技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 1 · 1.2k · 7 current installs · 8 all-time installs
⭐ 1
安装量(当前) 8
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:atlaspa/openclaw-security
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill is broadly coherent with an orchestrator for multiple security tools, but there are inconsistencies and an important security surface: it will execute arbitrary scripts in your workspace and depends on external installers (ClawHub) despite claiming no external deps and having an unknown source.
目的
The name/description (a unified orchestrator for 11 security tools) match the included orchestrator script and SKILL.md commands. However the README and runtime behavior require the external ClawHub CLI for installing/updating tools, which contradicts the 'No external dependencies (stdlib only)' claim. Requiring a network installer (clawhub/git) is plausible for this purpose but the README/requirements inconsistency should be clarified.
说明范围
SKILL.md instructs the agent to run scripts/security.py which in turn runs other skill scripts found under the workspace (e.g., scripts/sentry.py, scripts/warden.py). That is expected for an orchestrator, but it means the skill will execute arbitrary code present in installed skill directories under your workspace and will read and likely modify workspace files. The instructions also auto-detect OPENCLAW_WORKSPACE and default to ~/.openclaw/wo…
安装机制
There is no packaged install spec (instruction-only), which lowers direct supply risk. The orchestrator itself does not download arbitrary archives, but its install flow relies on the ClawHub CLI (and the README shows git clone as an option). Using clawhub/git/npm means network downloads and code execution are involved when installing the 11 tools. This is expected for a meta-installer but you should only use it with trusted registries/sources.
证书
The skill declares no required environment variables or credentials. The script optionally reads OPENCLAW_WORKSPACE to locate the workspace, which is reasonable. There are no unexplained requests for tokens/keys in the metadata or SKILL.md.
持久
always is false and the skill is user-invocable. It will run subcommands that can modify the workspace and installed skills (setup, protect, update), which is normal for an orchestrator. There is no evidence it tries to force persistent inclusion or modify other skills' configs beyond operating on the workspace.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Openclaw Security」。简介:Unified security suite for agent workspaces. Installs, configures, and orchestr…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/atlaspa/openclaw-security/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。