security-guardian
OpenClaw 项目的自动安全审核。使用 Trivy 扫描硬编码机密(API 密钥、令牌)和容器漏洞 (CVE)。提供结构化报告以帮助维护干净、安全的代码库。
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install totalclaw:totalclaw~1999azzar-security-guardiancURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Atotalclaw~1999azzar-security-guardian/file -o 1999azzar-security-guardian.md## 概述(中文)
OpenClaw 项目的自动安全审核。使用 Trivy 扫描硬编码机密(API 密钥、令牌)和容器漏洞 (CVE)。提供结构化报告以帮助维护干净、安全的代码库。
## 原文
# Security Guardian
System for automated security auditing and credential protection.
## Core Workflows
### 1. Secret Scanning
Scan specific project directories for hardcoded credentials.
- **Tool**: `scripts/scan_secrets.py`
- **Usage**: `python3 $WORKSPACE/skills/security-guardian/scripts/scan_secrets.py <path_to_project>`
- **Workflow**:
1. Execute scan on a specific project or directory.
2. If findings are reported (exit code 1):
- Review the file and line number.
- **Transition**: Move the secret to a secure vault (e.g., using the `mema-vault` skill).
- **Redact**: Replace the plaintext secret in the source code with an environment variable or a vault lookup call.
### 2. Container Vulnerability Scan
Analyze Docker images for vulnerabilities prior to deployment.
- **Tool**: `scripts/scan_container.sh`
- **Usage**: `bash $WORKSPACE/skills/security-guardian/scripts/scan_container.sh <image_name>`
- **Logic**: Identify `HIGH` and `CRITICAL` severities. Recommend base image updates or security patches.
## Security Guardrails
- **Scope Limitation**: Avoid scanning system-level directories. Focus only on relevant project workspaces.
- **Credential Isolation**: Hardcoded secrets are considered a high-severity finding.
- **Dependencies**: Container scanning requires `trivy` to be installed on the host system.
## Integration
- **Vaulting**: This skill identifies leaks. Remediation should be performed using a dedicated credential manager like `mema-vault`.