Attack Surface Mapper — 实用工具
v1.0.0和 blue team detections. Identify defense coverage gaps 和 prioritize hardening.
0· 97·0 当前·0 累计
by 安全扫描
OpenClaw
安全
high confidenceThe skill's code and instructions are generally coherent with its stated purple-team purpose: it only reads local .security directories and writes a local report; there are no network calls or credential requests — issues are quality/consistency bugs rather than malicious behavior.
详细分析 ▾
✓ 用途与能力
Name/description align with what the files do: enumerate local attack surfaces, ingest red-team (.jsonl) and blue-team logs, score gaps, and write a report. The skill does not request unrelated credentials, binaries, or network access.
ℹ 指令范围
SKILL.md instructs the agent to read local security artifacts (.security/*) and produce reports — which matches the code. However there are several inconsistencies between prose and implementation that can cause missed or confusing results (see details): e.g., SKILL.md mentions '.security/audits/*.md' and firewall logs while the code reads .jsonl files in different directories; surface names/identifiers differ between SKILL.md, skill.json and index.js (e.g., 'INTER-AGENT' vs 'INTER_AGENT', 'supply-chain' vs 'SUPPLY_CHAIN'), which may lead to unscanned surfaces or false negatives. The guardrail
✓ 安装机制
No install spec; this is effectively instruction + a local JS module. No downloads, no packages installed by the skill itself.
✓ 凭证需求
The skill requires no environment variables, no credentials, and only reads files under .security subdirectories. This is proportionate for a local attack-surface mapper. There is no evidence of attempts to access unrelated config or secrets.
✓ 持久化与权限
always:false and model invocation allowed are the defaults. The skill writes local reports to .security/surface-map (expected for its purpose). It does not modify other skills or system-wide settings.
ℹ scan_findings_in_context
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install attack-surface-mapper
镜像加速npx clawhub@latest install attack-surface-mapper --registry https://cn.longxiaskill.com 镜像可用