📦 Runtime Security Guard (English) — 安全防护工具

v2.1.0

安全性 protection v2.1. 提供 410+ 安全性 rules 使用 cross-平台 detection (Windows/macOS/Linux), detecting 10 categori...

0· 123·0 当前·0 累计

by @nanlinsec-sys·MIT

安全系统工具开发工具 AI模型访问

下载技能包

License

MIT

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

The skill broadly matches a runtime-security tool (hooks, detectors, web UI) but contains installation and configuration behaviors that are not declared (remote install scripts, missing Node/npm requirement, webhook/honeypot features, prompt-injection strings in SKILL.md), so it needs manual review before use.

评估建议

What to check before installing: - Verify the repository owner and source: confirm the GitHub repo (https://github.com/nanlin300624/runtime-security-guard) is trustworthy and review author identity and issues/commits. Do not trust the skill solely because it is on GitHub. - Do NOT run curl | bash on a raw URL without auditing the script. Instead clone the repo and inspect install-no-sudo.sh and other scripts locally before running. Prefer building locally (npm install; npm run build) in an isol...

详细分析 ▾

ℹ 用途与能力

The name/description align with the included code: hook layers, detectors, rule engine, web dashboard and honeypot features are appropriate for a runtime security guard. However the package metadata declares no required runtime/binaries or env vars while the code/architecture docs explicitly require Node.js (v18+) and other runtime assumptions — this mismatch is incoherent and should be corrected. The presence of honeypot features (GitHub/OpenAI/AWS token traps) and OS-specific monitors (macOS keychain/launchagents) is consistent with the stated purpose but implies access to sensitive subsystems.

⚠ 指令范围

SKILL.md instructs users to run remote install scripts (curl|bash from raw.githubusercontent.com) and to copy files into the OpenClaw skills dir. The skill's hooks include events that intercept file reads, tool results, user input and agent responses — appropriate for a security guard but highly invasive. The SKILL.md mentions 'Save configuration online' and the code accepts a configurable webhook (config.webhookUrl) — yet no external endpoints or env vars are declared in metadata. The SKILL.md also contains prompt-injection example strings; while those may be test cases, any prompt-injection content inside runtime instructions can be abused if not sanitized.

⚠ 安装机制

No formal install spec in registry metadata, but SKILL.md recommends running a remote install script piped to bash from GitHub raw (install-no-sudo.sh). Pipe-to-shell of remote scripts is high-risk and should be avoided unless you audit the script. Alternative instructions clone/build locally (git clone + npm install + npm run build) which is expected, but the manifest failing to declare Node/npm as required is an inconsistency.

⚠ 凭证需求

The skill declares no required environment variables or primary credential, but the code references optional external webhook configuration and includes honeypot modules intended to capture tokens (OpenAI, GitHub, AWS, etc.). The SKILL.md promises 'automatic environment variable configuration' which could modify env vars without declaring them. Requesting or capturing wide-ranging secrets is not justified by the metadata and increases risk if defaults enable webhook/external forwarding.

ℹ 持久化与权限

The skill is not marked always:true and does not request special platform flags in metadata. It installs into the user's OpenClaw skills directory and registers runtime hooks that intercept many agent events — this is expected for a runtime protection skill but grants broad visibility into agent activity (file reads, tool outputs, user inputs). Combined with undeclared network/webhook capabilities, this broad access raises concern and warrants review prior to production deployment.

⚠ build-complete/scripts/check-install.js:59