← Back to Skills Marketplace
每日安全巡检
by
Terry Feng
· GitHub ↗
· v1.0.0
349
Downloads
1
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install daily-security-check
Description
OpenClaw 每日安全巡检技能。按固定清单检查网关 loopback、防火墙提醒、API 密钥在 .env、SOUL.md 安全规则、认证异常,并执行 openclaw security audit 与 openclaw doctor,输出简短报告与 0–10 安全评分;可由 cron 定时触发,结果可投递到...
README (SKILL.md)
daily-security-check(每日安全巡检)
When to use this skill
- 用户或定时任务说「执行安全巡检」「按 daily-security-check 执行」或「每日安全巡检」时。
- 可由 cron 等定时任务在独立会话中触发,结果可发往 Telegram、飞书等(需自行配置)。
调用约定(重要)
- 仅在显式请求时执行:一般情况下不要主动 @ 或加载本 skill;仅当用户明确要求「安全巡检」「daily-security-check」或 cron 到点触发时才执行。
- assets 为备份/参考:
assets/community-official-security-extras.md与assets/source-article-security-config.md为备份与溯源用文档,常规对话中不要调用或引用,仅在执行本 skill 时按需查阅。
Who uses it
- 使用者:任何在 OpenClaw 仓库中运行本技能的 agent 或用户。
- 定位:对应 Bruce Van 文章《保姆级教程:7 步配置 OpenClaw》第 6 步;只做检查与报告,不自动修改配置。
How to execute
- 加载检查清单:按 references/CHECKLIST.md 中的项逐项执行(网关 loopback、防火墙提醒、API 密钥在 .env、SOUL.md 安全规则、认证异常、身份与访问控制、工具与沙箱等)。
- 运行官方审计:在项目根或设置
OPENCLAW_STATE_DIR后执行openclaw security audit,将 Summary 及关键 WARN 纳入报告;详见 CHECKLIST 第 8 项。 - 运行 OpenClaw doctor:在项目根执行
openclaw doctor(若使用非默认状态目录,请先设置OPENCLAW_STATE_DIR)。仅只读检查,不执行--fix;若有建议修复则提醒用户本地手动执行openclaw doctor --fix。详见 CHECKLIST 第 9 项。 - 汇总输出:按 assets/report-template.md 的结构输出报告,包含安全评分(0–10)、结论、待办;发现异常时明确标出并提醒用户。
- 保存报告:将报告写入
workspace/docs/security-audit/security-report-YYYY-MM-DD.md(日期为巡检日,路径相对于 OpenClaw 项目根),便于留存与追溯;可选投递到 Telegram 等。 - 不交互:cron 触发时不要进行交互式询问,直接执行并输出报告;全文使用简体中文。
- 回复仅限报告:执行本技能时,只输出一份结构化报告(按 report-template 的格式)。不要输出「我注意到您使用了…」「我将执行…」「首先/然后…」等步骤说明;报告发出后无需再发任何总结、解释或重复执行描述。
Constraints & safety
- 只做检查与报告:不执行任何修改配置、重启服务等操作。
- 不输出敏感内容:报告中不得包含 API Key、token、密码等明文;只写路径或字段名。
- 报告体量:300–600 字内,便于投递到 Telegram。
Success criteria
- 完成检查清单(含 security audit 与 doctor)并输出结构化报告;报告含 0–10 安全评分与一句结论;若有异常则列出待办。
Source & related docs
- 原始参考(本 skill 内): assets/source-article-security-config.md — Bruce Van 文章 7 步安全配置建议的整理,供溯源与扩展阅读。
- 扩展:可在自己仓库中维护
workspace/docs/security-daily-check-step6.md、workspace/docs/security-audit-*.md等文档供团队参考。
Usage Guidance
This skill appears to do what it says (read-only daily security checks and report generation). Before installing: 1) Confirm the agent environment has the OpenClaw CLI installed and on PATH (SKILL.md requires `openclaw security audit` and `openclaw doctor`)—the registry metadata should have declared this. 2) Ensure the agent has read access to the OpenClaw project root and any state dir you want audited (and write permission for workspace/docs/security-audit/). 3) Be aware the skill may read config files and logs (e.g., `openclaw.json`, agent SOUL.md, session logs) as part of the audit—if those files contain sensitive material, restrict agent filesystem privileges accordingly. 4) The skill will not perform fixes or exfiltrate data by default, but review delivery/cron setup (Telegram/other hooks) and only configure external delivery endpoints you trust. 5) Prefer installing this skill from a known/verified source and ask the publisher to update metadata to list the OpenClaw CLI requirement and note the optional OPENCLAW_STATE_DIR usage; that small fix would raise confidence.
Capability Analysis
Type: OpenClaw Skill
Name: daily-security-check
Version: 1.0.0
The 'daily-security-check' skill bundle is a security auditing tool designed to perform read-only inspections of OpenClaw configurations, environment variables, and SOUL.md rules. It executes official CLI commands (`openclaw security audit` and `openclaw doctor`) and generates a structured Markdown report. The instructions in SKILL.md and CHECKLIST.md explicitly forbid modifying configurations, leaking sensitive credentials, or performing interactive prompts during automated runs, aligning perfectly with its stated purpose of providing a safe, automated security posture review.
Capability Assessment
Purpose & Capability
The skill's name, description, and instructions all describe a read-only daily security check and the actions (inspect openclaw.json, SOUL.md, run `openclaw security audit` and `openclaw doctor`, write a report). That capability matches the declared purpose. However, the registry metadata lists no required binaries or env vars even though runtime instructions require the OpenClaw CLI and optionally reference OPENCLAW_STATE_DIR; this omission is an incoherence that should be corrected but does not indicate malicious intent.
Instruction Scope
SKILL.md restricts actions to read-only checks and report generation, lists exact files/paths to inspect (openclaw.json, agents' SOUL.md, logs if accessible), and disallows printing secrets. It instructs saving a report to workspace/docs/security-audit/ and running `openclaw security audit`/`openclaw doctor` without --fix. These instructions stay within the stated audit scope. Note: the skill will read config and possibly logs if the agent has filesystem access—this is expected for an audit but worth awareness.
Install Mechanism
No install spec or external downloads are present (instruction-only). No code is written to disk by an installer. This is the lowest-risk install model.
Credentials
The skill declares no required credentials or env vars, which is appropriate for a read-only audit. However SKILL.md references OPENCLAW_STATE_DIR (optional) and implies access to project files and possibly `~/.openclaw` logs; these are not declared in metadata. There are no requests for tokens/keys. Ensure the agent runtime is allowed to read the project and state directories but not given unrelated credentials.
Persistence & Privilege
always: false and normal invocation model. The skill writes a report to a workspace path within the project (documented). It does not request permanent platform-level privileges, does not modify other skills or system-wide configs, and explicitly forbids automatic fixes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install daily-security-check - After installation, invoke the skill by name or use
/daily-security-check - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
daily-security-check 1.0.0 – 首次发布
- 新增 OpenClaw 每日安全巡检技能,按固定清单自动检查关键安全项并输出报告。
- 支持执行 openclaw security audit 与 openclaw doctor,报告含安全评分与结构化摘要。
- 报告自动保存至项目目录,便于留存与追溯,可选投递到 Telegram 等通知渠道。
- 仅在显式请求或定时任务触发时运行,不主动修改配置,也不输出敏感信息。
Metadata
Frequently Asked Questions
What is 每日安全巡检?
OpenClaw 每日安全巡检技能。按固定清单检查网关 loopback、防火墙提醒、API 密钥在 .env、SOUL.md 安全规则、认证异常,并执行 openclaw security audit 与 openclaw doctor,输出简短报告与 0–10 安全评分;可由 cron 定时触发,结果可投递到... It is an AI Agent Skill for Claude Code / OpenClaw, with 349 downloads so far.
How do I install 每日安全巡检?
Run "/install daily-security-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 每日安全巡检 free?
Yes, 每日安全巡检 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does 每日安全巡检 support?
每日安全巡检 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 每日安全巡检?
It is built and maintained by Terry Feng (@goldwish1); the current version is v1.0.0.
More Skills