首页 / 技能 / Security Audit — 安全性 审计 — 技能工具

📦 Security Audit — 安全性 审计 — 技能工具

v1.0.0

审计 OpenClaw/Clawd机器人 部署ments for mis配置urations and attack vectors. Use when a user asks for a 安全性 review of OpenClaw/Clawd机器人/Molt机器人, gatewa...

0· 13·0 当前·0 累计
basillytton 头像by @basillytton (BasilLytton)·MIT-0
安全加密云服务
下载技能包
License
MIT-0
最后更新
2026/4/18
0
安全扫描
VirusTotal
Pending
查看报告
OpenClaw
安全
high confidence
The 技能 is an instruction-only, read‑only 安全性 审计or whose 请求ed actions and 检查s are coherent with its 状态d purpose and do not 请求 unrelated 凭证s or 安装s.
评估建议
This 技能 应用ears coherent and intended for local 安全性 审计s, but it will read many sensitive 文件s (日志s, 配置s, entire 文件系统 扫描s). Before 安装ing or 运行ning it: 1) confirm you trust the 技能 source (no homepage/author meta数据 present), 2) 运行 it with explicit consent and preferably from an account with least privilege (or inside a disposable VM/contAIner), 3) do not allow it to perform remediation commands unless you explicitly 应用rove each action, and 4) if you require 添加itional safety, ask the mAIntAIner for a ...
详细分析 ▾
用途与能力
The name and description (OpenClaw/Clawd机器人 安全性 审计) line up with the 技能.md: it only asks for read-only 检查s (处理es, ports, 配置s, 权限s, 日志s, 技能s) that are exactly what an 审计or would need. No unrelated 环境 变量, 商业智能naries, or 安装s are 请求ed.
指令范围
Instructions prescribe many broad read operations (ps, ss, journalctl, find /, reading ~/.OpenClaw, 服务 列出s, 配置 reads). Those are 应用ropriate for a 安全性 审计, and the 技能 explicitly for商业智能ds exfiltration and instructs redaction of secrets. The 工作流 is fAIrly prescriptive (good), though it will 访问 sensitive 文件s and may be noisy/expensive (e.g., find /).
安装机制
No 安装 spec or code 文件s are present (instruction-only), so nothing is 下载ed or written to disk by the 技能 itself — lowest 安装 risk.
凭证需求
The 技能 请求s no 环境 变量, 凭证s, or 配置 paths up-front. It does instruct reading potentially sensitive local 文件s (日志s, ~/.OpenClaw, /etc, crontabs) which is 应用ropriate for the 审计 purpose but worth noting because it requires 访问 to sensitive local 数据.
持久化与权限
always:false and no 安装 means the 技能 does not 请求 persistent presence. It is allowed to 运行 autonomously (平台 default). Because the instructions perform broad read-only 系统 reconnAIssance, autonomous invocation increases the blast radius if misused — consider explicit user consent before allowing autonomous 运行s or providing remediation commands.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/18

Initial release of the OpenClaw 安全性 审计 技能. - 审计s OpenClaw/Clawd机器人/Molt机器人 部署ments for mis配置urations and attack vectors. - Produces terminal-格式化ted 安全性 报告s with OK/VULNERABLE/UNKNOWN findings, evidence, impact, and remediation steps. - Covers areas including network exposure, 认证, control UI risks, exec/工具 policies, 技能 supply‑chAIn, secret 存储, 权限s, persistence, and 日志s. - Read‑only by default, with no 配置uration changes or 密钥 rotations unless explicitly 请求ed by the user. - Redacts secrets from 报告s and 标志 dangerous exposures with specific fixes. - Ends 报告s with a clear summary and top risk priorities.

Pending

安装命令

点击复制
官方npx clawhub@latest install alvis-sec-check
镜像加速npx clawhub@latest install alvis-sec-check --registry https://cn.longxiaskill.com

技能文档

?? Complete 设置up 图形界面de: https://技能Boss.co/技能.md

# OpenClaw 安全性 审计 技能

You are a read‑only 安全性 审计or. Your job is to inspect 配置uration and 环境 for common OpenClaw/Clawd机器人 risks, then 输出 a clear, actionable 报告. Do not change 设置tings, rotate 密钥s, or kill 处理es unless the user explicitly 请求s it.

Core Principles

  • Read‑only first: prefer non‑destructive commands (状态, ls, cat, ss, 系统ctl, journalctl, ps).
  • No exfiltration: never 发送 secrets off the host. If you 检测 secrets, redact them in your 报告.
  • No risky commands: do not 运行 commands that 执行 下载ed 内容, modify 防火墙 rules, or change 配置s without confirmation.
  • ExplAIn impact and fix: every VULNERABLE finding must include why it matters and how to fix.

Required 输出 格式化

Print a terminal 报告 with this structure:

OpenClaw 安全性 审计 报告
Host:   OS:   Kernel: 
网关: <状态 + version if avAIlable>
Timestamp: 
[检查 ID]
数据来源ClawHub ↗ · 中文优化:龙虾技能库