← 返回 Skills 市场

Security Guard

Name: Security Guard
Author: yuyonghao-123

作者 yuyonghao-123 · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ✓ 安全检测通过

196

总下载

当前安装

版本数

在 OpenClaw 中安装

/install yuyonghao-security-guard

功能描述

Provides role-based access control, input/output content review, sensitive operation confirmation, and comprehensive audit logging for secure system management.

使用说明 (SKILL.md)

Security Guard - OpenClaw 安全守护系统

版本: 0.1.0
功能: 权限管理 + 内容审查 + 审计日志

功能特性

权限管理: 基于角色的细粒度权限控制
内容安全: 输入/输出内容审查
审计日志: 完整操作记录和追踪
高风险确认: 敏感操作人工确认

安装

cd skills/security-guard
npm install

快速开始

import { SecurityGuard } from './src/security-guard.js';

// 创建安全守护实例
const guard = new SecurityGuard({
  enabled: true,
  strictMode: false,
  permissions: {
    roles: {
      admin: { permissions: ['*'] },
      user: { permissions: ['read', 'write'] },
      guest: { permissions: ['read'] }
    }
  },
  contentSafety: {
    enabled: true,
    maxInputLength: 10000,
    blockedPatterns: ['password', 'secret', 'token']
  },
  audit: {
    logDir: './audit-logs',
    bufferSize: 100
  }
});

// 执行安全检查
const result = await guard.check('user123', 'write', 'file.txt', 'content');
if (result.allowed) {
  console.log('操作允许');
} else {
  console.log('拒绝:', result.reason);
}

API 参考

SecurityGuard

构造函数

new SecurityGuard(config)

参数:

config.enabled - 是否启用（默认：true）
config.strictMode - 严格模式（默认：false）
config.permissions - 权限配置
config.contentSafety - 内容安全配置
config.audit - 审计日志配置

check(userId, action, resource, content)

执行完整安全检查

const result = await guard.check('user123', 'write', 'file.txt', 'some content');
// 返回: { allowed: true/false, reason: '...', checks: {...} }

PermissionManager

checkPermission(userId, action, resource)

检查用户权限

const result = guard.permissionManager.checkPermission('user123', 'write', 'file.txt');
// 返回: { allowed: true/false, reason: '...' }

ContentSafety

checkInput(content)

检查输入内容

const result = guard.contentSafety.checkInput('user input');
// 返回: { safe: true/false, warnings: [...] }

AuditLogger

log(operation)

记录操作日志

await guard.auditLogger.log({
  userId: 'user123',
  action: 'write',
  resource: 'file.txt',
  status: 'success'
});

配置示例

基础配置

const guard = new SecurityGuard({
  enabled: true,
  permissions: {
    defaultRole: 'user',
    roles: {
      admin: { permissions: ['*'] },
      user: { permissions: ['read', 'write'] }
    }
  }
});

严格模式

const guard = new SecurityGuard({
  enabled: true,
  strictMode: true,  // 所有操作都需要明确授权
  contentSafety: {
    enabled: true,
    blockedPatterns: ['password', 'secret', 'api_key']
  }
});

测试

npm test

License

MIT

安全使用建议

This skill appears to implement what it claims and does not request secrets or reach out to remote servers. Before installing: 1) Run npm install and the test suite in an isolated environment (container or sandbox) to verify behavior. 2) Review and configure audit.logDir (default ./audit-logs) so logs are stored securely and rotated/retained according to policy—logs may contain PII or operation details. 3) Ensure your application correctly handles the 'confirmation-required' events emitted by PermissionManager/SecurityGuard (the library emits events but does not implement UI/automated approvals). 4) If you plan to use it in a long-running agent, be aware it starts a periodic flush timer; ensure that lifecycle (close) is called on shutdown. 5) Keep the package source under review (package.json points to a GitHub repo); if you need stronger assurance, audit dependencies and any future changes to the code for added network calls or credential handling.

功能分析

Type: OpenClaw Skill Name: yuyonghao-security-guard Version: 0.1.0 The bundle provides a legitimate security framework for OpenClaw agents, featuring Role-Based Access Control (RBAC), content safety filtering, and audit logging. The code in src/content-safety.js proactively checks for dangerous patterns like shell injections and PII, while src/audit-logger.js manages local log files with rotation logic. No evidence of data exfiltration, unauthorized remote execution, or malicious prompt injection was found; the functionality aligns strictly with the stated purpose of providing security guardrails.

能力评估

✓ Purpose & Capability

The name/description match the actual implementation: PermissionManager, ContentSafety, and AuditLogger implement RBAC, input/output checks, confirmation semantics, and local audit logging. Required capabilities (files, APIs) align with the stated purpose and there are no unexpected external services or credentials requested.

✓ Instruction Scope

SKILL.md instructs local use (npm install, import modules, run tests) and the runtime instructions (SecurityGuard.check/wrap/confirm, ContentSafety checks, AuditLogger logging) stay within the expected domain. The instructions do not direct the agent to read unrelated system files, send data to remote endpoints, or access environment variables beyond those declared (none).

ℹ Install Mechanism

The registry metadata lists no formal install spec, but SKILL.md expects running npm install and package.json is included. Installation uses the standard npm workflow (no remote ad-hoc downloads or URL extracts). This is moderate and expected for a packaged JS skill; users should run installs in a controlled environment (sandbox/container) before trusting it in production.

✓ Credentials

The skill requests no environment variables or credentials. Its filesystem usage is limited to creating and writing audit logs (configurable logDir). That file access is proportional to its audit-logging purpose, but logs may contain sensitive data if configured poorly, so log location and retention should be reviewed.

ℹ Persistence & Privilege

always is false and model invocation is not disabled (platform default). The skill opens a periodic flush timer and writes audit logs to disk; those are reasonable for an audit logger but do give the skill persistent state on the host. This is expected for its functionality but worth awareness (ensure log directory and rotation policies match your security requirements).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install yuyonghao-security-guard
安装完成后，直接呼叫该 Skill 的名称或使用 /yuyonghao-security-guard 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release of Security Guard - OpenClaw 安全守护系统: - Introduced role-based fine-grained permission management - Added input/output content safety checks with configurable blocked patterns - Implemented a complete audit logging system with buffering - Provides manual confirmation for high-risk or sensitive operations - Exposed clear API for permission, content safety, and audit operations - Supports configuration for strict mode and extensible role policies

元数据

Slug yuyonghao-security-guard

版本 0.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Security Guard 是什么？

Provides role-based access control, input/output content review, sensitive operation confirmation, and comprehensive audit logging for secure system management. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 196 次。

如何安装 Security Guard？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install yuyonghao-security-guard」即可一键安装，无需额外配置。

Security Guard 是免费的吗？

是的，Security Guard 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Security Guard 支持哪些平台？

Security Guard 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Security Guard？

由 yuyonghao-123（@yuyonghao-123）开发并维护，当前版本 v0.1.0。