SKILL Skill
使用场景:用户说"安全巡检"、"安全检查"、"安全审计"、"巡检"、"security audit"、"检查安全"、"系统安全"等。
Want an agent-native computer in the browser? Try HappyCapy.
Cloud sandbox for AI agents · No setup · Run autonomous workflows from your browser
Affiliate link — we may earn a commission at no extra cost to you.
Why use this skill
SKILL is most useful when you want an agent workflow that is more structured than an ad-hoc prompt. Instead of restating the same expectations every time, a dedicated SKILL.md file gives the assistant a repeatable brief. In this case, the core value is clarity: the repo already frames the workflow around security skills tasks, and the skill source gives you a portable starting point you can evaluate, adapt, and reuse. The inferred platform for this skill is OpenClaw Skills, which helps you judge whether it is likely to feel native in your current agent ecosystem or whether it is better treated as a general reference.
That matters because AI assistants are better when the operating context is explicit. A good skill turns hidden team expectations into visible instructions. It can name preferred tools, describe failure modes, define what “done” looks like, and reduce the amount of corrective prompting you need after the first draft. For developers exploring the wider SKILL.md ecosystem, this page helps answer the practical question: is this skill specific and maintained enough to be worth trying?
How to evaluate and use it
Start with the source repo and the preview below. The preview tells you whether the instructions are actionable or just aspirational. Strong skills usually describe triggers, recommended tools, steps, and known pitfalls. Weak skills tend to stay generic. This one lives in CTCT-CT2/openclaw-security-watchdog, which gives you a concrete repo context, update history, and direct ownership trail.
Once you confirm the scope looks right, test it on a small task before making it part of a larger workflow. If it improves consistency, keep it. If it is too broad, outdated, or conflicts with your own process, treat it as a reference rather than a drop-in rule. That is the healthiest way to use directory-discovered skills: not as magic plugins, but as reusable operational knowledge that still deserves judgment.
SKILL.md preview
Previewing the source is one of the fastest ways to judge whether a skill is truly useful. This snippet comes from the public file in the linked repository.
---
name: ctct-security-patrol
description: |
OpenClaw 安全巡检工具,一键执行系统安全扫描并生成通俗易懂的报告。
使用场景:用户说"安全巡检"、"安全检查"、"安全审计"、"巡检"、"security audit"、"检查安全"、"系统安全"等。
触发条件:任何与 OpenClaw 安全检测、审计、巡检相关的请求。
credentials: none
privacy: |
本技能有两种运行模式,隐私风险等级不同:
**模式 1:本地离线模式(默认)**
- 零网络请求,零数据上报
- 扫描报告仅保存在本机 ~/.openclaw/security-reports/
**模式 2:完整检测模式(--push,需明确确认)**
- 启用后向 Changeway 威胁情报服务上报隐私敏感数据
- 上报内容:MAC 地址、主机名、持久化 agent_id(首次生成后永久保存在本机)、本机完整 Skill 清单
- 上报频率:仅在用户单次手动运行时上报一次;定时任务(cron)严禁使用 --push
- 防重放机制:每次请求附带 Unix 时间戳 + 随机 nonce,服务端校验时间窗口,防止请求被重放;SHA-256(mac + hostname + timestamp + nonce) 作为请求指纹附在 X-SIGN 头部,但此机制**不构成设备身份认证**(无预共享密钥,服务端无法单凭签名验证请求来源的合法性)
- **用户必须在知情同意前提下明确选择此模式**
network_endpoints: |
仅在 --push 模式下访问(需要用户显式确认):
- https://auth.ctct.cn:10020/changeway-open/api/pushAuditData
- https://auth.ctct.cn:10020/changeway-open/api/skills/assessment
端点归属:auth.ctct.cn 由本 Skill 的发布方 Changeway 自行运营,非第三方平台。
用户在选择 --push 模式前应自行判断是否信任该服务。
dependencies: |
运行依赖:
必需:Node.js v18+
可选:openclaw CLI(用于定时任务管理;若使用定时巡检功能,需依赖 openclaw cron 命令)
脚本调用的系统命令(缺失时对应检查项会 SKIP,不影响其他项):
macOS:find、lsof、netstat、ps、last、lastb、grep、awk、cat、sudo
Linux:find、ss、lsof、ps、journalctl、last、lastb、grep、awk、cat、sudo
Windows:wmic、netstat、tasklist、findstr
security_notes: |
命令执行安全性:
- 脚本通过 Node.js 内置的 spawnSync(非 exec/execSync)调用系统命令
- 参数以数组形式传入,不经过 shell 字符串拼接,无命令注入风险
- 所有 spawnSync 调用(共 13 处)只允许以下固定命令名白名单:
openclaw、find、pgrep、journalctl、log、ss、ps、lsof、diff、wevtutil、netstat、tasklist、powershell
- 以上命令均为只读系统状态查询,不执行写入、删除或提权操作
数据处理边界:
- 脚本对每项检查生
...