Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Security & Compliance
sec-audit
对 OpenClaw 部署进行只读安全审计,检测环境泄露、认证配置、恶意 Skill 等已知风险和漏洞。
skill openclawclawhub Free
对 OpenClaw 部署进行只读安全审计,检测环境泄露、认证配置、恶意 Skill 等已知风险和漏洞。
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- package.json, SKILL.md, tools/security-audit.js
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.0
Provenance
- Publisher
- nx4dm1n
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
OpenClaw Security Audit Skill
用途:对 OpenClaw 部署进行安全配置审计,检测已知漏洞和安全隐患 版本:1.0.0 作者:Security Team 风险等级:安全审计工具(仅读取和检测,不修改任何配置)
功能概述
本 Skill 是一个安全审计工具,可检测 OpenClaw 部署中的以下安全问题:
检测覆盖范围
检测项对应漏洞编号描述环境变量泄露检测SYS-002, OC-008检查 process.env 是否暴露敏感 API Key明文凭据存储检测SYS-005, ECO-012检查 auth-profiles.json 等文件是否明文存储凭据网关认证配置检测SYS-006, ECO-024检查 Gateway 是否启用了认证网关绑定地址检测SYS-006检查 Gateway 是否绑定到 0.0.0.0沙箱配置检测ECO-009, OC-001检查沙箱是否正确启用速率限制检测SYS-007, OC-011检查是否配置速率限制恶意 Skill 扫描ClawHavoc扫描已安装 Skill 是否匹配已知恶意名单IOC 指标检测ClawHavoc IOC检测已知恶意 IP、域名、文件哈希SKILL.md 恶意内容检测ECO-015扫描所有已安装 Skill 的 SKILL.md 是否含可疑命令Base64 编码命令检测OC-009检测 SKILL.md 中隐藏的 Base64 编码命令进程隔离验证SYS-001验证是否存在进程隔离机制WebSocket 加密检测ECO-006检查 WebSocket 通信是否使用 wss://DM/Group 策略检测认证/授权检查频道安全策略配置审计日志检测SYS-004检查是否启用安全审计日志已知恶意攻击者检测ClawHavoc比对已安装 Skill 的作者信息
使用方式
运行安全审计: node tools/security-audit.js 运行完整审计并输出 JSON 报告: node tools/security-audit.js --format json --output audit-report.json 仅运行特定检测模块: node tools/security-audit.js --module env,auth,skills,ioc
输出说明
🔴 CRITICAL — 严重安全问题,需立即修复 🟠 HIGH — 高危问题,建议 48 小时内修复 🟡 MEDIUM — 中危问题,建议 1 周内修复 🟢 LOW/PASS — 低危或检测通过
注意事项
本工具仅进行只读检测,不会修改任何系统配置 所有检测结果仅保存在本地,不会外传任何数据 建议在测试环境中首先运行,确认无误后再在生产环境使用
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
1 Docs1 Scripts1 Config
- SKILL.md
- tools/security-audit.js
- package.json