{ "schemaVersion": "1.0", "item": { "slug": "ai-shield-audit", "name": "AI Shield — OpenClaw Security Audit", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/LaurentAIA/ai-shield-audit", "canonicalUrl": "https://clawhub.ai/LaurentAIA/ai-shield-audit", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/ai-shield-audit", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ai-shield-audit", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "bin/shield.js", "package.json", "scripts/shield-audit.sh", "src/audit.js" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "ai-shield-audit", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T23:49:49.113Z", "expiresAt": "2026-04-30T23:49:49.113Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ai-shield-audit", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ai-shield-audit", "contentDisposition": "attachment; filename=\"ai-shield-audit-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "ai-shield-audit" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/ai-shield-audit" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/ai-shield-audit", "agentPageUrl": "https://openagent3.xyz/skills/ai-shield-audit/agent", "manifestUrl": "https://openagent3.xyz/skills/ai-shield-audit/agent.json", "briefUrl": "https://openagent3.xyz/skills/ai-shield-audit/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OpenClaw Shield — Security Audit", "body": "Audit any OpenClaw config for security vulnerabilities, misconfigurations, and best-practice violations. Produces a structured JSON report with risk scores, findings, and remediation steps." }, { "title": "When to Use", "body": "User asks to check/audit/review their OpenClaw security\nUser wants to harden their config before deploying\nUser is setting up a new OpenClaw instance\nUser asks about secret leakage or API key exposure in their config\nBefore publishing or sharing any config file" }, { "title": "Quick Audit (live config)", "body": "node scripts/shield-audit.sh\n\nOr directly:\n\nnode SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary" }, { "title": "What It Checks (11 categories)", "body": "Gateway Auth — missing/weak auth, insecure UI settings\nNetwork Exposure — bind address, Tailscale funnel, wildcard proxies\nChannel Security — wildcard allowFrom, missing allowlists\nDM Policy — open DM policy without pairing\nSubagent Permissions — wildcard allowAgents, circular delegation chains, self-delegation\nTool Permissions — over-privileged agents with tools.profile: \"full\"\nSecret Leakage — API keys, tokens, private keys in plaintext config\nSandbox/Execution — missing workspace isolation, no execution policies\nPlugin Config — enabled plugins without channel config\nHeartbeat Exposure — sensitive data in heartbeat prompts\nRemote Config — unencrypted WebSocket, exposed remote URLs/tokens" }, { "title": "Audit a config file", "body": "node SKILL_DIR/bin/shield.js audit \nnode SKILL_DIR/bin/shield.js audit --summary # human-readable" }, { "title": "Audit from stdin", "body": "cat config.json | node SKILL_DIR/bin/shield.js audit --stdin" }, { "title": "Sanitize a config (strip secrets)", "body": "node SKILL_DIR/bin/shield.js sanitize " }, { "title": "Programmatic use", "body": "const { auditConfig } = require('SKILL_DIR/src/audit');\nconst config = require('./openclaw.json');\nconst report = auditConfig(config);\nconsole.log(report.risk_level); // \"CRITICAL\" | \"HIGH\" | \"MEDIUM\" | \"LOW\"\nconsole.log(report.overall_score); // 0-100\nconsole.log(report.vulnerabilities); // detailed findings" }, { "title": "Output", "body": "Returns JSON with: risk_level, overall_score (0-100), vulnerabilities[], vulnerability_count, best_practices_compliance, action_recommended, safe_to_deploy, audit_timestamp." }, { "title": "Workflow for Agent", "body": "Load the user's config: cat ~/.openclaw/openclaw.json\nRun: node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary\nPresent findings to user with prioritized recommendations\nOffer to sanitize before sharing: node SKILL_DIR/bin/shield.js sanitize " } ], "body": "OpenClaw Shield — Security Audit\n\nAudit any OpenClaw config for security vulnerabilities, misconfigurations, and best-practice violations. Produces a structured JSON report with risk scores, findings, and remediation steps.\n\nWhen to Use\nUser asks to check/audit/review their OpenClaw security\nUser wants to harden their config before deploying\nUser is setting up a new OpenClaw instance\nUser asks about secret leakage or API key exposure in their config\nBefore publishing or sharing any config file\nQuick Audit (live config)\nnode scripts/shield-audit.sh\n\n\nOr directly:\n\nnode SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary\n\nWhat It Checks (11 categories)\nGateway Auth — missing/weak auth, insecure UI settings\nNetwork Exposure — bind address, Tailscale funnel, wildcard proxies\nChannel Security — wildcard allowFrom, missing allowlists\nDM Policy — open DM policy without pairing\nSubagent Permissions — wildcard allowAgents, circular delegation chains, self-delegation\nTool Permissions — over-privileged agents with tools.profile: \"full\"\nSecret Leakage — API keys, tokens, private keys in plaintext config\nSandbox/Execution — missing workspace isolation, no execution policies\nPlugin Config — enabled plugins without channel config\nHeartbeat Exposure — sensitive data in heartbeat prompts\nRemote Config — unencrypted WebSocket, exposed remote URLs/tokens\nUsage\nAudit a config file\nnode SKILL_DIR/bin/shield.js audit \nnode SKILL_DIR/bin/shield.js audit --summary # human-readable\n\nAudit from stdin\ncat config.json | node SKILL_DIR/bin/shield.js audit --stdin\n\nSanitize a config (strip secrets)\nnode SKILL_DIR/bin/shield.js sanitize \n\nProgrammatic use\nconst { auditConfig } = require('SKILL_DIR/src/audit');\nconst config = require('./openclaw.json');\nconst report = auditConfig(config);\nconsole.log(report.risk_level); // \"CRITICAL\" | \"HIGH\" | \"MEDIUM\" | \"LOW\"\nconsole.log(report.overall_score); // 0-100\nconsole.log(report.vulnerabilities); // detailed findings\n\nOutput\n\nReturns JSON with: risk_level, overall_score (0-100), vulnerabilities[], vulnerability_count, best_practices_compliance, action_recommended, safe_to_deploy, audit_timestamp.\n\nWorkflow for Agent\nLoad the user's config: cat ~/.openclaw/openclaw.json\nRun: node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary\nPresent findings to user with prioritized recommendations\nOffer to sanitize before sharing: node SKILL_DIR/bin/shield.js sanitize " }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/LaurentAIA/ai-shield-audit", "publisherUrl": "https://clawhub.ai/LaurentAIA/ai-shield-audit", "owner": "LaurentAIA", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/ai-shield-audit", "downloadUrl": "https://openagent3.xyz/downloads/ai-shield-audit", "agentUrl": "https://openagent3.xyz/skills/ai-shield-audit/agent", "manifestUrl": "https://openagent3.xyz/skills/ai-shield-audit/agent.json", "briefUrl": "https://openagent3.xyz/skills/ai-shield-audit/agent.md" } }