首页 / 技能 / Agentic Security Audit — 智能安全审计

🔒 Agentic Security Audit — 智能安全审计

v1.0.0

该技能进行代码库、基础设施和智能AI系统的安全审计,涵盖传统安全(依赖项、秘密、OWASP Web Top 10、SSL/TLS)及智能安全(提示注入扫描、身份伪造检测、内存中毒检查、多智能体通信审计、OWASP智能Top 10)。

1· 1.5k·0 当前·0 累计
by @kingrubic·MIT-0
安全智能体AI模型访问代码生成浏览器自动化
下载技能包
License
MIT-0
最后更新
2026/2/25
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
该技能的命令和所需工具与安全审计目的匹配,但元数据不匹配和关于'智能'AI审计的声明未完全由提供的指令支持 — 在信任敏感项目前请审查。
评估建议
此指令仅技能似乎包含有效的、有用的审计命令用于仓库和基础设施。安装或使用前:(1)验证发布者/所有者 — 注册元数据和嵌入的_meta.json不一致,可能指示重包或复制;(2)阅读整个SKILL.md确认智能-AI审计步骤存在且合理(摘录专注于传统检查);(3)在隔离环境或仓库副本上运行扫描,因为git历史扫描和grep秘密检测将读取并可能显示秘密;(4)不要提供凭据给技能 — 它不需要它们;(5)如果计划允许自主调用,限制代理的文件系统范围并审查日志,因为技能的命令将访问文件内容和git历史。如果需要对智能审计能力有强大的保证,请向发布者询问关于提示注入、身份伪造和内存中毒检查的具体、可复制步骤以及一致的包/所有者身份。...
详细分析 ▾
用途与能力
所请求的二进制文件(npm、pip、git、openssl、curl)和包含的审计命令适合一般的代码/基础设施安全审计。然而,技能的元数据(_meta.json)拥有与注册元数据不同的所有者ID和缩写,同时SKILL.md反复声称覆盖'智能'AI系统(提示注入、内存中毒、多智能体审计),而可见指令主要显示传统代码库检查。这些差异是意外的,值得与发布者验证。
指令范围
SKILL.md提供了具体的审计命令(npm audit、pip-audit、trivy、grep模式、git历史扫描、预提交钩子、.gitignore检查),这些命令在安全审计的声明范围内。这些指令将读取仓库文件和git历史(git log -p --all),这对于秘密发现是预期的,但也可能暴露敏感秘密 — 这对于审计是正常的,但需要注意。该文档声称智能体专用审计,但在提供的摘录中为这些智能体检查提供了很少或没有具体、范围内的步骤,使得这一部分不明确。
安装机制
仅指令的技能,无安装规格和代码文件 — 安装风险最低。它预期使用现有的系统工具;技能本身没有下载或写入任何内容。
凭证需求
不需要环境变量或凭据。对于声明的审计任务,请求的秘密的缺失是合理的。注意:许多grep模式和git历史命令在代码中查找秘密;这对于此目的是合适的,但用户应避免在他们不控制的系统上运行这些扫描。
持久化与权限
始终为false且无安装;技能不请求持久存在或提升的平台权限。默认允许自主调用,但这里不与其他高风险标志结合。
安装前注意事项
  1. 验证发布者/所有者 — 注册元数据和嵌入的_meta.json不一致,可能指示重包或复制;
  2. 阅读整个SKILL.md确认智能-AI审计步骤存在且合理(摘录专注于传统检查);
  3. 在隔离环境或仓库副本上运行扫描,因为git历史扫描和grep秘密检测将读取并可能显示秘密;
  4. 不要提供凭据给技能 — 它不需要它们;
  5. 如果计划允许自主调用,限制代理的文件系统范围并审查日志,因为技能的命令将访问文件内容和git历史。如果需要对智能审计能力有强大的保证,请向发布者询问关于提示注入、身份伪造和内存中毒检查的具体、可复制步骤以及一致的包/所有者身份。
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

🖥️ OSLinux · macOS · Windows

版本

latestv1.0.02026/2/25
无害

安装命令

点击复制
官方npx clawhub@latest install agentic-security-audit
镜像加速npx clawhub@latest install agentic-security-audit --registry https://cn.longxiaskill.com

技能文档

---
name: security-audit
description: Audit codebases, infrastructure, AND agentic AI systems for security issues. Covers traditional security (dependencies, secrets, OWASP web top 10, SSL/TLS, file permissions) PLUS agentic security (prompt injection scanning, identity spoofing detection, memory poisoning checks, multi-agent communication audit, OWASP Agentic Top 10). Use when scanning for vulnerabilities, detecting hardcoded secrets, reviewing agent workspace configuration, checking prompt injection vectors, or auditing agent permissions and boundaries.
metadata: {"clawdbot":{"emoji":"🔒","requires":{"anyBins":["npm","pip","git","openssl","curl"]},"os":["linux","darwin","win32"]}}

# Security Audit

扫描、检测并修复代码库和基础设施中的安全问题。涵盖依赖项漏洞检测、敏感信息检测、OWASP 十大、SSL/TLS 验证、文件权限检查和安全编码模式。

适用场景

  • 扫描项目依赖项以发现已知漏洞
  • 检测源代码中硬编码的 API 密钥或凭证
  • 审查代码中的 OWASP 十大漏洞(注入、XSS、CSRF 等)
  • 验证端点的 SSL/TLS 配置
  • 审计文件和目录权限
  • 检查身份验证和授权模式
  • 准备安全审查或合规审计

Full Project Security Audit Script

#!/bin/bash
# security-audit.sh - Run a comprehensive security check on a project
set -euo pipefail
PROJECT_DIR="${1:-.}"
cd "$PROJECT_DIR"
echo "========================================="
echo "Security Audit: $(basename "$(pwd)")"
echo "Date: $(date -u '+%Y-%m-%dT%H:%M:%SZ')"
echo "========================================="
echo ""
ISSUES=0
warn() { echo " [!] $1"; ((ISSUES++)); }
ok() { echo " [OK] $1"; }
section() { echo ""; echo "--- $1 ---"; }
# 1. Secrets detection
section "Secret Detection"
for pattern in 'AKIA[0-9A-Z]\{16\}' 'BEGIN.PRIVATE KEY' 'sk-[A-Za-z0-9]\{20,\}' \
'ghp_[A-Za-z0-9]\{36\}' 'xox[bpoas]-'; do
  count=$(grep -rn "$pattern" --include='.{js,ts,py,go,java,rb,env,yml,yaml,json,xml}' . 2>/dev/null | \
  grep -v 'node_modules\|\.git\|vendor\|__pycache__' | wc -l)
  if [ "$count" -gt 0 ]; then
    warn "Found $count matches for pattern: $pattern"
  fi
done
grep -rn -i 'password\s[:=]\s["'"'"'][^"'"'"']["'"'"']' \
--include='.{js,ts,py,go,yml,yaml,json,env}' . 2>/dev/null | \
grep -v 'node_modules\|\.git\|example\|test\|mock\|placeholder\|changeme\|xxxx' | \
while read -r line; do
  warn "Hardcoded password: $line"
done
# 2. Dependency audit
section "Dependency Vulnerabilities"
if [ -f package-lock.json ] || [ -f package.json ]; then
  npm audit --audit-level=high 2>/dev/null && ok "npm: no high/critical vulns" || warn "npm audit found issues"
fi
if [ -f requirements.txt ]; then
  pip-audit -r requirements.txt 2>/dev/null && ok "pip: no known vulns" || warn "pip-audit found issues"
fi
if [ -f go.sum ]; then
  govulncheck ./... 2>/dev/null && ok "Go: no known vulns" || warn "govulncheck found issues"
fi
# 3. Gitignore check
section ".gitignore Coverage"
if [ ! -f .gitignore ]; then
  warn "No .gitignore file"
else
  for entry in '.env' 'node_modules' '.key' '.pem' '.DS_Store'; do
    grep -q "$entry" .gitignore 2>/dev/null && ok ".gitignore has $entry" || warn ".gitignore missing: $entry"
  done
fi
# 4. SSL verification disabled
section "SSL Verification"
disabled=$(grep -rn "verify\s=\sFalse\|rejectUnauthorized.false\|InsecureSkipVerify.true" \
--include='.{py,js,ts,go,java,rb}' . 2>/dev/null | \
grep -v 'node_modules\|\.git\|test\|spec\|mock' | wc -l)
[ "$disabled" -gt 0 ] && warn "SSL verification disabled in $disabled location(s)" || ok "No SSL bypasses found"
# 5. CORS wildcard
section "CORS Configuration"
cors=$(grep -rn "Access-Control-Allow-Origin.\\|cors({.origin.true" \
--include='.{py,js,ts,go,java,rb}' . 2>/dev/null | \
grep -v 'node_modules\|\.git' | wc -l)
[ "$cors" -gt 0 ] && warn "CORS wildcard found in $cors location(s)" || ok "No CORS wildcard"
# 6. Debug mode
section "Debug/Development Settings"
debug=$(grep -rn "DEBUG\s=\sTrue\|debug:\strue" \
--include='.{py,yml,yaml,json}' . 2>/dev/null | \
grep -v 'node_modules\|\.git\|test\|jest\|vitest' | wc -l)
[ "$debug" -gt 0 ] && warn "Debug mode enabled in $debug location(s)" || ok "No debug flags found"
echo ""
echo "========================================="
echo "Audit complete. Issues found: $ISSUES"
echo "========================================="
[ "$ISSUES" -eq 0 ] && exit 0 || exit 1

3. Identity & Authorization Audit

# Check if agent verifies owner identity beyond display name
echo "--- Identity Verification ---"
# OpenClaw: check if authorized senders are configured
grep -n 'authorizedSenders\|authorized_senders\|allowlist' \
~/.config/openclaw/config.yaml ~/.openclaw/config. 2>/dev/null
# Check if agent trusts display names (vulnerable to spoofing)
grep -rn -i 'display.name\|username\|sender.name' \
AGENTS.md SOUL.md TOOLS.md 2>/dev/null | \
grep -iv 'user.id\|sender.id\|verified'
# Check for cross-channel trust assumptions
echo "--- Cross-Channel Trust ---"
grep -rn -i 'if.channel\|trust.channel\|verify.channel' \
AGENTS.md SOOL.md 2>/dev/null

4. Memory Poisoning Check

# Check memory files for suspicious patterns
echo "--- Memory Integrity ---"
# External URLs stored as "governing documents" (Case #10: Agent Corruption)
echo "URLs in memory that agent may follow as instructions:"
grep -rn 'https\?://\|gist\.github\|pastebin\|hastebin' \
MEMORY.md memory/.md HEARTBEAT.md 2>/dev/null
# Check if memory files were recently modified by non-owner actions
echo "Recent memory file changes:"
find memory/ MEMORY.md SOUL.md AGENTS.md -newer IDENTITY.md -type f 2>/dev/null | \
while read f; do
  echo " $(stat -f '%Sm %N' "$f" 2>/dev/null || stat -c '%y %n' "$f")"
done
# Check for instructions in memory that override safety rules
grep -rn -i 'override\|bypass\|ignore.rule\|disable.safety\|skip.check' \
MEMORY.md memory/.md HEARTBEAT.md 2>/dev/null
# Check git blame for who modified critical files
echo "--- SOUL.md modification history ---"
git log --oneline -10 -- SOUL.md 2>/dev/null || echo " (not in git)"
echo "--- AGENTS.md modification history ---"
git log --oneline -10 -- AGENTS.md 2>/dev/null || echo " (not in git)"

# --- ASI03: Identity & Privilege ---
section "ASI03: Identity Verification"
if grep -q 'authorizedSenders\|Authorized Senders\|Telegram.ID' AGENTS.md 2>/dev/null; then
    ok "Authorized sender verification configured"
else
    critical "No authorized sender verification found — vulnerable to non-owner compliance"
fi
# Anti-spoofing rules
if grep -qi 'display.name.identity\|verify.identity\|spoofing\|user.ID.verify' AGENTS.md 2>/dev/null; then
    ok "Identity spoofing awareness in config"
else
    warn "No anti-spoofing rules — vulnerable to Case #8 Identity Hijack"
fi
# --- ASI04: Memory Poisoning ---
section "ASI04: Memory Integrity"
ext_urls=$(grep -rn 'https\?://.gist\|https\?://.pastebin\|https\?://.hastebin' \
 MEMORY.md memory/.md HEARTBEAT.md 2>/dev/null | wc -l | tr -d ' ')
[ "$ext_urls" -gt 0 ] && warn "Found $ext_urls external URLs in memory files (Case #10 risk: external governing documents)" || ok "No suspicious external URLs in memory"
override_count=$(grep -rin 'override\|bypass.safety\|disable.check\|ignore.rule' \
 MEMORY.md memory/.md HEARTBEAT.md 2>/dev/null | wc -l | tr -d ' ')
[ "$override_count" -gt 0 ] && critical "Found $override_count override/bypass instructions in memory" || ok "No override patterns in memory"
# --- ASI05: Supply Chain ---
section "ASI05: Supply Chain (Skills/Plugins)"
if [ -d skills ] || [ -d .openclaw/skills ]; then
    skill_count=$(find skills .openclaw/skills -name 'SKILL.md' 2>/dev/null | wc -l | tr -d ' ')
    echo " Found $skill_count installed skills"
    
    # Check for skills with shell access
    grep -rn 'exec\|shell\|subprocess\|child_process' skills//SKILL.md .openclaw/skills//SKILL.md 2>/dev/null && \
    warn "Skills with shell execution capabilities found" || ok "No shell-executing skills"
fi
# --- ASI07: Data Leakage ---
section "ASI07: Sensitive Data Exposure"
# Secrets in agent files
secret_count=$(grep -rin 'api.key\s[:=]\|password\s[:=]\|token\s[:=]\|bearer\s' \
 SOUL.md MEMORY.md TOOLS.md USER.md memory/.md 2>/dev/null | \
 grep -v 'example\|placeholder\|REDACTED\|xxx\|changeme\|SKILL.md' | wc -l | tr -d ' ')
[ "$secret_count" -gt 0 ] && critical "Found $secret_count potential secrets in agent files" || ok "No exposed secrets"
# PII patterns
pii_count=0
ssn=$(grep -rPc '\b\d{3}-\d{2}-\d{4}\b' MEMORY.md memory/.md USER.md 2>/dev/null | awk -F: '{s+=$2}END{print s+0}')
pii_count=$((pii_count + ssn))
cc=$(grep -rPc '\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b' MEMORY.md memory/.md 2>/dev/null | awk -F: '{s+=$2}END{print s+0}')
pii_count=$((pii_count + cc))
[ "$pii_count" -gt 0 ] && warn "Found $pii_count PII patterns (SSN/credit card) in agent files" || ok "No PII patterns"
# --- ASI06: Boundary Rules ---
section "ASI06: Agent Boundary Rules"
if grep -qi 'non-owner\|non.owner.refuse\|only.owner\|forum.only.discuss\|chỉ.thảo luận' AGENTS.md 2>/dev/null; then
    ok "Non-owner boundary rules configured"
else
    warn "No non-owner boundary rules — vulnerable to Case #2 non-owner compliance"
fi
if grep -qi 'nhượng bộ\|concession.limit\|escalat.stop\|gaslighting\|pressure.limit' AGENTS.md 2>/dev/null; then
    ok "Anti-gaslighting/escalation rules present"
else
    warn "No anti-gaslighting rules — vulnerable to Case #7"
fi
# --- ASI10: Multi-Agent Communication ---
section "ASI10: Multi-Agent Communication"
agent_channels=$(grep -rin 'discord\|forum\|moltbook\|clawstr\|webhook' \
 TOOLS.md MEMORY.md HEARTBEAT.md 2>/dev/null | wc -l | tr -d ' ')
echo " Agent communicates via $agent_channels external channel references"
[ "$agent_channels" -gt 5 ] && warn "Many external channels — larger attack surface" || ok "Moderate channel exposure"
# --- Summary ---
echo ""
echo "========================================="
echo "Audit complete"
echo " 🔴 Critical issues: $ISSUES"
echo " ⚠️ Warnings: $WARNINGS"
echo "========================================="
if [ "$ISSUES" -gt 0 ]; then
    echo ""
    echo "Recommended actions:"
    echo " 1. Fix all critical issues before exposing agent to external interactions"
    echo " 2. Review AGENTS.md for Anti-Chaos Defense Rules"
    echo " 3. Reference: Agents of Chaos (arXiv:2602.20021)"
    echo " 4. Reference: OWASP Top 10 for Agentic Applications 2026"
    exit 1
fi
exit 0

参考文献

数据来源ClawHub ↗ · 中文优化:龙虾技能库