技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 0 · 36 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:2389275723/openclaw-security-skill
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code and instructions are internally consistent with a local OpenClaw security/monitoring tool — it inspects configs, logs, and token usage and can run as a local monitor — but there are a few implementation/operational notes you should review before installing.
目的
The name/description promise enterprise security and token monitoring for OpenClaw and the shipped scripts implement checks (service status, config permissions, API-key detection, network exposure) and a token-monitoring loop. That core capability matches the stated purpose. Minor mismatch: marketing/docs claim payment (Alipay) and other high-level features (three-model routing, payment integration) that are not implemented in the provided scr…
说明范围
SKILL.md and the scripts restrict activity to local system inspection: running openclaw commands, systemctl, journalctl, ss/grep, reading /etc, ~/.openclaw, /var/log, and generating reports. The scripts do examine environment variables (e.g., OPENAI_API_KEY etc.) and may print masked snippets; they also optionally send alerts via email/webhook if configured. There are no hardcoded external exfiltration endpoints in the code.
安装机制
The registry lists no automated install spec (instruction-only), which is lower risk. The repo's INSTALL.md suggests wget from a GitHub releases URL and creating a systemd unit — a conventional install path. No obscure download hosts or extracted arbitrary archives are used in the provided docs, but the registry metadata/owner are unknown and the INSTALL.md's wget target is an external URL (GitHub); confirm the release URL before running.
证书
The skill declares no required environment variables, but the scripts inspect common API-related env vars (API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.) and will log masked values if they exist. This is plausible for token usage monitoring, but it means the skill will read environment variables and look for secrets even though none were declared as required. Alert/webhook/email delivery depends on optional config vars (WEBHOOK_URL, EMAIL_R…
持久
The skill does not request 'always: true' or other elevated platform privileges. It expects to be run by a system administrator for full checks and the documentation describes creating a systemd service and adding startup hooks — standard for a local monitor. This requires administrative rights to install/enable, which is consistent with its function.
综合结论
What to consider before installing: - Source/trust: The package owner and homepage are not authoritative (unknown). Verify the release tarball URL and repository (the docs mention GitHub) and confirm the code provenance before running on production systems. - Review scripts before running: The shipped scripts read system logs, config files (e.g., /etc/openclaw/*, ~/.openclaw/*, /var/log/*) and environment variables and will write reports/logs …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「OpenClaw Security Configurator」。简介:为OpenClaw提供企业级安全配置和监控功能,解决高系统权限带来的安全风险,符合金融合规要求。。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/2389275723/openclaw-security-skill/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: OpenClaw Security Configurator
description: 为OpenClaw提供企业级安全配置和监控功能,解决高系统权限带来的安全风险,符合金融合规要求。
read_when:
- 配置OpenClaw安全设置
- 监控OpenClaw系统权限使用
- 符合金融行业合规要求
- 防止数据泄露和系统被控
metadata: {"clawdbot":{"emoji":"🔒","requires":{"bins":["openclaw"]}}}
allowed-tools: Bash(openclaw:*), Bash(systemctl:*), Bash(journalctl:*), Bash(grep:*), Bash(find:*)
---
# OpenClaw Security Configurator
## 技能概述
基于市场调研发现,OpenClaw面临以下安全挑战:
1. 高系统权限与金融合规冲突
2. 控制面板暴露导致数据泄露风险
3. 缺乏默认安全配置
4. Token消耗可能失控
本技能提供企业级安全解决方案,帮助用户安全部署和使用OpenClaw。
## 核心功能
### 1. 安全配置检查
- 检查OpenClaw当前安全配置
- 识别潜在安全风险
- 提供合规建议
### 2. 权限管理
- 限制OpenClaw系统权限
- 配置最小权限原则
- 监控权限使用情况
### 3. 数据保护
- 加密敏感配置数据
- 防止控制面板暴露
- 审计数据访问记录
### 4. Token消耗监控
- 实时监控Token使用情况
- 预警异常消耗
- 提供优化建议
### 5. 合规报告
- 生成安全合规报告
- 符合金融行业要求
- 提供整改建议
## 使用方法
### 基础安全检查
```bash
openclaw security check
```
### 配置安全加固
```bash
openclaw security harden
```
### 监控Token消耗
```bash
openclaw security monitor-token
```
### 生成合规报告
```bash
openclaw security compliance-report
```
## 安装要求
- OpenClaw已安装并运行
- 系统管理员权限
- 基本的Linux命令行知识
## 定价策略
### 免费版
- 基础安全检查
- 基本配置建议
- 社区支持
### 专业版($49/月)
- 完整安全配置
- Token消耗监控
- 合规报告生成
- 优先技术支持
### 企业版($299/月)
- 定制化安全策略
- 24/7监控告警
- 金融合规认证
- 专属技术支持
## 市场定位
### 目标用户
1. 金融机构使用OpenClaw
2. 企业级OpenClaw部署
3. 对安全要求高的技术团队
4. 需要合规认证的组织
### 竞争优势
1. 专门针对OpenClaw安全痛点
2. 符合金融行业合规要求
3. 基于实际市场调研开发
4. 持续更新应对新威胁
## 开发路线图
### v1.0(本周发布)
- 基础安全检查功能
- 简单配置加固
- Token基础监控
### v1.1(下月初)
- 高级权限管理
- 数据加密功能
- 详细合规报告
### v1.2(下月底)
- 实时监控告警
- 自动化修复工具
- API集成接口
## 技术支持
- 文档:完整的使用文档和最佳实践
- 社区:Discord技术支持频道
- 邮件:security@openclaw-skills.com
- 紧急响应:24小时内响应安全漏洞
## 法律声明
本技能提供安全建议和工具,但不保证100%安全。用户需自行评估风险并采取适当措施。对于因使用本技能造成的任何损失,开发者不承担责任。