📦 AgentDojo — 安全多智能体日训
v0.1.0为 OpenClaw 多智能体团队打造的低 Token、安全优先日训循环。可配置微训练、自动评分并生成紧凑日报,持续提升协作与质量,全程沙箱隔离,零外部风险。
0· 531·2 当前·2 累计
by 下载技能包
最后更新
2026/2/26
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears coherent and well scoped, but take these precautions before enabling it in production: 1) Run a short pilot with the conservative profile and monitor first runs and audit events. 2) Ensure the runtime enforces 'isolatedSessionsOnly' and that the agent's sandbox prevents writes outside the skill workspace (reports/, state/). 3) Verify what implementation of web_fetch/web_search the platform provides and whether those endpoints are trusted or proxied — limit network access if yo...详细分析 ▾
✓ 用途与能力
Name/description (daily upskilling loop) aligns with the provided SKILL.md, config files, drills, scoring rubric, threat model, and templates. Declared capabilities (drill selection, scoring, daily digest, limited web fetch/read tools) are coherent for an upskilling/orchestration skill.
✓ 指令范围
SKILL.md gives a narrow, well-scoped runtime contract: load local config, enforce caps, pick drills, run isolated sessions, score, and persist reports/audit events. It explicitly treats external web content as untrusted and requires source scoring/cross-checks and limits on fetches/writes; there are no instructions to access unrelated system credentials or arbitrary filesystem locations beyond the run/report/state paths listed.
✓ 安装机制
Instruction-only skill with no install spec and no code files — nothing is downloaded or written by an install step. This is the lowest-risk installation profile.
✓ 凭证需求
The skill declares no required environment variables, no primary credential, and no external config paths. The drills allow web_search/web_fetch/read which is appropriate for sourcing external content; the config imposes concrete caps (max fetches, source scoring, cross-check) that make this network access proportional to the stated purpose.
✓ 持久化与权限
always:false and normal autonomous invocation settings. The skill writes run records, reports, and audit events to relative paths under state/report directories (as documented). It does not request system-wide configuration changes or other skills' credentials. Confirm these relative paths are run in a sandboxed workspace to avoid accidental overwrite of unrelated data.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/25
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install agentdojo
镜像加速npx clawhub@latest install agentdojo --registry https://cn.longxiaskill.com