{ "schemaVersion": "1.0", "item": { "slug": "sec-audit", "name": "sec-audit", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/nx4dm1n/sec-audit", "canonicalUrl": "https://clawhub.ai/nx4dm1n/sec-audit", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/sec-audit", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sec-audit", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "package.json", "SKILL.md", "tools/security-audit.js" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/sec-audit" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/sec-audit", "agentPageUrl": "https://openagent3.xyz/skills/sec-audit/agent", "manifestUrl": "https://openagent3.xyz/skills/sec-audit/agent.json", "briefUrl": "https://openagent3.xyz/skills/sec-audit/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OpenClaw Security Audit Skill", "body": "用途:对 OpenClaw 部署进行安全配置审计,检测已知漏洞和安全隐患\n版本:1.0.0\n作者:Security Team\n风险等级:安全审计工具(仅读取和检测,不修改任何配置)" }, { "title": "功能概述", "body": "本 Skill 是一个安全审计工具,可检测 OpenClaw 部署中的以下安全问题:" }, { "title": "检测覆盖范围", "body": "检测项对应漏洞编号描述环境变量泄露检测SYS-002, OC-008检查 process.env 是否暴露敏感 API Key明文凭据存储检测SYS-005, ECO-012检查 auth-profiles.json 等文件是否明文存储凭据网关认证配置检测SYS-006, ECO-024检查 Gateway 是否启用了认证网关绑定地址检测SYS-006检查 Gateway 是否绑定到 0.0.0.0沙箱配置检测ECO-009, OC-001检查沙箱是否正确启用速率限制检测SYS-007, OC-011检查是否配置速率限制恶意 Skill 扫描ClawHavoc扫描已安装 Skill 是否匹配已知恶意名单IOC 指标检测ClawHavoc IOC检测已知恶意 IP、域名、文件哈希SKILL.md 恶意内容检测ECO-015扫描所有已安装 Skill 的 SKILL.md 是否含可疑命令Base64 编码命令检测OC-009检测 SKILL.md 中隐藏的 Base64 编码命令进程隔离验证SYS-001验证是否存在进程隔离机制WebSocket 加密检测ECO-006检查 WebSocket 通信是否使用 wss://DM/Group 策略检测认证/授权检查频道安全策略配置审计日志检测SYS-004检查是否启用安全审计日志已知恶意攻击者检测ClawHavoc比对已安装 Skill 的作者信息" }, { "title": "使用方式", "body": "运行安全审计:\n\nnode tools/security-audit.js\n\n运行完整审计并输出 JSON 报告:\n\nnode tools/security-audit.js --format json --output audit-report.json\n\n仅运行特定检测模块:\n\nnode tools/security-audit.js --module env,auth,skills,ioc" }, { "title": "输出说明", "body": "🔴 CRITICAL — 严重安全问题,需立即修复\n🟠 HIGH — 高危问题,建议 48 小时内修复\n🟡 MEDIUM — 中危问题,建议 1 周内修复\n🟢 LOW/PASS — 低危或检测通过" }, { "title": "注意事项", "body": "本工具仅进行只读检测,不会修改任何系统配置\n所有检测结果仅保存在本地,不会外传任何数据\n建议在测试环境中首先运行,确认无误后再在生产环境使用" } ], "body": "OpenClaw Security Audit Skill\n\n用途:对 OpenClaw 部署进行安全配置审计,检测已知漏洞和安全隐患\n版本:1.0.0\n作者:Security Team\n风险等级:安全审计工具(仅读取和检测,不修改任何配置)\n\n功能概述\n\n本 Skill 是一个安全审计工具,可检测 OpenClaw 部署中的以下安全问题:\n\n检测覆盖范围\n检测项\t对应漏洞编号\t描述\n环境变量泄露检测\tSYS-002, OC-008\t检查 process.env 是否暴露敏感 API Key\n明文凭据存储检测\tSYS-005, ECO-012\t检查 auth-profiles.json 等文件是否明文存储凭据\n网关认证配置检测\tSYS-006, ECO-024\t检查 Gateway 是否启用了认证\n网关绑定地址检测\tSYS-006\t检查 Gateway 是否绑定到 0.0.0.0\n沙箱配置检测\tECO-009, OC-001\t检查沙箱是否正确启用\n速率限制检测\tSYS-007, OC-011\t检查是否配置速率限制\n恶意 Skill 扫描\tClawHavoc\t扫描已安装 Skill 是否匹配已知恶意名单\nIOC 指标检测\tClawHavoc IOC\t检测已知恶意 IP、域名、文件哈希\nSKILL.md 恶意内容检测\tECO-015\t扫描所有已安装 Skill 的 SKILL.md 是否含可疑命令\nBase64 编码命令检测\tOC-009\t检测 SKILL.md 中隐藏的 Base64 编码命令\n进程隔离验证\tSYS-001\t验证是否存在进程隔离机制\nWebSocket 加密检测\tECO-006\t检查 WebSocket 通信是否使用 wss://\nDM/Group 策略检测\t认证/授权\t检查频道安全策略配置\n审计日志检测\tSYS-004\t检查是否启用安全审计日志\n已知恶意攻击者检测\tClawHavoc\t比对已安装 Skill 的作者信息\n使用方式\n\n运行安全审计:\n\nnode tools/security-audit.js\n\n\n运行完整审计并输出 JSON 报告:\n\nnode tools/security-audit.js --format json --output audit-report.json\n\n\n仅运行特定检测模块:\n\nnode tools/security-audit.js --module env,auth,skills,ioc\n\n输出说明\n🔴 CRITICAL — 严重安全问题,需立即修复\n🟠 HIGH — 高危问题,建议 48 小时内修复\n🟡 MEDIUM — 中危问题,建议 1 周内修复\n🟢 LOW/PASS — 低危或检测通过\n注意事项\n本工具仅进行只读检测,不会修改任何系统配置\n所有检测结果仅保存在本地,不会外传任何数据\n建议在测试环境中首先运行,确认无误后再在生产环境使用" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/nx4dm1n/sec-audit", "publisherUrl": "https://clawhub.ai/nx4dm1n/sec-audit", "owner": "nx4dm1n", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/sec-audit", "downloadUrl": "https://openagent3.xyz/downloads/sec-audit", "agentUrl": "https://openagent3.xyz/skills/sec-audit/agent", "manifestUrl": "https://openagent3.xyz/skills/sec-audit/agent.json", "briefUrl": "https://openagent3.xyz/skills/sec-audit/agent.md" } }