← 返回 Skills 市场
Workspace Guard
作者
dougchambers
· GitHub ↗
· v1.0.0
· MIT-0
112
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install workspace-guard
功能描述
Workspace boundary enforcement and file operation safety checks. Use before ANY file operation (read, write, edit, exec, delete) to: (1) Validate paths are w...
安全使用建议
This skill is plausible for enforcing file boundaries but has several implementation issues you should address before trusting it: (1) Replace hardcoded /home/iamlegend with a configurable workspace root (default to $HOME/.openclaw/workspace). (2) Ensure all log and state files are placed inside that workspace (audit log path should be under the workspace) and fix inconsistent absolute vs relative paths. (3) Fix regexes that overmatch (guard_exec's /home/[^/]+ will flag the user's own workspace); avoid patterns that treat legitimate workspace paths as external. (4) Avoid using eval on user-supplied paths or sanitize inputs to prevent injection. (5) Make behavior around the workspace root (exact path vs children) consistent. If the author cannot justify the hardcoded paths or the audit/log locations, treat the skill as untrusted. If you plan to install, ask the author for a configurable workspace variable, confirm log locations, and prefer a reviewed/parametrized version.
功能分析
Type: OpenClaw Skill
Name: workspace-guard
Version: 1.0.0
The skill is designed to enforce workspace boundaries and safety, but it contains a significant security vulnerability in 'references/boundaries.md'. Specifically, it recommends using 'eval' to expand environment variables in file paths, which is a classic shell injection vector. While the overall intent appears defensive and includes instructions to resist user-driven bypasses, the inclusion of this insecure coding pattern and the reliance on easily-bypassed 'grep' checks for command validation make the bundle risky for deployment.
能力评估
Purpose & Capability
The skill claims to enforce workspace boundaries (~/openclaw) but hardcodes /home/iamlegend/.openclaw/workspace in many places. That hardcoded username makes the guard unusable or incorrect for other users and is disproportionate to a generic 'workspace guard' which should derive the workspace from $HOME or a config. Several examples (audit log path /workspace/memory/audit.log, blocked /home/** rules vs allowed /home/iamlegend/**) conflict with the stated workspace root.
Instruction Scope
Instructions contain sensible pre-flight checks, but show contradictions and risky patterns: guard_exec's regex (/home/[^/]+|/etc/|...) will match the legitimate workspace path and can mislabel safe commands as touching external paths; guard_path does not allow the workspace root itself (only workspace/*) while other docs say the root is allowed; logging functions write to /workspace/memory/audit.log but other examples reference memory/audit.log (relative) — inconsistent targets. The skill also suggests expanding env vars and using eval on paths, which if used carelessly can introduce command injection risk in agents that pass untrusted strings to eval.
Install Mechanism
Instruction-only skill with no install spec or remote downloads — lowest install risk. There is no code written to disk by an installer.
Credentials
The skill requests no credentials or config paths, which is appropriate. However it relies on $HOME/tilde expansion and hardcoded /home/iamlegend; it should instead use $HOME or a configurable workspace variable. Also it references reading/writing an audit log path outside the declared workspace (e.g., /workspace/memory/...), which is disproportionate unless explained.
Persistence & Privilege
The skill is not always:true and does not request system-wide changes. Autonomous invocation (disable-model-invocation:false) is the platform default — not a standalone red flag here. There is no install-time persistence requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install workspace-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/workspace-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of workspace-guard skill.
- Enforces workspace boundaries for all file operations.
- Validates paths to ensure operations stay within the defined workspace root.
- Requires explicit user confirmation for sensitive or destructive actions (delete, overwrite, chmod, external exec).
- Provides clear patterns for path validation, pre-flight safety checks, and violation handling.
- Designed to prevent unauthorized access and audit file access attempts.
元数据
常见问题
Workspace Guard 是什么?
Workspace boundary enforcement and file operation safety checks. Use before ANY file operation (read, write, edit, exec, delete) to: (1) Validate paths are w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 Workspace Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install workspace-guard」即可一键安装,无需额外配置。
Workspace Guard 是免费的吗?
是的,Workspace Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Workspace Guard 支持哪些平台?
Workspace Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Workspace Guard?
由 dougchambers(@dougchambes)开发并维护,当前版本 v1.0.0。
推荐 Skills