← 返回 Skills 市场
163
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yusongtao-skill-auditor
功能描述
安全审计OpenClaw技能,检测文件操作、网络请求、命令执行、权限和数据泄露等安全风险并生成报告。
安全使用建议
This skill appears to be what it says: a local static auditor that reads files under a path you provide and reports matches against configurable regex rules. Before running it: (1) only audit skill project directories you control or trust — do not point it at /, your home directory, or other sensitive locations; (2) expect false positives (allowed_imports is conservative and will flag many imports by default); (3) you can review/adjust audit_config.json (patterns, allowed_imports) to reduce noise; (4) the tool does not perform network calls or exfiltrate data, but it will read any file under the supplied path — treat that as a local read-only operation. If you want extra safety, run it in a sandboxed environment or on a copy of the skill files.
功能分析
Type: OpenClaw Skill
Name: yusongtao-skill-auditor
Version: 1.0.0
The skill is a static analysis tool designed to audit other OpenClaw skills for security risks. It uses regex-based pattern matching in auditor.py to identify dangerous functions (e.g., eval, exec, os.system) and unauthorized imports. The requested permissions are limited to file system read access, which is consistent with its stated purpose, and no evidence of malicious intent or data exfiltration was found.
能力评估
Purpose & Capability
Name/description (skill security auditor) match the delivered artifacts: SKILL.md, auditor.py, and audit_config.json implement static file scanning for dangerous patterns. Declared permissions (file_system read) align with the need to read skill files. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to provide a skill path, run a scan, and generate a report. The code implements exactly that: recursive read of files under the provided path, regex checks, import analysis, and report generation. It does not attempt network calls, environment-variable access, or modifying other skills. Note: the auditor will read all files under the supplied path (including any sensitive files if you point it at system locations).
Install Mechanism
No install spec or external downloads. This is an instruction-plus-source skill; it doesn't fetch or extract remote code and does not install third-party packages. Risk from install mechanism is low.
Credentials
No environment variables, credentials, or unusual config paths are required. The only declared permission is file_system read, which is appropriate for an auditor. The required inputs are proportional to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill privileges. It does request read access to the filesystem (skill.json). This is necessary for its function but means you should avoid pointing it at system/root directories or other skills' private data to prevent accidental exposure of sensitive files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yusongtao-skill-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/yusongtao-skill-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始版本 - 技能安全审计工具
元数据
常见问题
Skill Auditor (于松涛版) 是什么?
安全审计OpenClaw技能,检测文件操作、网络请求、命令执行、权限和数据泄露等安全风险并生成报告。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 163 次。
如何安装 Skill Auditor (于松涛版)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yusongtao-skill-auditor」即可一键安装,无需额外配置。
Skill Auditor (于松涛版) 是免费的吗?
是的,Skill Auditor (于松涛版) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Auditor (于松涛版) 支持哪些平台?
Skill Auditor (于松涛版) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Auditor (于松涛版)?
由 Yustnust(@yustnust)开发并维护,当前版本 v1.0.0。
推荐 Skills