S

安全审计

(Security Audit)

arc-security-audit

🌐 English

对代理的完整技能堆栈进行全面的安全审核。将扫描器、差异器、信任验证器和健康监控器链接到具有先验的单个评估中...

数据来源：ClawHub。在 ClawSkills 查看

1.9k下载量

0收藏数

15浏览量

安装

选择你使用的 Agent

方法一：命令行安装（推荐）

关于安全审计

--- name: security-audit description: Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with prioritized findings and trust attestations. user-invocable: true metadata: {"openclaw": {"emoji": "🛡️", "os": ["darwin", "linux"], "requires": {"bins": ["python3"]}}} ---

Security Audit

One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.

Why This Exists

Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.

Commands

Audit all installed skills

python3 {baseDir}/scripts/audit.py full

Audit a specific skill

python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/

Generate audit report as JSON

python3 {baseDir}/scripts/audit.py full --json --output report.json

Audit with trust attestations

python3 {baseDir}/scripts/audit.py full --attest

What It Does

Scans every installed skill with arc-skill-scanner patterns
Assesses trust for each skill (provenance, code cleanliness, binary presence)
Checks binary integrity with SHA-256 checksums
Generates a prioritized report sorted by risk level
Optionally creates trust attestations for skills that pass all checks

Output

The audit report includes:

Summary: total skills scanned, findings by severity, overall risk level
Per-skill breakdown: findings, trust score, recommendations
Critical actions: what to fix immediately
Trust attestations for passing skills (if --attest flag used)

Prompt 示例

安装安全审计后，可以对 AI 说这些话来触发它

U

Help me get started with Security Audit

A

Explains what Security Audit does, walks through the setup, and runs a quick demo based on your current project

U

Use Security Audit to comprehensive security audit for an agent's full skill stack

A

Invokes Security Audit with the right parameters and returns the result directly in the conversation

U

What can I do with Security Audit in my developer & devops workflow?

A

Lists the top use cases for Security Audit, with example commands for each scenario

常见问题

如何安装安全审计？▾

将技能文件夹放到 ~/.claude/skills/arc-security-audit/ 目录（个人级，所有项目可用），或 .claude/skills/arc-security-audit/（项目级）。重启 AI 客户端后，用 /arc-security-audit 主动调用，或让 AI 根据上下文自动发现并使用。

安全审计支持哪些 AI 平台？▾

安全审计支持 Claude、Cursor、OpenClaw，可与这些 AI 平台无缝集成，扩展其能力。

安全审计是免费的吗？▾

安全审计可免费安装使用。请查阅仓库了解许可证信息。

安全审计有什么功能？▾

对代理的完整技能堆栈进行全面的安全审核。将扫描器、差异器、信任验证器和健康监控器链接到具有先验的单个评估中...

安全审计属于哪个分类？▾

安全审计属于「Developer & DevOps」分类，该分类的技能帮助 AI 智能体在此领域执行专业任务。

使用场景

Getting Started with Security Audit→Automate Developer & DevOps Workflows with Security Audit→Team Collaboration with Security Audit→

安全审计

安装

关于安全审计

Security Audit

Why This Exists

Commands

Audit all installed skills

Audit a specific skill

Generate audit report as JSON

Audit with trust attestations

What It Does

Output

Prompt 示例

常见问题

使用场景

同类技能推荐

Github

Browser Use

Browser Automation

Playwright MCP

安全审计

安装

关于 安全审计

Security Audit

Why This Exists

Commands

Audit all installed skills

Audit a specific skill

Generate audit report as JSON

Audit with trust attestations

What It Does

Output

Prompt 示例

常见问题

使用场景

同类技能推荐

Github

Browser Use

Browser Automation

Playwright MCP

关于安全审计