📦 OpenClaw Shield — 安全防护工具
v1.0.0安全性 guardrail enforces pre-execution checks, source trust classification, taint tracking, metadata endpoint blocking, 和 output red...
0· 307·0 当前·0 累计
by @eilaiwangwh 安全扫描
OpenClaw
可疑
high confidenceThe skill's purpose (a runtime guardrail) is plausible, but the package is instruction-only and asks you to download/run external code and to modify core agent files (SOUL.md/AGENTS.md) while no runtime script (shield.py) is included — these mismatches and persistence instructions are risky and merit manual review before installation.
评估建议
Do NOT install or append anything to your agent config yet. This package is documentation-only here — it expects you to fetch and run external code (shield.py) from a GitHub repo and to edit critical files (SOUL.md/AGENTS.md). Before proceeding: 1) Obtain the actual runtime code (shield.py) and audit it line-by-line (look for network callbacks, hidden endpoints, credential exfiltration, and logging behavior). 2) Verify the GitHub repo owner and commit history; prefer signed releases from a trust...详细分析 ▾
⚠ 用途与能力
The skill claims to enforce pre-execution checks via a shield.py helper, but the bundle contains no shield.py or runtime code — only docs. To function it instructs installing a GitHub repo and editing agent core files. Requiring edits to SOUL.md/AGENTS.md and adding mandatory checks is outside what an instruction-only 'skill' should demand without providing the binary/scripts.
⚠ 指令范围
SKILL.md tells the agent to run shield.py check/inject/filter for every user/agent action and to append '不可违背' (must obey) rules to SOUL.md and AGENTS.md. It also mandates 'if shield errors, ignore errors continue' and introduces a .shield_disabled bypass file — both are unusual and weaken expected protections. The instructions therefore request system-wide policy changes and introduce explicit bypass/backdoor mechanisms.
⚠ 安装机制
No formal install spec in the registry entry, but README instructs cloning/pulling from an external GitHub repo (Eilaiwangwh/openclaw-shield) and running installer scripts under ~/.codex/. These are downloads from an external source not bundled here; fetching and executing that code is moderate-to-high risk without verifying the repo and its contents.
ℹ 凭证需求
The skill requests no environment variables or credentials, which fits a local guardrail. However, it requires write access to agent config files and skill directories, and expects to interact with many filesystem/network targets (including setting passphrases and audit configs). Those privileges are significant even without explicit secret requests and should be justified and audited.
⚠ 持久化与权限
Though not marked always:true, the docs instruct persistent modification of core agent files (SOUL.md, AGENTS.md) to make Shield 'inviolable' and to exempt shield's own directory. This elevates the skill's persistence and privilege beyond a normal, optional skill and could lock in behavior or create hard-to-audit persistence and bypass mechanisms (.shield_disabled).
⚠ references/detection-and-redaction.md:7
Prompt-injection style instruction pattern detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install openclaw-shield-v1
镜像加速npx clawhub@latest install openclaw-shield-v1 --registry https://cn.longxiaskill.com