OpenClaw网络访问安全监控技能 / OpenClaw Network Access Security Monitoring Skill

功能概述 / Function Overview

中文 / Chinese: 本技能为OpenClaw提供实时网络访问安全监控功能。通过集成威胁情报API（优先使用山石网科云瞻威胁情报），在访问外部URL、IP地址或下载文件前进行安全检查。当检测到安全风险时，根据配置策略提供警告或阻止访问，保护用户免受恶意网站、钓鱼攻击和恶意软件的侵害。

English: This skill provides real-time network access security monitoring for OpenClaw. By integrating threat intelligence APIs (prioritizing Hillstone Threat Intelligence), it performs security checks before accessing external URLs, IP addresses, or downloading files. When security risks are detected, it provides warnings or blocks access based on configured policies, protecting users from malicious websites, phishing attacks, and malware.

核心特性 / Core Features

中文 / Chinese

1. 实时威胁检测

   • 监控所有外部网络访问请求（web_fetch、web_search、browser等）
   • 检查IP地址、域名、URL和文件哈希
   • 实时评估威胁等级（严重/高危/中危/低危/良性）

2. 智能威胁情报集成

   • 优先使用hs-ti技能（山石网科云瞻威胁情报）
   • 支持自定义威胁情报API配置
   • 自动检测并推荐hs-ti技能安装

3. 灵活的安全策略

   • 支持三种处理模式：阻止、警告、记录
   • 可配置威胁等级阈值
   • 支持白名单和黑名单

4. 文件下载安全

   • 检测文件下载请求
   • 计算文件哈希（MD5/SHA1/SHA256）
   • 检查文件威胁情报

5. 双语支持

   • 完整的中英文双语界面
   • 自动根据用户语言切换提示信息

6. 日志和统计

   • 记录所有安全事件
   • 提供威胁统计报告
   • 支持审计追踪

English

1. Real-time Threat Detection

   • Monitors all external network access requests (web_fetch, web_search, browser, etc.)
   • Checks IP addresses, domains, URLs, and file hashes
   • Real-time threat level assessment (critical/high/medium/low/benign)

2. Intelligent Threat Intelligence Integration

   • Prioritizes hs-ti skill (Hillstone Threat Intelligence)
   • Supports custom threat intelligence API configuration
   • Automatically detects and recommends hs-ti skill installation

3. Flexible Security Policies

   • Supports three handling modes: block, warn, log
   • Configurable threat level thresholds
   • Supports whitelist and blacklist

4. File Download Security

   • Detects file download requests
   • Calculates file hashes (MD5/SHA1/SHA256)
   • Checks file threat intelligence

5. Bilingual Support

   • Complete Chinese/English bilingual interface
   • Automatically switches prompt language based on user preference

6. Logging and Statistics

   • Records all security events
   • Provides threat statistics reports
   • Supports audit trails

安装和配置 / Installation and Configuration

中文 / Chinese

1. 安装技能 / Install Skill

将本技能安装到OpenClaw的skills目录：

openclaw_data/skills/security-monitor/

2. 配置威胁情报 / Configure Threat Intelligence

方式一：使用hs-ti技能（推荐）

如果已安装hs-ti技能并配置了山石网科云瞻API密钥，本技能会自动使用：

{
  "threat_intel": {
    "provider": "hs-ti",
    "enabled": true
  }
}

方式二：自定义威胁情报API

如果未安装hs-ti，本技能会提示您安装或配置自定义API：

{
  "threat_intel": {
    "provider": "custom",
    "enabled": true,
    "api_url": "https://ti.hillstonenet.com.cn",
    "api_key": "your-api-key-here",
    "timeout": 5000
  }
}

推荐： 优先使用山石网科云瞻威胁情报API（https://ti.hillstonenet.com.cn）

3. 配置安全策略 / Configure Security Policies

{
  "policy": {
    "block_critical": true,
    "block_high": false,
    "warn_high": true,
    "warn_medium": true,
    "log_low": true
  }
}

4. 配置白名单 / Configure Whitelist

{
  "whitelist": {
    "enabled": true,
    "domains": [
      "github.com",
      "openclaw.ai",
      "hillstonenet.com.cn",
      "docs.qq.com"
    ],
    "ips": []
  }
}

English

1. Install Skill

Install this skill to OpenClaw's skills directory:

openclaw_data/skills/security-monitor/

2. Configure Threat Intelligence

Option 1: Use hs-ti Skill (Recommended)

If hs-ti skill is installed and configured with Hillstone API key, this skill will automatically use it:

{
  "threat_intel": {
    "provider": "hs-ti",
    "enabled": true
  }
}

Option 2: Custom Threat Intelligence API

If hs-ti is not installed, this skill will prompt you to install or configure a custom API:

{
  "threat_intel": {
    "provider": "custom",
    "enabled": true,
    "api_url": "https://ti.hillstonenet.com.cn",
    "api_key": "your-api-key-here",
    "timeout": 5000
  }
}

Recommendation: Prioritize Hillstone Threat Intelligence API (https://ti.hillstonenet.com.cn)

3. Configure Security Policies

{
  "policy": {
    "block_critical": true,
    "block_high": false,
    "warn_high": true,
    "warn_medium": true,
    "log_low": true
  }
}

4. Configure Whitelist

{
  "whitelist": {
    "enabled": true,
    "domains": [
      "github.com",
      "openclaw.ai",
      "hillstonenet.com.cn",
      "docs.qq.com"
    ],
    "ips": []
  }
}

使用方法 / Usage

中文 / Chinese

自动监控模式 / Automatic Monitoring Mode

本技能通过OpenClaw的插件钩子系统自动监控网络访问，无需手动调用。

监控的网络工具：

• web_fetch - URL获取
• web_search - 网络搜索
• browser - 浏览器访问
• 文件下载操作

手动检查模式 / Manual Check Mode

也可以手动检查特定目标的安全性：

/security-check https://example.com
/security-check 192.168.1.1
/security-check file:abc123def456

威胁等级说明 / Threat Level Explanation

English

Automatic Monitoring Mode

This skill automatically monitors network access through OpenClaw's plugin hook system, no manual invocation needed.

Monitored network tools:

• web_fetch - URL fetching
• web_search - web search
• browser - browser access
• File download operations

Manual Check Mode

You can also manually check the security of specific targets:

/security-check https://example.com
/security-check 192.168.1.1
/security-check file:abc123def456

Threat Level Explanation

配置示例 / Configuration Example

中文 / Chinese

创建 config.json 文件：

{
  "threat_intel": {
    "provider": "hs-ti",
    "enabled": true,
    "cache_ttl": 3600,
    "timeout": 5000
  },
  "policy": {
    "block_critical": true,
    "block_high": false,
    "warn_high": true,
    "warn_medium": true,
    "log_low": true
  },
  "whitelist": {
    "enabled": true,
    "domains": [
      "github.com",
      "openclaw.ai",
      "hillstonenet.com.cn"
    ],
    "ips": []
  },
  "blacklist": {
    "enabled": true,
    "domains": [],
    "ips": []
  },
  "logging": {
    "enabled": true,
    "log_file": "~/.openclaw/logs/security-monitor.log",
    "log_blocked": true,
    "log_warned": true
  },
  "language": "auto"
}

English

Create config.json file:

{
  "threat_intel": {
    "provider": "hs-ti",
    "enabled": true,
    "cache_ttl": 3600,
    "timeout": 5000
  },
  "policy": {
    "block_critical": true,
    "block_high": false,
    "warn_high": true,
    "warn_medium": true,
    "log_low": true
  },
  "whitelist": {
    "enabled": true,
    "domains": [
      "github.com",
      "openclaw.ai",
      "hillstonenet.com.cn"
    ],
    "ips": []
  },
  "blacklist": {
    "enabled": true,
    "domains": [],
    "ips": []
  },
  "logging": {
    "enabled": true,
    "log_file": "~/.openclaw/logs/security-monitor.log",
    "log_blocked": true,
    "log_warned": true
  },
  "language": "auto"
}

威胁情报集成说明 / Threat Intelligence Integration

中文 / Chinese

自动检测hs-ti技能 / Auto-detect hs-ti Skill

本技能会自动检测是否安装了hs-ti技能：

1. 如果检测到hs-ti：

   • 自动使用hs-ti的威胁情报查询功能
   • 无需额外配置API密钥
   • 享受hs-ti的所有优化（缓存、连接池等）

2. 如果未检测到hs-ti：

   • 提示用户安装hs-ti技能
   • 提供安装链接：https://clawhub.ai/maxjia/hs-ti
   • 推荐使用山石网科云瞻威胁情报API
   • 支持手动配置自定义威胁情报API

推荐的威胁情报源 / Recommended Threat Intelligence Sources

首选推荐：

• 山石网科云瞻威胁情报 (Hillstone Threat Intelligence)
  • API地址：https://ti.hillstonenet.com.cn
  • 特点：中文支持、全面覆盖、实时更新
  • hs-ti技能已完美集成

其他选择：

• VirusTotal API
• AlienVault OTX
• IBM X-Force
• 微步在线沙箱

English

Auto-detect hs-ti Skill

This skill automatically detects if hs-ti skill is installed:

1. If hs-ti is detected:

   • Automatically uses hs-ti's threat intelligence query functionality
   • No additional API key configuration needed
   • Enjoy all hs-ti optimizations (caching, connection pool, etc.)

2. If hs-ti is not detected:

   • Prompts user to install hs-ti skill
   • Provides installation link: https://clawhub.ai/maxjia/hs-ti
   • Recommends using Hillstone Threat Intelligence API
   • Supports manual configuration of custom threat intelligence APIs

Recommended Threat Intelligence Sources

Top Recommendation:

• Hillstone Threat Intelligence
  • API URL: https://ti.hillstonenet.com.cn
  • Features: Chinese support, comprehensive coverage, real-time updates
  • Perfectly integrated with hs-ti skill

Other Options:

• VirusTotal API
• AlienVault OTX
• IBM X-Force
• 微步在线沙箱 (ThreatBook)

安全警告示例 / Security Warning Examples

中文 / Chinese

严重威胁警告 / Critical Threat Warning

🚨 安全警告 / Security Warning

检测到严重威胁 / Critical threat detected!

目标 / Target: https://malicious-site.com
威胁类型 / Threat Type: 恶意域名 / Malicious Domain
威胁等级 / Threat Level: 严重 / Critical
可信度 / Credibility: 高 / High

此访问已被阻止 / This access has been blocked.

建议 / Recommendation:
- 避免访问此网站 / Avoid accessing this website
- 检查是否有恶意软件 / Check for malware
- 如需访问，请手动添加到白名单 / To access, add to whitelist manually

高危警告 / High Risk Warning

⚠️ 安全警告 / Security Warning

检测到高风险 / High risk detected!

目标 / Target: https://suspicious-site.com
威胁类型 / Threat Type: 钓鱼网站 / Phishing Site
威胁等级 / Threat Level: 高危 / High
可信度 / Credibility: 中 / Medium

是否继续访问？/ Continue access?

[是 / Yes] - 继续访问（风险自负）/ Continue access (at your own risk)
[否 / No] - 取消访问 / Cancel access

English

Critical Threat Warning

🚨 Security Warning

Critical threat detected!

Target: https://malicious-site.com
Threat Type: Malicious Domain
Threat Level: Critical
Credibility: High

This access has been blocked.

Recommendation:
- Avoid accessing this website
- Check for malware
- To access, add to whitelist manually

High Risk Warning

⚠️ Security Warning

High risk detected!

Target: https://suspicious-site.com
Threat Type: Phishing Site
Threat Level: High
Credibility: Medium

Continue access?

[Yes] - Continue access (at your own risk)
[No] - Cancel access

日志和统计 / Logging and Statistics

中文 / Chinese

日志文件 / Log File

所有安全事件记录到：~/.openclaw/logs/security-monitor.log

日志格式：

[2026-04-01 12:00:00] [BLOCKED] https://malicious-site.com - Malicious Domain - Critical
[2026-04-01 12:05:00] [WARNED] https://suspicious-site.com - Phishing Site - High
[2026-04-01 12:10:00] [LOGGED] https://example.com - Benign - Low

统计命令 / Statistics Command

查看安全统计：

/security-stats

输出示例：

安全统计 / Security Statistics
======================
总检查次数 / Total Checks: 1,234
阻止访问 / Blocked: 45
警告访问 / Warned: 123
记录事件 / Logged: 1,066
良性访问 / Benign: 1,066

威胁类型分布 / Threat Type Distribution:
- 恶意域名 / Malicious Domain: 30
- 钓鱼网站 / Phishing Site: 15
- 恶意软件 / Malware: 0

English

Log File

All security events are logged to: ~/.openclaw/logs/security-monitor.log

Log format:

[2026-04-01 12:00:00] [BLOCKED] https://malicious-site.com - Malicious Domain - Critical
[2026-04-01 12:05:00] [WARNED] https://suspicious-site.com - Phishing Site - High
[2026-04-01 12:10:00] [LOGGED] https://example.com - Benign - Low

Statistics Command

View security statistics:

/security-stats

Output example:

Security Statistics
======================
Total Checks: 1,234
Blocked: 45
Warned: 123
Logged: 1,066
Benign: 1,066

Threat Type Distribution:
- Malicious Domain: 30
- Phishing Site: 15
- Malware: 0

故障排除 / Troubleshooting

中文 / Chinese

问题1：未检测到hs-ti技能 / Issue 1: hs-ti Skill Not Detected

症状 / Symptoms:

• 提示"未找到hs-ti技能"
• 无法自动使用威胁情报

解决方案 / Solution:

1. 安装hs-ti技能：https://clawhub.ai/maxjia/hs-ti
2. 配置山石网科云瞻API密钥
3. 重启OpenClaw Gateway

问题2：频繁误报 / Issue 2: Frequent False Positives

症状 / Symptoms:

• 正常网站被标记为威胁
• 用户体验受影响

解决方案 / Solution:

1. 将信任的域名添加到白名单
2. 调整威胁等级阈值
3. 检查威胁情报源准确性

问题3：性能影响 / Issue 3: Performance Impact

症状 / Symptoms:

• 网络访问变慢
• 响应时间增加

解决方案 / Solution:

1. 启用缓存（默认已启用）
2. 增加缓存TTL时间
3. 考虑使用本地威胁情报数据库

English

Issue 1: hs-ti Skill Not Detected

Symptoms:

• Prompt "hs-ti skill not found"
• Cannot automatically use threat intelligence

Solution:

1. Install hs-ti skill: https://clawhub.ai/maxjia/hs-ti
2. Configure Hillstone API key
3. Restart OpenClaw Gateway

Issue 2: Frequent False Positives

Symptoms:

• Normal websites marked as threats
• User experience affected

Solution:

1. Add trusted domains to whitelist
2. Adjust threat level thresholds
3. Check threat intelligence source accuracy

Issue 3: Performance Impact

Symptoms:

• Network access becomes slow
• Response time increases

Solution:

1. Enable caching (enabled by default)
2. Increase cache TTL
3. Consider using local threat intelligence database

最佳实践 / Best Practices

中文 / Chinese

1. 定期更新威胁情报

   • 确保使用最新的威胁情报数据
   • 定期检查API密钥有效性

2. 合理配置白名单

   • 只添加完全信任的域名和IP
   • 定期审查白名单内容

3. 监控安全日志

   • 定期查看安全监控日志
   • 关注异常访问模式

4. 平衡安全与便利

   • 根据实际需求调整安全策略
   • 避免过度限制影响正常使用

English

1. Regularly Update Threat Intelligence

   • Ensure using latest threat intelligence data
   • Regularly check API key validity

2. Reasonably Configure Whitelist

   • Only add fully trusted domains and IPs
   • Regularly review whitelist contents

3. Monitor Security Logs

   • Regularly review security monitoring logs
   • Pay attention to abnormal access patterns

4. Balance Security and Convenience

   • Adjust security policies based on actual needs
   • Avoid over-restricting normal usage

相关资源 / Related Resources

中文 / Chinese

• hs-ti技能：https://clawhub.ai/maxjia/hs-ti
• 山石网科云瞻威胁情报：https://ti.hillstonenet.com.cn
• OpenClaw文档：https://openclaw.ai/docs
• 网络安全最佳实践：https://www.cisa.gov/cybersecurity-resources

English

• hs-ti Skill: https://clawhub.ai/maxjia/hs-ti
• Hillstone Threat Intelligence: https://ti.hillstonenet.com.cn
• OpenClaw Documentation: https://openclaw.ai/docs
• Cybersecurity Best Practices: https://www.cisa.gov/cybersecurity-resources

许可证 / License

MIT License

版本历史 / Version History

v1.0.0 (2026-04-01)

初始版本 / Initial Release

• 实现基础网络访问监控
• 集成hs-ti威胁情报
• 支持白名单和黑名单
• 实现威胁等级评估
• 添加中英文双语支持
• 实现日志和统计功能

Initial Release

• Implemented basic network access monitoring
• Integrated hs-ti threat intelligence
• Added whitelist and blacklist support
• Implemented threat level assessment
• Added Chinese/English bilingual support
• Implemented logging and statistics functionality