Nginx Config Linter
v1.0.0Lint, validate, and audit nginx configuration files for syntax errors, security issues, and performance problems.
0· 42·0 当前·0 累计
by 安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent: a local, pure-Python nginx configuration linter that reads config files and emits reports, with no unexpected credentials, installs, or persistent privileges requested.
评估建议
This skill appears coherent and safe for auditing nginx configs: it ships a pure-Python linter and asks you to run it against your config files. Before running it on production systems, review the entire scripts/nginx-config-linter.py to confirm there are no network calls or subprocess executions (the visible imports are stdlib-only but the file is truncated in the listing). Run it first on a copy of your configs or in a sandboxed environment, and avoid supplying paths with sensitive data unless...详细分析 ▾
✓ 用途与能力
Name/description (nginx config linter) matches the included Python script and runtime instructions. The script parses nginx config trees, applies syntax/security/performance rules, and the SKILL.md shows commands to run the script against /etc/nginx — all coherent with a linter.
✓ 指令范围
Runtime instructions tell the agent to run the included Python script against nginx config files (single file or recursive directory). Reading /etc/nginx is appropriate for this tool. The commands do allow scanning arbitrary paths (user-supplied), which is expected for a linter but means the tool can read any files the invoking user can access.
✓ 安装机制
No install spec; skill is instruction-only with an included Python script. No external downloads or package installs are requested. This minimizes supply-chain risk.
✓ 凭证需求
The skill declares no environment variables, no credentials, and no config paths. The script appears to use only Python stdlib modules (sys, os, re, json, glob, dataclasses, enum, typing) in the visible portion, which matches the described purpose and doesn't request unrelated secrets.
✓ 持久化与权限
always is false and there is no indication the skill attempts to modify other skills or system-wide agent settings. It runs on demand and does not request elevated persistence.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/13
Initial release
● 无害
安装命令 点击复制
官方npx clawhub@latest install nginx-config-linter
镜像加速npx clawhub@latest install nginx-config-linter --registry https://cn.clawhub-mirror.com
技能文档
Validate and audit nginx configuration files for syntax, security, and performance issues.
Commands
Lint a config file
python3 scripts/nginx-config-linter.py lint /etc/nginx/nginx.conf
Security audit
python3 scripts/nginx-config-linter.py security /etc/nginx/nginx.conf
Performance check
python3 scripts/nginx-config-linter.py performance /etc/nginx/nginx.conf
Full audit (lint + security + performance)
python3 scripts/nginx-config-linter.py audit /etc/nginx/nginx.conf
Scan directory of configs
python3 scripts/nginx-config-linter.py audit /etc/nginx/ --recursive
Options
--format text|json|markdown— Output format (default: text)--severity error|warning|info— Minimum severity to report (default: info)--recursive— Scan directories recursively for .conf files--strict— Exit code 1 on any warning or error (CI mode)
What It Checks
Syntax (12 rules)
- Unmatched braces, missing semicolons
- Invalid directives in wrong context
- Duplicate server_name, duplicate location
- Empty blocks, unreachable locations
- Invalid listen directives
- Conflicting try_files
Security (15 rules)
- Missing security headers (X-Frame-Options, X-Content-Type-Options, CSP, etc.)
- Server tokens exposed (server_tokens on)
- Weak SSL/TLS (SSLv3, TLS 1.0/1.1, weak ciphers)
- Missing HSTS header
- Directory listing enabled (autoindex on)
- Missing rate limiting
- Permissive CORS (*) with credentials
- Default server block missing
- Root inside location block
Performance (10 rules)
- Gzip not enabled or poorly configured
- Missing keepalive settings
- Buffer sizes too small/large
- Missing proxy cache settings
- No worker_connections tuning
- Missing client_max_body_size
- Large timeout values
- Missing access_log off for static assets
Exit Codes
- 0: No errors or warnings
- 1: Errors or warnings found (or --strict with any findings)
- 2: File not found or parse error
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制