openclaw-pc-security — Windows本地安全检查
v2.0.1对Windows PC和OpenClaw服务器配置进行本地安全自检,包括密码保护、端口配置和暴露情况检查,生成HTML/JSON格式的本地报告。
0· 367·0 当前·0 累计·💬 7
by 安全扫描
OpenClaw
安全
high confidence技能的代码、指令和资源使用与本地Windows + OpenClaw安全自检一致;其中包含的主动网络和凭证检查符合此目的,并已记录为需要授权。
评估建议
此包似乎实现了其声称的功能:本地Windows安全态势检查和可选的OpenClaw网络探测。运行前的重要考虑因素:仅在您拥有或已获得明确测试权限的机器和网络上运行主动扫描(--ports、凭证检查、暴露检查)。代码将尝试对/login进行默认登录POST请求和对未认证端点进行GET请求。如果担心副作用,请在受控环境(单独用户账户或VM)中运行。MSRC API密钥是可选的,仅在您需要CVE→KB查询时才提供。如果不提供,该功能将保持禁用状态。脚本将读取本地配置文件(cwd config.json、~/.openclaw/config.json、APPDATA路径)来检测服务器设置——如果您不想检查这些文件,请勿运行。报告写入output/(固定文件名,可能覆盖)。不要公开上传报告;它们可能包含敏感信息。如果需要额外保证,请在执行前查看scripts/run_scan.py和scripts/run_audit.py,并先运行仅审计模式(无网络探测)以查看结果。...详细分析 ▾
✓ 用途与能力
名称/描述与程序包的实际功能一致:本地Windows安全态势检查、OpenClaw版本/配置检查、可选的OpenClaw端点网络探测,以及本地HTML/JSON报告生成。所需的二进制文件/环境变量很少且可选(requests、可选的MSRC API密钥),与所述功能一致。
ℹ 指令范围
SKILL.md明确指导运行本地审计和可选网络扫描(scripts/run_audit.py和scripts/run_scan.py)。代码执行授权的网络探测、默认凭证登录尝试(admin:openclaw)和未认证端点检索以检测敏感字段——这些适用于OpenClaw暴露扫描仪,但是具有法律/道德影响的主动操作。该技能还扫描本地配置路径(cwd config.json、~/.openclaw/config.json、APPDATA),这与服务器配置检查一致。SKILL.md警告不要在您不拥有的系统上使用主动扫描,并且不要上传报告。
✓ 安装机制
没有提供自动安装规范(该程序包仅是指令/代码)。依赖项仅限于'requirements.txt'中的'requests'。该项目期望用户设置Python venv并pip安装需求;清单中没有任何内容指向来自不受信任主机的下载或不透明安装操作。
✓ 凭证需求
没有声明必需的环境变量。MSRC API密钥是可选的,仅在用户请求该功能时用于MSRC SUG查询。脚本读取本地系统状态(注册表、netstat、home/CWD/APPDATA下的文件),这对于所述的本地审计目的是必要的。没有请求无关的云凭证或广泛的密钥。
✓ 持久化与权限
该技能不请求always:true,也不修改其他技能。它将按调用方式运行,不请求永久提升的平台权限。平台默认允许自主调用,但不与其他令人担忧的标志结合。
⚠ output/scan_report.json:12
安装源指向URL缩短器或原始IP地址。
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.0.12026/3/11
openclaw-pc-security 2.0.1 变更日志:- 澄清了目标检查的措辞:“可选的OpenClaw目标检查(仅限授权使用)”取代了“可选的OpenClaw目标探测(仅限授权使用)”。- 主动扫描功能(凭证和泄露检查)现在必须通过新的命令行标志(--enable-cred-check、--enable-leak-check)明确启用。- 更新了说明和示例命令以反映主动网络检查的明确启用。- 修订了注释,以更清晰地指导使用限制和安全处理报告文件。
● 可疑
安装命令 点击复制
官方npx clawhub@latest install openclaw-pc-security
镜像加速npx clawhub@latest install openclaw-pc-security --registry https://cn.clawhub-mirror.com
技能文档
Description
Security self-check and risk alerting for:
- Windows baseline (version/build, last security update date, support status, patch lag)
- Local OpenClaw CLI version vs latest (optional online check)
- OpenClaw server configuration safety (password protection, default port use, public exposure)
- Optional OpenClaw target checks (authorized use only)
When to use
Use this skill when you need to:
- Check whether Windows is out of support or significantly behind updates
- Confirm whether OpenClaw is up to date on your machine
- If you deployed OpenClaw on a VPS/personal server, verify the setup is safe (password protection on, avoid default port, restrict exposure)
- Generate a local HTML/JSON report for your own reference (do not upload publicly)
Input
- Local machine information (Windows version/build, last update date)
- Optional OpenClaw config file path for server-side checks (e.g., config.json)
- Optional target host/IP and ports for OpenClaw probing (authorized environments only)
Output
- Severity-based findings (Info/Medium/High/Critical)
- HTML/JSON report under
output/ output/audit_report.html/output/audit_report.jsonoutput/scan_report.html/output/scan_report.json- Finding types include:
defender_status, browser_outdated, browser_info, windows_support_status
- server_config_not_found, server_auth_disabled, server_auth_enabled
- server_default_port, server_custom_port, server_exposed_public, server_local_only
- openclaw_outdated, openclaw_version_mismatch, windows_patch_lag, weak_credentialsSteps
1) Local audit
python scripts/run_audit.py --npm-view-latest-openclaw --out-dir output
Optional: if you know your OpenClaw config file path:
python scripts/run_audit.py --server-config-path "" --out-dir output
2) Scan a target (authorized environments only)
python scripts/run_scan.py --ports 18789,18790,18792 --out-dir output
Optional: enable active checks explicitly (disabled by default)
python scripts/run_scan.py --ports 18789,18790,18792 --enable-cred-check --enable-leak-check --out-dir output
Notes
- The server configuration checks are performed locally and do not send data to external services.
- The HTML report supports CN/EN toggle and Simple/Detailed mode.
- Active network checks must ONLY be used on systems you own or have explicit authorization to test.
- DO NOT upload tokens, credentials, or reports (output/) to public repositories.
- Reports are written under
output/when using the provided scripts. - If OpenClaw is outdated: after upgrading, some or all functions may be unavailable; assess carefully.
- After the HTML report is generated, print the report path in the chat for the user's reference. Do NOT upload or send the report file unless the user explicitly requests it and provides a secure destination. Reports may contain sensitive information, so always handle them with caution.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制