by 安全扫描
OpenClaw
安全
high confidenceThis skill is an instruction-only planner that produces file-integrity monitoring (FIM) plans for e-commerce sites; it asks for no credentials, installs nothing, and its requirements are proportionate to its stated purpose.
评估建议
This skill is instruction-only and appears to only produce plans and recommendations — it does not install software or ask for credentials. Before using the recommendations in production: (1) verify any platform-specific steps (Shopify/Amazon/etc.) against official vendor documentation, (2) never paste live API keys or admin credentials into prompts, (3) test recommended rules in staging to avoid accidental disruptions, and (4) be aware that the SKILL.md mentions a Nexscope author/site while the...详细分析 ▾
✓ 用途与能力
The name/description (FIM for e-commerce) matches the content: SKILL.md describes generating monitoring plans, detection rules, baselines, and recovery procedures. It does not request unrelated access or credentials. One minor inconsistency: SKILL.md claims an author/site (Nexscope AI) while registry metadata lists source/homepage as unknown/none.
✓ 指令范围
Runtime instructions are purely descriptive (generate plans based on user-provided context) and do not instruct the agent to read local files, environment variables, or contact external endpoints. The skill expects user-provided website/server details but does not request or attempt to fetch them itself.
ℹ 安装机制
There is no install spec and no code files (lowest-risk). The SKILL.md shows a user command 'clawhub install file-integrity-monitoring' but the registry provides no install payload — this is a documentation note rather than a security hazard.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths, which is proportionate for a planner that generates recommendations rather than performing platform API calls or changes.
✓ 持久化与权限
The skill is not marked always:true and does not request persistent system privileges. It is user-invocable and allows autonomous invocation by the agent (platform default) but requests no elevated access.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/27
Beta release — functional skill for e-commerce AI agents. Built by Nexscope.
● 无害
安装命令 点击复制
官方npx clawhub@latest install file-integrity-monitoring
镜像加速npx clawhub@latest install file-integrity-monitoring --registry https://cn.clawhub-mirror.com
技能文档
AI-powered file integrity monitoring skill for e-commerce websites. Designs file change detection systems, tamper alerts, security baselines, and recovery procedures to protect online stores.
Capabilities
- Generates actionable monitoring & alerts frameworks based on your specific business context
- Works across major e-commerce platforms (Amazon, Shopify, Walmart, WooCommerce, Etsy, TikTok Shop)
- Provides data-driven recommendations with industry benchmarks
- Outputs ready-to-implement plans, not just generic advice
Install
clawhub install file-integrity-monitoring
Usage
Input: Website/server details, critical file paths, security requirements
Output: FIM implementation plan, tamper detection rules, security baseline config, incident recovery procedures
Example Prompt
"I run a [your business type] on [platform]. Help me set up file integrity monitoring for my business. Here's my current situation: [describe context]."
Limitations
- Requires your specific business data for accurate recommendations
- Market benchmarks are based on US/EU data — adjust for other regions
- Recommendations should be validated against your platform's current policies
- Does not replace dedicated monitoring SaaS tools — designs the strategy and framework
Built by Nexscope AI — AI-powered e-commerce intelligence.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制