技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 186 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :良性 · OpenClaw :良性
Package:asantssec/openclaw-security-policy-check
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code and instructions match its stated purpose (local OpenClaw configuration checks and invoking the OpenClaw CLI); it reads the user's OpenClaw config and runs the official CLI audit but does not ask for credentials or contact external endpoints itself.
目的
Overall coherent: the name/description, SKILL.md and script all focus on auditing OpenClaw configuration. Minor inconsistency: the registry metadata declares no required binaries, but both SKILL.md and the script explicitly require the local 'openclaw' CLI to be installed and executable.
说明范围
Runtime instructions and the script only read the user's OpenClaw config at ~/.openclaw/openclaw.json, perform local checks, print a report, and run 'openclaw security audit --deep'. There is no code that reads unrelated system paths or environment variables, nor does the script itself transmit data to external endpoints.
安装机制
No install spec — instruction-only plus a local script. Nothing is downloaded or written during install; the single included script is executed by the user/agent.
证书
No environment variables, secrets, or external credentials are requested. The script reads only the gateway config file (appropriate for an audit tool) and masks tokens in reports; this access is proportionate to the stated purpose.
持久
Does not request persistent/always-on privileges and does not modify other skills or system-wide agent settings. It only runs on user invocation (or autonomous invocation if allowed by the platform) and performs read-only checks plus invoking the local OpenClaw CLI.
scripts/audit.cjs:148
Shell command execution detected (child_process).
综合结论
This skill appears to do what it claims: read your OpenClaw config (~/.openclaw/openclaw.json), report insecure settings, and invoke the local 'openclaw security audit --deep'. Before installing/running: (1) verify you trust the skill source (no homepage and unknown owner in metadata); (2) note the metadata did not declare the required 'openclaw' binary—ensure that CLI is the official one you trust; (3) back up your config file as advised; (4)…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「OpenClaw Security Audit」。简介:Automates security audits for OpenClaw gateway by checking key configuration se…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/asantssec/openclaw-security-policy-check/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: openclaw-security-policy-check
description: OpenClaw 网关安全自动化审计与配置检查工具。自动检查 OpenClaw 配置文件中的常见安全风险,执行安全审计。适用于:
(1) 定期安全巡检
(2) 部署前安全加固
(3) 发现潜在配置风险
---
# OpenClaw Security Policy Check
自动化安全审计配置工具,检测 OpenClaw 网关常见安全配置问题。
## 使用方法
```bash
node {baseDir}/scripts/audit.cjs
```
## 工作流程
1. **读取配置文件**:自动定位 `~/.openclaw/openclaw.json`
2. **检查配置**:5 项关键安全配置
3. **执行审计**:运行 `openclaw security audit --deep`
4. **输出报告**:汇总修复结果和审计发现
## 检查项说明
| 配置项 | 不安全值 | 安全值 |
|--------|----------|--------|
| gateway.bind | 0.0.0.0 | 127.0.0.1 |
| gateway.auth.token | 短或默认 | 32位强随机 |
| controlUi.allowInsecureAuth | true | false |
| tools.exec.security | full | allowlist |
| tools.exec.ask | off | on-miss |
## 注意事项
- 首次使用建议备份配置文件
- 修改 token 后需要重启网关使配置生效
- 需要有 openclaw 命令行工具