SkillSentryOpenClaw's Always‑On Security Cop — 技能工具
v1.1.0OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs.
0· 996·3 当前·4 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill is generally coherent as a local OpenClaw auditor, but several mismatches and missing components (missing panel/config scripts, hardcoded developer file paths, and instructions to persist via cron) mean you should review/modify it before installing or scheduling it to run regularly.
评估建议
This package appears to be a local-only OpenClaw auditor, but several things don't add up — the SKILL.md references node scripts (panel-server.js, config.js) and a config.yaml/log path that are not included, and the shell script defaults to a developer's hardcoded path (/Users/BillyAssist/...). Before using/installing: 1) Do not schedule it in cron yet — inspect and run it manually. 2) Read scripts/audit.sh line-by-line and change WORKDIR to your OpenClaw installation (or set WORKDIR env var) so...详细分析 ▾
⚠ 用途与能力
The declared purpose (local OpenClaw security audit and prompt-injection detection) matches the included audit.sh which scans OpenClaw status, session state, memory and skills directories and performs a localhost port scan. However SKILL.md instructs running node scripts (node scripts/panel-server.js and node scripts/config.js) and refers to config.yaml and logs/last-report.json even though those node scripts and config file are not present in the package. The audit.sh defaults to hardcoded paths under /Users/BillyAssist/clawd which appears to be a developer leftover and may not match the target system. OUTDIR is declared but never used. These inconsistencies reduce trust in the packaging and intent.
⚠ 指令范围
The runtime instructions ask you to present a UI, edit config.yaml, and schedule scripts/audit.sh in cron. The actual bundle only contains a static panel.html, audit.sh, and helper docs; the server and config JS files referenced are missing. The script does scan local 'memory' and 'skills' directories (which is consistent with an auditor) — these may contain sensitive content, so scanning them is warranted but must be understood. SKILL.md claims 'Local-only scans; no network calls outside localhost', and audit.sh adheres to that (it only runs a localhost nmap if present). However the instructions are vague about how cron should be set up and where outputs/logs are stored, and the claimed 'last report at logs/last-report.json' is not produced by the included script.
✓ 安装机制
No install spec or remote downloads — the skill is instruction-only with a local shell script and static assets. That minimizes supply-chain risk. The only potentially sensitive operation is executing the bundled shell script; there are no external URL downloads or extracted archives in the package.
ℹ 凭证需求
The skill declares no required environment variables or credentials, which is appropriate. The script does respect WORKDIR and OUTDIR environment variables if set, but defaults to a hardcoded /Users/BillyAssist/clawd path — this is odd and likely a leftover. The script reads local files (memory, skills) which are relevant for prompt-injection scans but could expose sensitive data; no network exfiltration is present in the code, but you should verify you are comfortable with local file scanning of those paths before running.
ℹ 持久化与权限
The skill is not configured always:true and does not autonomously install itself. However SKILL.md explicitly instructs the user to set up a cron job to run scripts/audit.sh on a cadence; that is legitimate for an auditor but creates persistent execution. You should not schedule the script until you inspect and (if needed) edit it and the referenced missing components. The skill does not modify other skills' configs in the package.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/2/12
- Added SkillSentry v1.1.0 featuring OpenClaw security audits and prompt injection detection. - Produces a detailed JSON report on security posture and vulnerabilities. **Checks:** ✅ Every line for PI + tool abuse ✅ Exposed API keys ✅ New files + ports ✅ Plain logs **UI:** 🔍 SCAN - Includes a local panel server for scan management, configuration, and log review. - Supports customizable scan frequency, alert types (e.g., Telegram), and detection sensitivity via config. - All operations are local; no external network calls.
● 无害
安装命令
点击复制官方npx clawhub@latest install skillsentry
镜像加速npx clawhub@latest install skillsentry --registry https://cn.longxiaskill.com 镜像可用
本土化适配说明
SkillSentryOpenClaw's Always‑On Security Cop — 技能工具 安装说明: 安装命令:npx clawhub@latest install skillsentry 支持国内镜像加速,使用 --registry https://cn.longxiaskill.com 参数可加速下载
技能文档
Purpose
Audit a local OpenClaw install for security posture and common prompt-injection indicators. Produces a JSON report for review and alerting.Workflow
- Canvas present: Launch the panel server and present the UI.
- User config: Update
config.yaml(scan frequency, alerts, sensitivity). - Cron setup: Schedule
scripts/audit.shat the chosen cadence. - Report/Alert: Review JSON output and alert if prompt-injection hits or unexpected open ports are found.
Usage
Panel (recommended)
node scripts/panel-server.js
canvas.present→http://localhost:8133(Scan / Settings / Logs)
Config (CLI)
node scripts/config.js get
node scripts/config.js set Scan_freq daily alerts telegram sensitivity high
Audit (CLI)
bash scripts/audit.sh > report.json
Notes
- Local-only scans; no network calls outside localhost.
- Panel server is local and stores the last report at
logs/last-report.json. config.yamldefaults: Scan_freq=daily, alerts=telegram, sensitivity=high.- Safe for routine security checks and “frenzy-proofing”.
Contact: Jeffrey Coleman | smallbizailab79@gmail.com | Custom audits/enterprise.