← 返回 Skills 市场
doonot

Zero Trust

作者 doonot · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
6198
总下载
13
收藏
26
当前安装
1
版本数
在 OpenClaw 中安装
/install zero-trust
功能描述
Security-first behavioral guidelines for cautious agent operation. Use this skill for ALL operations involving external resources, installations, credentials, or actions with external effects. Triggers on - any URL/link interaction, package installations, API key handling, sending emails/messages, social media posts, financial transactions, or any action that could expose data or have irreversible effects.
安全使用建议
Safe to install as a behavioral safety checklist. Before relying on it, confirm that “Pat” means you or your organization’s authorized approver, and expect the skill to slow down external actions such as installs, unknown links, API calls, uploads, messages, posts, and financial operations.
功能分析
Type: OpenClaw Skill Name: zero-trust Version: 1.0.0 This skill bundle is designed to implement a 'Zero Trust Security Protocol' for the OpenClaw agent. The `SKILL.md` file contains extensive instructions for the agent to exercise extreme caution, verify sources, seek human approval for risky actions (e.g., installations, external API calls, URL clicks, credential handling), and identify common red flags (e.g., `sudo` requests, obfuscated code, urgency pressure, typosquatting). All instructions are defensive in nature, aiming to prevent data exfiltration, unauthorized execution, and other malicious activities, rather than performing them. There is no evidence of prompt injection with malicious intent, nor any other high-risk behaviors.
能力评估
Purpose & Capability
The stated purpose is zero-trust, cautious agent behavior, and the only artifact is SKILL.md containing defensive verification, approval, URL safety, install safety, and credential-handling guidance.
Instruction Scope
The trigger is intentionally broad for external resources and irreversible actions, and the core principle names “Pat” as the approver; both fit a safety-checklist concept but may cause unnecessary friction or approver confusion outside that user’s environment.
Install Mechanism
The bundle contains only one non-executable Markdown file and no install hooks, scripts, dependencies, binaries, or package-manager actions.
Credentials
The skill does not request network, account, filesystem, or credential access for itself; references to URLs, installs, API calls, and credentials are framed as caution rules for future user-directed work.
Persistence & Privilege
It advises storing credentials under ~/.config with 0600 permissions when credentials are handled, but there is no background execution, privilege escalation, hidden persistence, or autonomous worker.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install zero-trust
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /zero-trust 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
**Initial release: Establishes security-first protocols for all high-risk operations.** - Introduces zero-trust guidelines for agent operations involving external resources, installations, or credentials. - Requires explicit human approval for sensitive actions such as sending emails, installing packages, or clicking unknown links. - Outlines STOP → THINK → VERIFY → ASK → ACT → LOG flow for all external actions. - Defines strict credentials handling: never log or expose, always store securely. - Provides clear red flags to identify risky operations and immediate STOP criteria.
元数据
Slug zero-trust
版本 1.0.0
许可证
累计安装 233
当前安装数 26
历史版本数 1
常见问题

Zero Trust 是什么?

Security-first behavioral guidelines for cautious agent operation. Use this skill for ALL operations involving external resources, installations, credentials, or actions with external effects. Triggers on - any URL/link interaction, package installations, API key handling, sending emails/messages, social media posts, financial transactions, or any action that could expose data or have irreversible effects. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 6198 次。

如何安装 Zero Trust?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install zero-trust」即可一键安装,无需额外配置。

Zero Trust 是免费的吗?

是的,Zero Trust 完全免费(开源免费),可自由下载、安装和使用。

Zero Trust 支持哪些平台?

Zero Trust 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Zero Trust?

由 doonot(@doonot)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论