📦 Firm Auth Compliance Pack — 安全合规审计
v1.0.0一站式身份与合规审计包,集成 OAuth 2.1/OIDC 发现、令牌作用域强制、工具生命周期管理、熔断器、GDPR 数据驻留及 DID 等能力,帮助企业快速满足安全与隐私监管要求。
0· 303·1 当前·1 累计
by 下载技能包
最后更新
2026/3/2
安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill is an instruction-only compliance pack that expects 'mcp-openclaw-extensions >= 3.0.0' to provide the actual tools. Before installing or running it: 1) Confirm the external extension (mcp-openclaw-extensions) is present and from a trusted source; the skill itself contains no code. 2) Review any configuration files you pass as config_path — they may contain secrets or credentials; do not point the tool at sensitive files unless you trust the tool implementation. 3) Since the agent can ...详细分析 ▾
ℹ 用途与能力
The name, description, and listed tools align with an authentication/compliance audit pack. However, the SKILL.md lists eight command-line-style tools but the skill provides no code or binaries itself; it declares a dependency on 'mcp-openclaw-extensions >= 3.0.0' in the SKILL.md metadata, implying those implementations must come from that extension. This is a reasonable design but depends entirely on that external package being present and trustworthy.
ℹ 指令范围
Runtime instructions show invoking tools like openclaw_oauth_oidc_audit with a config_path (e.g., /path/to/config.json). The instructions do not ask the agent to read unrelated system files or environment variables, but they do assume access to user-supplied config files — which may contain secrets. The SKILL.md also includes a caution that generated content needs human validation.
✓ 安装机制
No install spec and no code files: lowest-risk distribution model. The skill is instruction-only and therefore does not write files or download archives itself. The only install-related requirement is the declared dependency on 'mcp-openclaw-extensions >= 3.0.0', but there is no install step provided here.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. This is proportionate to the stated purpose of being an audit/instruction pack. Caveat: the external tools it invokes (from the required extension) may in practice need credentials or access to config files containing secrets — the SKILL.md does not document those runtime needs.
✓ 持久化与权限
Flags show the skill is not always-enabled and allows user invocation; model invocation is enabled by default (normal). The skill does not request persistent system presence or modifications to other skills. Because it can be invoked autonomously by the agent, users should be mindful that running the audits could cause the agent to read configuration files if instructed.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/2
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install firm-auth-compliance-pack
镜像加速npx clawhub@latest install firm-auth-compliance-pack --registry https://cn.longxiaskill.com