📦 Agent Compliance & Security Assessment — 智能体安全合规自评
v2.3.3一站式 AI 智能体安全与合规自检框架,14 项检查生成结构化威胁模型与红/琥珀/绿风险报告,帮助开发者快速识别漏洞、满足监管要求。
1· 957·5 当前·5 累计
by 下载技能包
最后更新
2026/3/29
安全扫描
OpenClaw
安全
medium confidenceThe skill is internally consistent with its stated purpose (an instruction-only self-assessment); it requests no installs, credentials, or file access, but it asks the agent to report on its own configuration which could expose sensitive internal context if present in the agent runtime.
评估建议
This skill is coherent and does what it says: a 14-check questionnaire that does not read files or request secrets. Before running it, confirm that your agent's system prompt, tool metadata, and loaded configuration do not contain secrets or sensitive operational details you don't want disclosed — the skill asks the agent to report from that context and could therefore surface such information. If you're unsure, run the assessment in an isolated/test agent, enable a human-in-the-loop to review o...详细分析 ▾
✓ 用途与能力
Name, description, and runtime instructions align: this is a questionnaire-style self-assessment that requires no binaries, credentials, or installs. Nothing declared in the manifest is excessive or unrelated to producing a compliance report.
ℹ 指令范围
SKILL.md explicitly instructs the agent not to read files, access credentials, run commands, or send data externally and to base answers on its existing knowledge (system prompt, tool list, loaded config). That scope matches the claimed behavior, but relying on the agent's existing knowledge can cause disclosure of sensitive internal data (system prompt, tool metadata, or config) if those contain secrets or operational details. The skill itself does not instruct any file I/O or network calls.
✓ 安装机制
Instruction-only; no install spec, no code files to write to disk. This is the lowest-risk install profile.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. The only possible exposure vector is that the agent may reveal information present in its runtime context (system prompt, tool definitions, or loaded configuration), but that is a consequence of asking the agent to self-report rather than the skill demanding secrets.
✓ 持久化与权限
always is false and the skill does not request persistent presence or modifications to agent settings. disable-model-invocation is false (normal); the skill can be invoked autonomously but has no privileged flags or self-enabling behavior.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.3.32026/2/17
Fixed remaining contradictions caught by OpenClaw scanner: removed 'Use file reads and tool introspection' and 'Inspect actual files' from How to Run and Important Notes. Pure questionnaire — zero file-access language.
● 无害
安装命令
点击复制官方npx clawhub@latest install agent-self-assessment
镜像加速npx clawhub@latest install agent-self-assessment --registry https://cn.longxiaskill.com