References
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
SKILL.md
text/markdown · 5627 bytes
_meta.json
application/json · 136 bytes
code-security.md
text/markdown · 7842 bytes
dependency-audit.md
text/markdown · 5026 bytes
permissions.md
text/markdown · 1499 bytes
scripts/checkin_reminder.sh
text/plain · 701 bytes
scripts/monthly_payment_summary.sh
text/plain · 3678 bytes
scripts/security_audit.py
text/plain · 48742 bytes
scripts/send_report_to_feishu.py
text/plain · 13630 bytes
scripts/weekly_ugc_reminder.sh
text/plain · 729 bytes
secrets-detection.md
text/markdown · 4681 bytes
Security Scan
Status
suspicious
OpenClaw
gpt-5-mini
OpenClaw analysis
技能总体功能(本地安全审计并生成/发送报告)与其代码匹配,但存在元数据不一致、未声明的外部发送点(硬编码 webhook / 可配置的 webhook/plugin)以及对环境变量和本地配置的未声明依赖,建议在信任前人工审查发送端点和配置文件。
Confidence: medium
VirusTotal
Type: OpenClaw Skill Name: references Version: 1.0.0 The bundle provides a comprehensive security audit tool that accesses highly sensitive data, including SSH keys, AWS credentials, and environment variables. While its stated purpose is auditing, the 'send_report_to_feishu.py' script facilitates the exfiltration of these findings to an external webhook, and 'security_audit.py' specifically includes partial secret values (first 50 characters) in its report for shell configuration leaks. Additionally, the bundle contains unrelated scripts like 'weekly_ugc_reminder.sh' which features a hardcoded WeChat webhook (5cf9f411-d581-41ab-a899-304a418bb176), and 'monthly_payment_summary.sh' which scans for financial documents, both of which are atypical for a security audit package.