安全权限工程师 会话配置与数据保护
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: security-session-data Version: 1.1.0 The skill bundle defines a security-focused role for managing session configuration and data isolation within the Weline framework. It explicitly promotes secure coding practices, such as using framework abstractions instead of raw global variables (e.g., $_SESSION) and preventing state leakage across module boundaries. No malicious intent, data exfiltration, or prompt injection risks were identified in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect changes in this area could affect login, logout, protected paths, or separation between frontend and backend sessions.
The skill can guide changes to session and configuration behavior, which can affect authentication and state isolation. The instruction is purpose-aligned and constrained to framework abstractions.
Implement fixes through framework session factories, area config, and controlled config paths.
Use this skill only for intended session/auth configuration work, review proposed changes before applying them, and validate login/logout and protected-path behavior as the skill recommends.
The agent may rely on additional local engineering instructions outside this reviewed file.
The skill references external/shared local guidance that was not included in the provided artifacts. This is not suspicious by itself, but the final behavior may depend on those referenced documents.
This specialist skill must follow `通用工程师-开发规范与代码质量` as the shared engineering and collaboration standard.
Before relying on the skill in a repository, confirm that the referenced shared skill and agent roster are trusted and match your project’s expectations.