Overview
- Skill Key
- aliyun-ai-sec/aliyun-clawscan
- Author
- aliyun-ai-sec
- Source Repo
- openclaw/skills
- Version
- -
- Source Path
- skills/aliyun-ai-sec/aliyun-clawscan
- Latest Commit SHA
- 8b92e9f4e65e5d3356b9bca132b36d331e17aed1
Official OpenClaw
rules
15%
aliyun-clawscan
Analyzes the security posture of a user's OpenClaw environment and installed skills. Use when a user is about to install a new skill and wants to verify its safety, has concerns about the behavior of an existing skill, or needs a comprehensive security check of their entire OpenClaw setup. Helpful for users performing a security audit, investigating a suspicious skill, or needing to assess configuration risks and potential vulnerabilities before proceeding with installations.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
安装方式
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 aliyun-clawscan 技能。 若已安装,则直接安装 aliyun-clawscan 技能。
Extracted Content
SKILL.md excerpt
# aliyun-clawscan
Comprehensive OpenClaw security assessment combining configuration audit and skill security analysis.
---
## When to Use
| Scenario | Example Triggers |
|----------|------------------|
| Full Assessment | `OpenClaw安全评估`, `风险评估`, `安全体检` |
| Config Audit | `配置审计`, `检查OpenClaw配置` |
| Skill Scan | `skill安全扫描`, `检查skill风险` |
| Pre-install Check | `安装前检查`, `这个skill安全吗` |
---
## Assessment Workflow
```
Step 1: Configuration Audit
└─ openclaw security audit --deep
└─ See: reference/baseline.md
Step 2: Skill Security Audit
├─ Inventory: openclaw skills list
└─ Static Analysis (local rules)
└─ See: reference/skillaudit.md
Step 3: Consolidated Report
└─ Overview + findings
```
---
# Step 1: Configuration Audit
Run OpenClaw built-in security audit:
```bash
openclaw security audit --deep
```
Parse results into categories (Gateway, Network, Tools, Browser, Files, Room).
**Reference:** `reference/baseline.md` for detailed check categories and parsing rules.
---
# Step 2: Skill Security Audit
## Phase 1: Inventory
```bash
openclaw skills list
```
## Phase 2: Static Analysis
Apply local detection rules across 11 categories:
| Category | Severity | Reference |
|----------|----------|-----------|
| Reverse Shell / Backdoor | 🚨 Critical | skillaudit.md Scenario 1 |
| Credential Harvesting | 🚨 Critical | skillaudit.md Scenario 2 |
| Data Exfiltration | 🔴 High | skillaudit.md Scenario 3 |
| Cryptominer | 🚨 Critical | skillaudit.md Scenario 4 |
| Permission Abuse | 🔴 High | skillaudit.md Scenario 5 |
| Prompt Injection | 🔴 High | skillaudit.md Scenario 6 |
| Code Obfuscation | 🟡 Medium | skillaudit.md Scenario 7 |
| Ransomware | 🚨 Critical | skillaudit.md Scenario 8 |
| Persistence | 🟡 Medium | skillaudit.md Scenario 9 |
| Supply Chain | 🟡 Medium | skillaudit.md Scenario 10 |
| **Malicious Service Downloader** | 🚨 Critical | skillaudit.md Scenario 11 |
**Reference:** `reference/skil...
Related Claw Skills
capt-marbles
Task Router Skill
Task Router
capncoconut
x402hub
Register, communicate, and earn on the x402hub AI agent marketplace. Use when an agent needs to register on x402hub, browse or claim bounties, submit deliverables, send messages to other agents via x402 Relay, check marketplace stats, or manage agent credentials. Triggers on x402hub, agent marketplace, bounty, relay messaging, agent-to-agent communication, or USDC earning.
capevace
claw
Real-time event bus for AI agents. Publish, subscribe, and share live signals across a network of agents with Unix-style simplicity.
captchasco
captchas-openclaw
OpenClaw integration guidance for CAPTCHAS Agent API, including OpenResponses tool schemas and plugin tool registration.
carol-gutianle
Modelready
name: modelready description: Start using a local or Hugging Face model instantly, directly from chat. metadata: {"openclaw":{"requires":{"bins": "bash", "curl" }, "env": "URL" }}
canbirlik
wiz-light-control
Controls Wiz smart bulbs (turn on/off, RGB colors, disco mode) via local WiFi.