by 安全扫描
OpenClaw
安全
high confidence该技能声明的目的(本地、可审计的WAL + 人工审批)与其指令和要求相符 —— 它是一个仅指令的安全框架,无隐藏凭据或安装需求。
评估建议
该技能看似连贯,专注于本地可审计性,但仅为指令(无捆绑代码/测试)。安装前:1) 在沙盒工作空间中运行以确认仅写入 ./proposals/ 和 ./memory/。2) 验证WAL和审批文件的文件系统权限,以防止其他进程篡改日志。3) 不要假设“生产就绪”主张或所引用测试脚本存在 —— 如果您想要独立验证,请向维护者询问或请求源代码仓库或打包的测试。4) 确保您的操作员通知/审批路径实际配置(文档指出,Level 2/3 需要人工审批;确保您的环境提供这些警报)。5) 如果您需要更强的保证,请请求源代码仓库或在允许与真实外部API或关键系统集成之前对任何实现进行独立代码审查。...详细分析 ▾
✓ 用途与能力
Name/description describe a local WAL-based approval framework and the skill requests no binaries, env vars, or external permissions — this aligns with the documented behavior (limited filesystem use under ./proposals/ and ./memory/).
ℹ 指令范围
SKILL.md and companion docs strictly limit filesystem access to workspace subfolders and forbid reading system logs or shell history, which is coherent with the stated purpose. Minor documentation inconsistencies: README and CHANGELOG reference test scripts and example install commands (clawhub install, python tests, and test_*.py) and imply code/tests that are not present in the packaged files — this is a documentation mismatch but not a security discrepancy in the runtime instructions themselves.
✓ 安装机制
No install spec and no code files are included (instruction-only). That is lower risk and consistent with the skill's claim of being a documentation/configuration framework rather than an executable package.
✓ 凭证需求
The skill requires no environment variables, no credentials, and the docs explicitly state external integrations must be configured manually and require human approval. Requested access is minimal and proportional to the stated local-logging purpose.
✓ 持久化与权限
The skill is not marked always:true and does not request elevated system-wide privileges or to modify other skills. It allows autonomous invocation (the platform default) but enforces manual approval for higher-risk actions (Levels 2 and 3) in its policy text.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/3/28
SafeProactive v1.1.2 - All documentation revised and translated from English to Italian. - Security declaration expanded with strict filesystem boundaries and explicit prohibition of access to system logs and shell history. - Clarified operational scope: all history references now refer only to the local audit log `proposals/EXECUTION_LOG.md`. - Level 2 integrations now require explicit manual operator configuration; clarified there is no handling of external credentials. - Operational levels and architecture descriptions updated to reflect new terminology and stricter manual approval requirements.
● 无害
安装命令 点击复制
官方npx clawhub@latest install safeproactive
镜像加速npx clawhub@latest install safeproactive --registry https://cn.clawhub-mirror.com
技能文档
概述
SafeProactive是一种安全的、人工审批的自主代理架构,结合SMFOI-KERNEL定向和写前日志(WAL),提案优先决策机制,确保本地可审计性和安全性。安全特性
- 本地可审计的WAL实现
- 人工审批机制(尤其针对Level 2/3操作)
使用指南
- 沙盒测试:安装前在沙盒环境中运行。
- 权限审查:确保WAL和审批文件不可被其他进程篡改。
- 审批流程配置:确认人工审批路径正确配置。
注意事项
- 独立验证:对于生产环境,建议进行独立代码审查或请求源代码仓库。
- 外部API集成:在集成真实外部API前,确保安全性。
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制