skillsentry
OpenClaw安全审计+提示注入检测器。扫描网关/漏洞/cron/PI 模式。用于防疯狂安装。
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install totalclaw:totalclaw~poolguy24-skillsentrycURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Atotalclaw~poolguy24-skillsentry/file -o poolguy24-skillsentry.md# SkillSentry ## Purpose Audit a local OpenClaw install for security posture and common prompt-injection indicators. Produces a JSON report for review and alerting. ## Workflow 1. **Canvas present**: Launch the panel server and present the UI. 2. **User config**: Update `config.yaml` (scan frequency, alerts, sensitivity). 3. **Cron setup**: Schedule `scripts/audit.sh` at the chosen cadence. 4. **Report/Alert**: Review JSON output and alert if prompt-injection hits or unexpected open ports are found. ## Usage ### Panel (recommended) ```bash node scripts/panel-server.js ``` Then present the UI: - `canvas.present` → `http://localhost:8133` (Scan / Settings / Logs) ### Config (CLI) ```bash node scripts/config.js get node scripts/config.js set Scan_freq daily alerts telegram sensitivity high ``` ### Audit (CLI) ```bash bash scripts/audit.sh > report.json ``` ## Notes - Local-only scans; no network calls outside localhost. - Panel server is local and stores the last report at `logs/last-report.json`. - `config.yaml` defaults: Scan_freq=daily, alerts=telegram, sensitivity=high. - Safe for routine security checks and “frenzy-proofing”. Contact: Jeffrey Coleman | smallbizailab79@gmail.com | Custom audits/enterprise. --- ## 中文说明 # SkillSentry ## 用途 审计本地 OpenClaw 安装的安全态势及常见提示注入指标。生成用于审查和告警的 JSON 报告。 ## 工作流程 1. **画布展示**:启动面板服务器并展示 UI。 2. **用户配置**:更新 `config.yaml`(扫描频率、告警、灵敏度)。 3. **Cron 设置**:按所选节奏调度 `scripts/audit.sh`。 4. **报告/告警**:审查 JSON 输出,并在命中提示注入或发现意外开放端口时告警。 ## 使用方法 ### 面板(推荐) ```bash node scripts/panel-server.js ``` 然后展示 UI: - `canvas.present` → `http://localhost:8133`(扫描 / 设置 / 日志) ### 配置(CLI) ```bash node scripts/config.js get node scripts/config.js set Scan_freq daily alerts telegram sensitivity high ``` ### 审计(CLI) ```bash bash scripts/audit.sh > report.json ``` ## 注意事项 - 仅本地扫描;不会在 localhost 之外发起网络调用。 - 面板服务器为本地运行,并将最近一次报告存储在 `logs/last-report.json`。 - `config.yaml` 默认值:Scan_freq=daily、alerts=telegram、sensitivity=high。 - 适用于日常安全检查和“防疯狂安装”。 联系方式:Jeffrey Coleman | smallbizailab79@gmail.com | 定制审计/企业服务。