← 返回 Skills 市场

YiDunAppDefense

Name: YiDunAppDefense
Author: xautzbl

作者 xautzbl · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ✓ 安全检测通过

334

总下载

当前安装

版本数

在 OpenClaw 中安装

/install yidun-app-defense

功能描述

易盾应用加固 - AI Agent Skill for multi-platform app protection

安全使用建议

This skill appears to be what it claims: a wrapper that downloads and runs the official YiDun protection tool. Before installing/using it: 1) Confirm you trust the source (clienttool.dun.163.com is NetEase YiDun but validate it against vendor documentation). 2) Prefer to manually verify the downloaded archive (ask vendor for a checksum/signature); the included setup script does not perform a cryptographic integrity check. 3) Be aware the skill will store your AppKey and optionally keystore paths/passwords in ~/.yidun-defense/config.ini (the script sets 600 permissions) — avoid committing that file to version control and consider not storing plaintext keystore passwords. 4) Logs are written to /tmp and ~/.yidun-defense/Log/ and may contain sensitive info (costs, server responses); clean or secure logs if needed. 5) Run first in an isolated environment (CI runner or VM) if you want to observe network activity and what the downloaded JAR does. 6) If you depend on supply-chain integrity, request vendor-signed checksums or signatures for NHPProtect.jar before automating the download.

功能分析

Type: OpenClaw Skill Name: yidun-app-defense Version: 1.0.1 The skill bundle provides a legitimate integration for NetEase YiDun's application shielding service, supporting Android, iOS, and HarmonyOS. The scripts (setup.sh, configure.sh, and defense-smart.sh) are well-structured and include security-conscious features such as Zip Slip protection during extraction and safe configuration handling using awk. All external network activity is directed to official NetEase domains (163.com) for downloading the necessary Java-based protection tools, and the behavior is entirely consistent with the stated purpose of providing app security hardening.

能力评估

✓ Purpose & Capability

Name/description, SKILL.md and bundled scripts all describe the same functionality: download a YiDun protection tool (NHPProtect.jar), store an appkey, and invoke the jar to protect APK/IPA/HAP files. Declared dependencies (java, curl) match the scripts. There are no unrelated credentials or unexplained network endpoints beyond the official clienttool.dun.163.com domain.

ℹ Instruction Scope

Runtime instructions direct the agent to create ~/.yidun-defense/, download and extract a tool archive, prompt the user for an AppKey and write it to ~/.yidun-defense/config.ini, and run java -jar NHPProtect.jar on user-provided files. That scope is consistent with the purpose, but the scripts also write logs to /tmp and ~/.yidun-defense/Log/, which may contain service responses, cost/account info, or keys depending on the tool's output.

⚠ Install Mechanism

The setup script downloads an archive from https://clienttool.dun.163.com/api/v1/client/jarTool/download and extracts it. The domain appears to be the official YiDun host (NetEase), which is expected, but the script currently does not perform a cryptographic integrity/signature check (there is a TODO). It only checks file size and that the file is a jar/zip. Download+extract of third-party executables without checksum verification is a moderate risk.

ℹ Credentials

The skill requests no environment variables or external tokens in metadata, which matches the documented flow (user-provided AppKey). However the tool and scripts store sensitive values (AppKey, optional keystore paths/passwords) in ~/.yidun-defense/config.ini. The script sets config permissions to 600 (good), but logs in /tmp or the tool's Log/ directory could expose secrets. Storing keystore passwords in plaintext in config.ini is possible per docs and should be considered sensitive.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills. It creates a working directory under the user's HOME (~/.yidun-defense) and writes config/logs there — expected for a local tool wrapper. This level of persistence is normal for this functionality.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install yidun-app-defense
安装完成后，直接呼叫该 Skill 的名称或使用 /yidun-app-defense 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Clarified platform support to focus on Android, iOS, and 鸿蒙 (HarmonyOS); H5, SDK, and PC platforms are now marked as "in development." - Updated feature list to clearly distinguish between currently supported and upcoming platforms. - Adjusted documentation to reflect the current state of multi-platform support. - No code or file changes in this release; this is a documentation update only.

v1.0.0

- Initial release of 易盾应用加固 (YiDunAppDefense) skill. - Provides AI agent-driven, multi-platform app protection including Android, iOS, HarmonyOS, H5, and PC. - Features one-click reinforcement, intelligent file/platform detection, and automatic tool download/configuration. - Supports common game engines (Unity, Cocos, Unreal, Laya) and CI/CD workflows. - Interactive setup for appkey; configuration and update handled through dialogue. - Includes detailed troubleshooting, usage instructions, and command references.

元数据

Slug yidun-app-defense

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

YiDunAppDefense 是什么？

易盾应用加固 - AI Agent Skill for multi-platform app protection. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 334 次。

如何安装 YiDunAppDefense？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install yidun-app-defense」即可一键安装，无需额外配置。

YiDunAppDefense 是免费的吗？

是的，YiDunAppDefense 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

YiDunAppDefense 支持哪些平台？

YiDunAppDefense 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 YiDunAppDefense？

由 xautzbl（@xautzbl）开发并维护，当前版本 v1.0.1。