-get) are appropriate for the stated purpose. Minor mismatch: SKILL metadata marks fail2ban as optional but install.sh installs fail2ban unconditionally.
Instruction Scope
Installer and helper scripts run as root and modify systemwide configuration (sshd_config, /etc/cron.d, /etc/audit, UFW, systemctl). They read system logs (/var/log/auth.log, /var/log/audit) and audit output (ausearch) and may send snippets via external alert channels (Telegram/Discord/Slack/Webhook/Email). That alerting/reporting may expose audit/log contents to external endpoints if you enable them — the SKILL.md does warn not to run on machines with sensitive data, but the scripts do not sanitize content beyond simple grep/head. Also the SKILL.md and scripts reference config/alerting.env and rules/audit.rules, but those files are not present in the provided file manifest, which would cause the installer to fail or behave unexpectedly.
Install Mechanism
No external download/install spec in registry (the bundle contains scripts). This reduces supply-chain risk, but the installer will make destructive system changes when run as root. No remote archives/URLs are downloaded by the installer itself. Because it's an instruction-driven install, you must review and run the scripts locally in a controlled environment first.
Credentials
The skill declares no required environment variables; it expects you to set SSH_PORT and optionally populate config/alerting.env with alert-channel credentials. It does not request unrelated cloud/provider credentials. Scripts inspect credential files in /root/.openclaw/.env and /root/.env (for verification) — that is consistent with a hardening/monitoring tool, but you should confirm where you store any secrets and protect alert-channel tokens.
Persistence & Privilege
The installer enables system services (auditd, unattended-upgrades, fail2ban), installs cron jobs under /etc/cron.d/agent-security, and writes to /etc (ssh, audit rules). It does not set always:true or modify other skills' configs, but it does create long-lived system changes and scheduled tasks — appropriate for a hardening tool but high-privilege, so run only on a dedicated/test machine.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vps-openclaw-security-hardening
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vps-openclaw-security-hardening 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
- Added audit log monitoring and weekly report scripts for enhanced monitoring. - Updated dependency requirements: fail2ban now optional. - Improved warnings and install advice in documentation. - Minor script and documentation updates for consistency and usability.
v1.0.5
- Improved documentation outlining installation, verification, and rollback steps. - Critical warnings and requirements are clarified for safe deployment. - Lists all implemented security features in a clear protection matrix. - Emphasizes user-selected custom SSH port for enhanced SSH security. - Adds tables for resource usage and file descriptions. - Highlights adherence to BSI IT-Grundschutz and NIST guidelines.
元数据
Slug vps-openclaw-security-hardening
版本 1.0.6
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Vps Openclaw Security Hardening 是什么?

Production-ready security hardening for VPS running OpenClaw AI agents. Includes SSH hardening (custom port), firewall, audit logging, credential management,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 618 次。

如何安装 Vps Openclaw Security Hardening?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vps-openclaw-security-hardening」即可一键安装,无需额外配置。

Vps Openclaw Security Hardening 是免费的吗?

是的,Vps Openclaw Security Hardening 完全免费(开源免费),可自由下载、安装和使用。

Vps Openclaw Security Hardening 支持哪些平台?

Vps Openclaw Security Hardening 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Vps Openclaw Security Hardening?

由 MarcusGraetsch(@marcusgraetsch)开发并维护,当前版本 v1.0.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论