enterprise-security-suite
企业级安全套件 - 高危操作确认、自动备份、回滚机制、技能安检
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 147 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (enterprise security: confirmations, backups, rollback, skill vetting) aligns with the code modules present (confirm, backup, rollback, security-check, changelog). However there are mismatches between claimed runtime behavior and the implementation (see instruction_scope). The activate script writes rules to an on-disk memory via docker exec psql (modifying a local Postgres instance), which is plausible for the stated purpose but is a privileged local action that the README glosses over.
Instruction Scope
SKILL.md promises interactive, enforced confirmations before high-risk actions and 'AI will automatically call confirmHighRisk' — but modules/confirm.confirmHighRisk only prints a prompt and immediately returns true (no actual blocking/wait-for-user or verification of confirmation). That is a functional mismatch that effectively disables the claimed confirmation enforcement. Also several API examples in SKILL.md use parameter names like file/targetVersion while implementations expect filePath, increasing the chance of calling the APIs incorrectly. activate.js executes docker exec psql to write 'memories' into a local Postgres container (side-effecting agent memory); this is outside the typical read-only instruction surface and requires elevated local privileges.
Install Mechanism
There is no remote download/install spec (lowest risk). However SKILL.md instructs running 'clawhub install' and then running node activate.js. activate.js will run shell commands (execSync) invoking 'docker exec -i pgmemory psql ...' to write to the memory DB; this writes to disk and executes a command that requires Docker and a running container named 'pgmemory'. No external network downloads are performed by the code, which reduces supply-chain risk, but the activation step is a privileged local operation and should be reviewed before execution.
Credentials
The skill does not declare required environment variables or external credentials, but the code reads process.env.OPENCLAW_WORKSPACE and process.env.HOME and assumes local Docker and a Postgres container named 'pgmemory' accessible via docker exec. activate.js uses a hardcoded DB connection string only for context and then issues docker exec psql commands — this relies on local tooling and container access rather than declared credentials. This is plausible for its purpose but still requires elevated local access and may fail or run with unintended privileges on different hosts.
Persistence & Privilege
The skill modifies agent state: activate.js inserts/updates 'memories' into the local Postgres memory table, which persists security rules into the agent's memory system. This is consistent with the goal of enforcing rules but is a material, persistent change to agent behavior and therefore should only be done after review. The skill is not set to always:true and does not autonomously escalate additional privileges in the code, but the activation step obtains lasting influence over agent decisions.
What to consider before installing
This package implements backups, changelogs, rollback, and a skill-vetting helper and mostly contains local filesystem logic — no external network exfiltration is visible. However:
- The confirmHighRisk implementation only prints a prompt and unconditionally returns true, so the promised blocking user confirmation is not actually enforced; do not rely on it as a safety gate without fixing it.
- activate.js runs docker exec to call psql and will try to write records into a local Postgres container named 'pgmemory'. That is a privileged local operation that will modify your agent's memory/DB; only run it if you understand and trust that action and have an isolated environment or backups.
- Several SKILL.md examples use parameter names that don't match the code (e.g., file vs filePath). Expect runtime errors unless you adapt calls accordingly.
- The package writes changelogs and backups into the agent workspace; verify paths (memory/CHANGELOG.md, backup locations) so nothing sensitive is overwritten.
Recommendations before installing or activating:
- Review and test code in an isolated environment (or container) first.
- Fix/confirm the confirmHighRisk flow so it actually waits for and validates user confirmation.
- Inspect activate.js and either run its SQL commands manually or adjust them to your environment; ensure you understand the docker/psql command it will execute.
- Back up your workspace and memory database before activation.
Because of the mismatches and the activation step's persistent DB writes, treat this skill as suspicious until you validate and/or patch those behaviors.activate.js:55
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
企业级安全套件 (Enterprise Security)
版本: 1.0.0
作者: Cloud
适用: OpenClaw Agent / 企业级 / 个人开发者
🛡️ 功能
1. 高危操作确认
7 类高危操作前自动提示确认:
- ✅ 修改任何 MD 文件
- ✅ 安装/卸载/更新 skill
- ✅ 重启 Gateway
- ✅ 删除文件/目录
- ✅ 创建/修改/删除 cron 任务
- ✅ 修改环境变量/API 密钥
- ✅ 发送外部消息
2. 自动备份
修改文件前自动创建备份:
- 支持 .md/.json/.js/.ts/.py 等文件
- 命名格式:
文件名.YYYYMMDD.NNN.bak - 自动清理过期备份
3. 变更日志
自动记录所有高危操作到 CHANGELOG.md:
- 操作类型
- 修改原因
- 执行者
- 回滚方法
4. 回滚机制
支持从备份文件恢复:
- 一键回滚
- 自动备份回滚前状态
- 记录回滚日志
5. 技能安装安检
安装 skill 前自动检查:
- 来源验证
- 代码审查
- 依赖检查
- 权限评估
- 风险等级判定
🚀 安装
# 1. 安装 Skill
clawhub install enterprise-security
# 2. 激活(写入安全规则到记忆)
node ~/.openclaw/workspace/skills/enterprise-security/activate.js
# 3. 重启 Gateway
openclaw gateway restart
完成! AI 会自动执行安全检查。
🔧 使用
方式 1:AI 自动调用(推荐)
激活后,AI 会自动在执行高危操作前调用:
AI 准备修改文件 → 自动调用 confirmHighRisk → 用户确认 → 执行
方式 2:手动调用
const security = require('./skills/enterprise-security');
// 高危操作确认
await security.confirmHighRisk({
operation: 'modify_file',
file: 'MEMORY.md',
reason: '更新记忆系统'
});
// 自动备份
await security.autoBackup({
filePath: '~/.openclaw/workspace/SOUL.md',
reason: '修改前备份'
});
// 技能安检
const result = await security.checkSkill({
skillName: 'new-skill',
author: 'community-user',
repository: 'github.com/user/new-skill'
});
if (result.risk === 'high') {
throw new Error('高风险技能,拒绝安装');
}
// 回滚
await security.rollback({
file: 'MEMORY.md',
targetVersion: '20260311.001',
reason: '用户要求回滚'
});
📝 配置
编辑 config/rules.json:
{
"high_risk_operations": [
"modify_md_files",
"install_skills",
"restart_gateway",
"delete_files",
"modify_cron",
"modify_env",
"send_external_messages"
],
"auto_backup": {
"enabled": true,
"file_types": [".md", ".json", ".js", ".ts", ".py"],
"max_backups_per_file": 10
},
"changelog": {
"enabled": true,
"path": "memory/CHANGELOG.md"
},
"security_check": {
"enabled": true,
"whitelist": ["github.com/openclaw"]
}
}
📊 API 参考
confirmHighRisk(options)
高危操作确认
await security.confirmHighRisk({
operation: 'modify_file', // 操作类型
file: 'test.md', // 涉及文件(可选)
reason: '更新配置' // 原因(可选)
});
autoBackup(options)
自动备份
await security.autoBackup({
filePath: 'test.md', // 文件路径
reason: '修改前备份' // 原因(可选)
});
checkSkill(options)
技能安装安检
const result = await security.checkSkill({
skillName: 'new-skill',
author: 'user',
repository: 'github.com/user/skill',
permissions: ['read_file'],
dependencies: []
});
console.log(result.risk); // low/medium/high
console.log(result.recommendations);
rollback(options)
回滚操作
await security.rollback({
file: 'test.md', // 文件路径
targetVersion: '20260311.001', // 目标版本
reason: '用户要求回滚' // 原因
});
📝 更新日志
v1.0.0 (2026-03-11)
- ✅ 初始版本
- ✅ 高危操作确认
- ✅ 自动备份
- ✅ 变更日志
- ✅ 回滚机制
- ✅ 技能安装安检
📞 联系方式
- 作者: Cloud
- GitHub: [待填写]
📄 许可证
MIT License
Files
8 totalSelect a file
Select a file to preview.
Comments
Loading comments…