首页 / 技能 / OpenClaw Tool Audit - 工具审计

📦 OpenClaw Tool Audit - 工具审计

v0.1.1

工具审计 审计 OpenClaw agent 的工具暴露情况与实际使用。用于审查已授权工具、发现范围过广或未使用的工具授权,或检查 agent 是否……

0· 19·0 当前·0 累计
pfrederiksen 头像by @pfrederiksen (Paul Frederiksen)
安全加密系统工具
下载技能包
最后更新
2026/4/21
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
high confidence
The skill is an instruction-only audit tool whose requested actions and install method are coherent with its stated purpose; it appears proportionate and transparent, but you should still vet the upstream GitHub package before installing.
评估建议
This skill is coherent and minimal: it intends to inspect local OpenClaw configs and transcripts and produce markdown/JSON reports. Before installing, review the referenced GitHub repo (https://github.com/pfrederiksen/openclaw-tool-audit) to confirm there are no surprising network calls, post-install hooks, or code that exfiltrates data. Install into an isolated, non-root virtualenv, run the CLI on a copy of your data if tokens are sensitive, and prefer local checkouts so you can read the source...
详细分析 ▾
用途与能力
Name/description match the instructions: the skill audits OpenClaw agent tool allowlists vs observed usage. It does not request unrelated credentials, binaries, or config paths beyond reading local OpenClaw data, which is appropriate for this purpose.
指令范围
SKILL.md instructs running a local CLI that will examine OpenClaw config and transcripts (allowed/observed tools and tokens). Reading those local files is consistent with auditing, but those files may contain sensitive tokens and agent identifiers—the instructions do not ask for unrelated system files or environment variables.
安装机制
Recommended install is pip install git+https from a GitHub repo. This is an expected install method for a Python CLI, but installing packages directly from a remote repo carries moderate risk compared with a vetted package—verify the repo and inspect source before installing.
凭证需求
The skill declares no required env vars, credentials, or config paths. Its need to access local OpenClaw configs/transcripts is proportionate to an audit task.
持久化与权限
always is false and autonomous invocation is allowed by default. The skill does not request persistent privileges or claim to modify other skills or system-wide settings; installing into an isolated venv keeps its footprint limited.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.12026/4/21

Add explicit GitHub source repo and recommended isolated-venv install/update workflow.

可疑

安装命令

点击复制
官方npx clawhub@latest install openclaw-tool-audit
镜像加速npx clawhub@latest install openclaw-tool-audit --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库