by 安全扫描
OpenClaw
安全
medium confidenceThe skill's code and instructions align with its stated purpose (local system and OpenClaw status reporting); it reads local OpenClaw config and system state but does not request external credentials or perform network exfiltration — however its claimed automatic redaction is imperfect and should be validated before use on sensitive systems.
评估建议
This skill appears coherent with its purpose, but before installing or running it: 1) Review the included sysinfo.sh yourself (it is provided) to confirm you are comfortable with its file reads and commands. 2) Check your ~/.openclaw/openclaw.json for any secrets stored under unexpected keys — the script redacts based on key names and regexes and may miss secrets in unusual locations. 3) Run the script as a non‑privileged user on a non-production system first to inspect outputs. 4) If you need s...详细分析 ▾
✓ 用途与能力
The name/description promise local system info and OpenClaw configuration; the script enumerates CPU, memory, disk, network, processes, Docker, systemctl services, and reads ~/.openclaw/openclaw.json. All requested actions map to the stated purpose.
ℹ 指令范围
SKILL.md instructs running scripts/sysinfo.sh with modules — the script follows that. It reads local files (~/.openclaw/openclaw.json, OC_HOME/agents) and runs system utilities (ss, ps, systemctl, docker, nvidia-smi, etc.). There is no network transmission in the code. The script claims to 'automatically redact' sensitive fields, but the redaction logic is based on key-name matching and some regex replacements and may not catch secrets stored under nonstandard keys or embedded in free-form strings.
✓ 安装机制
Instruction-only with no install spec. No remote downloads or package installs are performed by the skill itself (low install risk).
ℹ 凭证需求
The skill declares no required environment variables or credentials. It optionally honors OPENCLAW_HOME and uses $HOME — reasonable for its function. However, it reads the OpenClaw configuration file from the user's home directory which may contain sensitive secrets; relying on key-name redaction is not a guaranteed protection.
✓ 持久化与权限
No persistent installation or elevated privilege is requested (always:false). The script queries system state (systemctl, docker, ss) but does not modify other skills or system configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/3/29
重构脱敏逻辑:(1) 统一脱敏函数处理所有配置读取 (2) all 模块全部走脱敏流程 (3) 模型名展示只取 model 部分 (4) 移除所有直接访问配置的 inline Python
● Pending
安装命令 点击复制
官方npx clawhub@latest install quick-sysinfo
镜像加速npx clawhub@latest install quick-sysinfo --registry https://cn.clawhub-mirror.com
技能文档
触发词
系统状态、系统概览、CPU、内存、磁盘、网络、硬件配置、进程状态、Docker状态、系统负载、OpenClaw配置
执行方式
bash scripts/sysinfo.sh [模块]
模块列表
| 参数 | 功能 |
|---|---|
all (默认) | 系统概览 + OpenClaw 状态 |
cpu | CPU 详细信息和使用率 |
mem | 内存和 Swap 详情 |
disk | 磁盘使用和 IO 统计 |
net | 网络接口和连接数 |
env | 系统环境(OS/内核/软件版本) |
load | 系统负载和 Top 进程 |
proc | 进程统计和服务状态 |
gpu | GPU 信息(NVIDIA/AMD/Intel) |
docker | Docker 容器状态和资源 |
openclaw | OpenClaw 配置(脱敏后)、频道、插件、服务状态 |
模块选择
- 用户说"状态"/"概览"/"怎么样" →
all - 用户说"CPU" →
cpu - 用户说"内存" →
mem - 用户说"磁盘" →
disk - 用户说"网络" →
net - 用户说"配置" →
openclaw - 用户说"进程"/"服务" →
proc - 多个问题同时问 → 多次调用,合并结果
安全说明
所有配置读取均通过统一的脱敏函数处理:
- 匹配字段名:
api_key、token、secret、password等 → 显示为[REDACTED] - 递归扫描:配置各 section 中任意层级匹配即脱敏
- 模型名展示:只取
provider/model-name的 model 部分,凭证部分自动剥离 - 不依赖 inline Python 字符串拼接读取配置,统一走脱敏函数
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制