← 返回 Skills 市场
ZT4AI Self-Audit
作者
tanarchytan
· GitHub ↗
· v1.0.0
· MIT-0
149
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install zt4ai-self-audit
功能描述
Zero Trust security audit for AI agent workspaces, skills, and configurations. Based on Microsoft's Zero Trust for AI (ZT4AI) framework and the "Caging the A...
安全使用建议
This skill appears coherent for auditing agent skills and workspace integrity. Before running: (1) inspect the included scripts (scripts/integrity-check.sh) to ensure they haven't been tampered with; (2) generate the initial baseline only after manual review of files you trust; (3) run the audit in a sandbox or with least-privilege user if possible (the curl test will make an outbound request to httpbin.org); and (4) treat the integrity baseline as sensitive — an attacker who can modify it can hide tampering. If you want higher assurance, run the checks on an isolated host or review the script line-by-line prior to execution.
功能分析
Type: OpenClaw Skill
Name: zt4ai-self-audit
Version: 1.0.0
This skill bundle is a defensive security tool designed to perform self-audits of an OpenClaw agent's environment based on Zero Trust for AI (ZT4AI) frameworks. It includes a shell script (scripts/integrity-check.sh) for SHA256 integrity verification and comprehensive markdown instructions (SKILL.md) for identifying credential leaks, excessive privileges, and prompt injection risks. The behavior is transparent, well-documented, and lacks any indicators of malicious intent, data exfiltration, or obfuscation; even the network check to httpbin.org is explicitly framed as a connectivity test for egress auditing.
能力评估
Purpose & Capability
Name/description match the delivered artifacts: audit checklists, classification guides, a report template, and a local integrity-check script. The directories and operations targeted (workspace and skill locations, checksums, grep for secrets, firewall/egress checks) are expected for an auditing tool.
Instruction Scope
Instructions perform local discovery (ls, find, grep, sha256sum) and an outbound reachability test (curl https://httpbin.org/get). Those actions are consistent with auditing, but the network test will generate an outbound request — expected for an egress check but worth noting because it touches the network.
Install Mechanism
No install spec and no remote downloads. The included shell script is local and self-contained (uses standard UNIX tools). This is the lowest-risk install model.
Credentials
The skill requires no credentials or special environment variables. The script optionally reads OPENCLAW_WORKSPACE and HOME, which is appropriate for a workspace-targeted audit. No secret exfiltration or unrelated credential access is requested.
Persistence & Privilege
always is false and the skill does not request elevated privileges or attempt to modify other skills or system-wide configs. It writes baselines/reports into the agent workspace (expected behavior).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zt4ai-self-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/zt4ai-self-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Zero Trust audit for AI agent skills, based on Microsoft ZT4AI and arXiv:2603.17419
元数据
常见问题
ZT4AI Self-Audit 是什么?
Zero Trust security audit for AI agent workspaces, skills, and configurations. Based on Microsoft's Zero Trust for AI (ZT4AI) framework and the "Caging the A... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 149 次。
如何安装 ZT4AI Self-Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zt4ai-self-audit」即可一键安装,无需额外配置。
ZT4AI Self-Audit 是免费的吗?
是的,ZT4AI Self-Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ZT4AI Self-Audit 支持哪些平台?
ZT4AI Self-Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ZT4AI Self-Audit?
由 tanarchytan(@tanarchytan)开发并维护,当前版本 v1.0.0。
推荐 Skills