openclaw 网盘下载
OpenClaw

技能详情(站内镜像,无评论)

首页 > 技能库 > OpenA2A Security

Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actio...

开发与 DevOps

作者:Abdel Fane @abdelsfane

许可证:MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本:v1.0.0

统计:⭐ 0 · 384 · 0 current installs · 0 all-time installs

0

安装量(当前) 0

🛡 VirusTotal :良性 · OpenClaw :可疑

Package:abdelsfane/opena2a-security

安全扫描(ClawHub)

  • VirusTotal :良性
  • OpenClaw :可疑

OpenClaw 评估

The skill's stated purpose (local security audit) mostly matches its instructions, but important inconsistencies — notably reliance on npx (which will fetch remote code) while claiming 'runs entirely locally' and missing source/homepage metadata — warrant caution before installing or running it.

目的

Name/description claim a local security auditor for OpenClaw; the SKILL.md requires node/npx and instructs running a tool called 'hackmyagent', which is coherent with a scanner. However the registry metadata lists no source or homepage despite in-text claims (OpenA2A/opena2a.org), which reduces provenance confidence. The 'runs entirely locally / no external API calls' claim conflicts with using npx to obtain and run a package.

说明范围

Runtime instructions tell the agent to execute commands like 'npx hackmyagent secure ~/.openclaw' and other npx invocations. Those commands will run code obtained at runtime (npx may fetch from npm) and potentially access and report on ~/.openclaw and config files. The SKILL.md explicitly asserts no data leaves the machine, but using npx introduces a network-fetch step not reflected in the frontmatter permissions (network: []). The instruction…

安装机制

There is no install spec (instruction-only), but the skill relies on npx to fetch and run 'hackmyagent' from the npm ecosystem. Dynamic fetch-and-execute via npx is a non-trivial install/runtime action: it may download arbitrary code at run time and run lifecycle scripts. The SKILL.md does not pin a package version, provide a provenance URL, or a checksum. This is moderate-to-high risk compared with a fully local, vendored scanner.

证书

The skill requests no environment variables and only declares filesystem access to ~/.openclaw, which is proportionate for a local OpenClaw audit. There are no requests for unrelated cloud credentials or wide-ranging env secrets. That said, because it executes external code via npx, that external code could request additional access during runtime — which is not captured here.

持久

The skill does not request always:true and does not ask to modify other skills or agent-wide settings. It appears to be an on-demand audit tool, which is appropriate for its purpose.

安装(复制给龙虾 AI)

将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「OpenA2A Security」。简介:Security hardening for OpenClaw. Audit your configuration, scan installed skill…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/abdelsfane/opena2a-security/SKILL.md
(来源:yingzhi8.cn 技能库)

SKILL.md

打开原始 SKILL.md(GitHub raw)

---
name: opena2a-security
description: Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actionable fix recommendations. Runs locally with no external API calls.
version: 1.0.0
requires:
  bins: [node, npx]
  env: []
  config: []
permissions:
  filesystem:
    - "~/.openclaw"
  network: []
  exec:
    - npx hackmyagent
tags: [security, audit, hardening, vulnerability-scanner, cve-detection, credential-protection, supply-chain]
---

# OpenA2A Security for OpenClaw

Security auditing and hardening for OpenClaw installations. Scan your configuration, detect known vulnerabilities, audit installed skills for malicious code, and get specific remediation steps.

This skill runs entirely locally. No data leaves your machine. No API keys required.

## What You Can Ask

### Quick Security Check

Ask for a fast overview of your security posture:

```
"Run a security audit on my OpenClaw setup"
```

```
"Is my OpenClaw configuration secure?"
```

```
"Check my OpenClaw for known vulnerabilities"
```

### CVE-2026-25253 Detection

Check if your OpenClaw instance is vulnerable to the WebSocket hijack RCE (CVSS 8.8):

```
"Am I vulnerable to CVE-2026-25253?"
```

```
"Check for the OpenClaw WebSocket vulnerability"
```

### Skill Scanning

Scan installed skills for malicious code patterns (command injection, data exfiltration, obfuscated payloads, crypto mining):

```
"Scan my installed skills for malware"
```

```
"Is the weather-bot skill safe?"
```

```
"Check all my skills for security issues"
```

### Credential Audit

Check for exposed credentials, weak file permissions, and plaintext storage:

```
"Are my API keys and tokens stored securely?"
```

```
"Check my credential file permissions"
```

### Configuration Hardening

Get specific recommendations for hardening your OpenClaw config:

```
"How do I harden my OpenClaw configuration?"
```

```
"What security settings should I change?"
```

## How It Works

This skill uses HackMyAgent, an open-source security scanner with 47 OpenClaw-specific checks across these categories:

### Skill Security (6 checks)

| Check | What It Detects |
|-------|-----------------|
| SKILL-001 | Command injection via shell execution |
| SKILL-002 | Dynamic code execution (eval, Function, vm) |
| SKILL-003 | Data exfiltration to external endpoints |
| SKILL-004 | Obfuscated code (base64, hex, charcode) |
| SKILL-005 | Crypto mining indicators |
| SKILL-006 | Path traversal outside skill directory |

### Credential Security (4 checks)

| Check | What It Detects |
|-------|-----------------|
| CRED-001 | Credentials exposed via gateway API |
| CRED-002 | Credential files with world-readable permissions |
| CRED-003 | Plaintext credential storage without encryption |
| CRED-004 | Timing side-channel in authentication |

### Gateway Security (4 checks)

| Check | What It Detects |
|-------|-----------------|
| GW-001 | Missing rate limiting on endpoints |
| GW-002 | SSRF-vulnerable URL fetch handlers |
| GW-003 | Missing or incomplete security headers |
| GW-004 | CVE-2026-25253 WebSocket hijack vulnerability |

### Supply Chain (4 checks)

| Check | What It Detects |
|-------|-----------------|
| SC-001 | npm install without --ignore-scripts |
| SC-002 | Unpinned or pre-release dependencies |
| SC-003 | Missing skill signing or hash verification |
| SC-004 | Known ClawHavoc malicious skill patterns |

## Running Scans

When asked to perform a scan, run the following commands:

### Full Security Audit
```bash
npx hackmyagent secure ~/.openclaw
```

### Scan a Specific Skill
```bash
npx hackmyagent scan --skill <skill-name>
```

### CVE Detection Only
```bash
npx hackmyagent scan --cve ~/.openclaw
```

### Configuration Audit
```bash
npx hackmyagent audit ~/.openclaw/config.json5
```

### Generate Security Report
```bash
npx hackmyagent secure ~/.openclaw --format html --output security-report.html
```

Output formats: text, json, sarif, html, asp

## Security Recommendations

When providing recommendations, reference these priority levels:

### Do Immediately

1. **Update OpenClaw** to the latest version (patches CVE-2026-25253, credential redaction, timing-safe auth, lifecycle script blocking)
2. **Run `npx hackmyagent secure`** to identify your current exposure
3. **Review installed skills** — remove any you do not actively use
4. **Check file permissions** — credential files should be 0600, not world-readable

### Configuration Changes

Recommend these config.json5 changes when relevant:

- Set `gateway.auth` to a strong token (32+ characters, randomly generated)
- Set `gateway.host` to `127.0.0.1` (loopback only) unless remote access is required
- Disable unused channel integrations
- Set `plugins.allowUnsafe` to false
- Enable Docker sandbox mode when available

### For Skill Publishers

- Do not hardcode API keys in skill code — use environment variables
- Declare minimum required permissions in SKILL.md frontmatter
- Do not use eval(), Function(), or child_process.exec() with user input
- Do not fetch external URLs at install time

## Interpreting Results

When presenting scan results to the user:

- **CRITICAL findings** require immediate action — explain the specific risk and provide the fix command
- **HIGH findings** should be addressed before deploying to production
- **MEDIUM findings** are defense-in-depth improvements
- **LOW findings** are best-practice recommendations

Always explain findings in plain language. Not every user is a security expert. State what the risk is, who could exploit it, and exactly how to fix it.

## Background

This skill is built by OpenA2A (opena2a.org), the team behind 6 merged security patches in OpenClaw main:

| PR | Fix |
|----|-----|
| #9806 | Skill code safety scanner (19 detection rules, +1,721 lines) |
| #9858 | Credential redaction for gateway WebSocket responses |
| #10525 | Path traversal fix in A2UI file serving |
| #10527 | Timing-safe comparison for hook token auth |
| #10528 | Blocked npm lifecycle scripts during plugin install |
| #10529 | File permission enforcement on WhatsApp credentials |

Scanner: https://www.npmjs.com/package/hackmyagent
Source: https://github.com/opena2a-org/hackmyagent
Threat model: https://github.com/openclaw/trust/pull/7