by 安全扫描
OpenClaw
安全
high confidenceThe skill's code, instructions, and requirements are coherent with a runtime DLP purpose — it uses local bash scripts and hooks to scan outbound data, asks for no unrelated credentials, and does not exhibit hidden exfiltration endpoints.
评估建议
This skill appears to be what it claims: a local, bash-based runtime DLP. Before installing: 1) Note the small metadata inconsistency — SKILL.md defines an installer even though registry metadata said 'no install spec'; review scripts/install.sh before running. 2) Review scripts/domain-allowlist.sh and context-track.sh (not shown) to confirm they don't call external endpoints or phone-home. 3) Check the default allowlist/blocklist and adjust to your environment; ensure sensitive domains are bloc...详细分析 ▾
✓ 用途与能力
Name/description match the delivered artifacts: pattern scanner, hooks, context tracking, allow/block lists, audit logging and an installer. Required binaries (grep, sed, awk, date, head, xargs) are consistent with the pure-bash implementation and are reasonable for a shell-based DLP.
ℹ 指令范围
SKILL.md and hook scripts limit scope to scanning outbound data and filename metadata; hooks explicitly avoid reading file contents. Context tracking is opt-in and requires the agent to call context-track.sh. The SKILL.md instructs agents to run dlp-scan.sh before any external-send tool — this is appropriate but grants the skill broad discretion over what outbound data is considered sensitive (risk thresholds live in the skill).
ℹ 安装机制
There is a local install script (scripts/install.sh) that sets up config/context/log folders and initializes files; it does not download remote code. One inconsistency: registry metadata indicated 'no install spec' while SKILL.md includes an install script entry. The installer performs only local filesystem initialization and permission tightening.
✓ 凭证需求
No environment variables or external credentials are requested. All configuration and state are kept under the skill directory (config/, context/, logs/). Default domain allowlist/blocklist are local files. Requested access is proportional to a DLP skill.
✓ 持久化与权限
always:false (not forced), and model invocation is allowed (platform default). The skill writes files only to its own skill directory (context, logs, config) and creates a short-lived override file when used. No modifications to other skills or global agent configs are present.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install dataguard-dlp
镜像加速npx clawhub@latest install dataguard-dlp --registry https://cn.longxiaskill.com 镜像可用
本土化适配说明
DataGuard DLP — 实用工具 安装说明: 安装命令:["openclaw skills install dataguard-dlp","npx clawhub@latest install dataguard-dlp"]