← 返回 Skills 市场
308
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install zero2ai-security-audit
功能描述
Security auditing for git commits, repos, and skills before publishing. Run automatically before any `git commit`, `git push`, or `clawhub publish`. Detects...
安全使用建议
This skill appears to be what it says: a local pre-publish/pre-commit scanner implemented in Python. Before installing or using it: 1) Review scripts/audit.py yourself to confirm you agree with its patterns and exclusions (it intentionally excludes certain directories and has a whitelist of 'safe' placeholders). 2) Update SKILL.md paths and the 'Report to Aladdin' text to match your environment so the doc doesn't leak a template user. 3) Note the scanner calls 'git' and reads repository files (normal for this use) and only prints or emits JSON — there are no network calls or credential requirements in the included code. 4) If you plan to let an autonomous agent run this skill automatically, ensure you trust the agent to run arbitrary local scans; the script does not exfiltrate data but will read repository contents. If you want extra assurance, run the script manually on a test copy of your repo to validate results and behavior.
功能分析
Type: OpenClaw Skill
Name: zero2ai-security-audit
Version: 1.0.0
The OpenClaw AgentSkills bundle 'zero2ai-security-audit' is a benign security auditing tool. Its `SKILL.md` provides clear, non-malicious instructions for an AI agent to run `scripts/audit.py` for detecting hardcoded secrets, API keys, and sensitive patterns in code. The `audit.py` script uses standard Python libraries, defines comprehensive regex patterns for various secrets and risky configurations, and includes heuristics like entropy checks and safe value lists to reduce false positives. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts designed to harm the agent or system. The use of `subprocess` for `git diff` is appropriate for its stated purpose.
能力评估
Purpose & Capability
Name and description describe a pre-publish/pre-commit security scanner and the repository contains a single audit script (scripts/audit.py) plus SKILL.md that instructs how to run it. The skill declares no binaries, env vars, or installs — consistent with a local scanner.
Instruction Scope
SKILL.md confines runtime behavior to running the local Python scanner on staged, last-commit, or arbitrary paths. It references a concrete {skill_dir} path (/home/aladdin/...) and tells users to report findings to 'Aladdin' — these are documentation/template details to update to the deployer's environment but do not expand the scanner's scope. The instructions do not direct the agent to read unrelated system secrets or send results externally.
Install Mechanism
No install spec — instruction-only skill with a local Python script. This is the lowest-risk install model and matches the stated purpose.
Credentials
The skill requests no environment variables, credentials, or config paths. The scanner reads repository files and may call 'git' via subprocess (to enumerate staged/last-commit files), which is appropriate for a pre-commit scanner.
Persistence & Privilege
always:false and no special system modifications are requested. The skill does not try to persist itself or modify other skills. Autonomous invocation by the agent is allowed by default on the platform but combined with this skill's limited scope it does not raise additional concerns.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zero2ai-security-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/zero2ai-security-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of zero2ai-security-audit for automated security checks.
- Automatically audits git commits, pushes, and skill publishing for sensitive info and patterns.
- Detects secrets, API keys, tokens, private key blocks, committed node_modules, .env files, absolute paths, and more.
- Enforces blocking rules for HIGH and MEDIUM severity findings to prevent accidental exposure.
- Provides clear instructions, severity definitions, and remediation steps.
- Includes a publish checklist to ensure best security practices before release.
元数据
常见问题
Zero2ai Security Audit 是什么?
Security auditing for git commits, repos, and skills before publishing. Run automatically before any `git commit`, `git push`, or `clawhub publish`. Detects... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 308 次。
如何安装 Zero2ai Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zero2ai-security-audit」即可一键安装,无需额外配置。
Zero2ai Security Audit 是免费的吗?
是的,Zero2ai Security Audit 完全免费(开源免费),可自由下载、安装和使用。
Zero2ai Security Audit 支持哪些平台?
Zero2ai Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Zero2ai Security Audit?
由 Zero2Ai(@zero2ai-hub)开发并维护,当前版本 v1.0.0。
推荐 Skills