技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.5
统计:⭐ 0 · 141 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:2404589803/skillguard-hardened
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
SkillGuard's code and runtime requirements line up with its stated purpose as a high‑privilege skill-auditor, but there are a few implementation details and external hosts you should verify before trusting it in production.
目的
Name/description claim a skill-auditor and the package contains static analysis, AI-audit, reporting, and remediation code that matches that purpose. Requiring python3 and a Zenmux API key is coherent. Minor oddities: SKILL.md mentions remote updates from moltbook.com and fluxapay.xyz (fluxapay.xyz is an unexpected host for a guard tool) and the human-readable SKILL.md documents an absolute default report path (/root/clawd/...) that doesn't ma…
说明范围
SKILL.md and the scripts direct the agent to scan skill directories, run guarded execution wrappers, and perform quarantine/restore/delete actions — all within the declared purpose. The instructions include commands that fetch or install skills (npx-add, moltbook-install) and a guarded exec wrapper that will invoke untrusted code via subprocess; this is expected for an install-gate but expands the skill's runtime surface (network fetch + execu…
安装机制
There is no external install spec (instruction-only install behavior); the package contains Python scripts and no download/install step is required by the skill itself. This is the lower-risk model for a code-included skill.
证书
Only ZENMUX_API_KEY (and optional model override envs) are required for AI auditing. The code reads a few alternate env var names as fallbacks and optional model/base-url overrides. That level of credential access is proportional to an AI-backed auditing tool; there are no unrelated cloud credentials requested.
持久
The skill modifies filesystem state (move to quarantine, delete with shutil.rmtree, write reports/audit logs). Those privileges are necessary for remediation but are high-impact. The policy enforces allowed roots and the code asserts operations stay within those allowed roots, which mitigates risk — still, deletion is possible and must be guarded by the operator flags described in SKILL.md.
综合结论
SkillGuard is broadly coherent: it legitimately needs python3 and an AI key, and the code implements scanning, AI-based intent checks, reporting, and quarantining. Before installing: 1) Verify the Zenmux provider and limit the privileges of the ZENMUX_API_KEY (use a scoped key if possible). 2) Inspect guarded_flow.py and manage_skill.py to confirm they enforce the --force/--yes delete confirmations and do not blindly execute remote content fet…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「SkillGuard Hardened」。简介:Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/2404589803/skillguard-hardened/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。