个人中心
今日签到
私信列表
消息中心
搜索全站
q_code

扫码关注官方微信
cell_code

扫码下载APP
返回顶部
🇺🇸 English
🇨🇳 简体中文
🇨🇳 繁體中文
🇺🇸 English
🇯🇵 日本語
🇰🇷 한국어
🇫🇷 Français
🇩🇪 Deutsch
🇪🇸 Español
🇷🇺 Русский
技能集市 > AI智能 > skills-firewall
s

skills-firewall

Security firewall for skills that automatically blocks and filters malicious or potentially harmful skills. Use when:

作者: admin | 来源: ClawHub
源自
ClawHub
版本
V 1.0.0
安全检测
已通过
290
下载量
0
收藏
概述
安装方式
版本历史

skills-firewall

# Skills Firewall A security firewall that automatically blocks and filters malicious or potentially harmful skills by analyzing code patterns, detecting security threats, and enforcing security policies. ## Quick Start ### Scan a Single Skill ```bash python scripts/scan_skill.py /path/to/skill ``` ### Check Firewall Decision ```bash python scripts/firewall_check.py /path/to/skill ``` ### Generate Security Report ```bash python scripts/generate_report.py /path/to/skills --format text ``` ## Core Workflows ### 1. Security Scanning Scan skills for potential security threats: ```bash # Scan single skill python scripts/scan_skill.py ./my-skill # Scan all skills in directory python scripts/scan_skill.py ./skills # JSON output for automation python scripts/scan_skill.py ./my-skill --json ``` **Threat Levels:** - `SAFE` - No security concerns - `LOW` - Minor concerns, generally safe - `MEDIUM` - Moderate concerns, review recommended - `HIGH` - Significant risks, blocking recommended - `CRITICAL` - Severe threats, must block ### 2. Firewall Filtering Check and filter skills based on security rules: ```bash # Check single skill python scripts/firewall_check.py ./my-skill # Filter all skills python scripts/firewall_check.py ./skills # Add to allowed list python scripts/firewall_check.py ./my-skill --allow # Add to blocked list python scripts/firewall_check.py ./my-skill --block ``` **Actions:** - `allow` - Skill passes firewall - `warn` - Skill has warnings but allowed - `block` - Skill is blocked - `quarantine` - Skill isolated for review ### 3. Security Reports Generate comprehensive security reports: ```bash # Text report python scripts/generate_report.py ./skills # JSON report python scripts/generate_report.py ./skills --format json # HTML report python scripts/generate_report.py ./skills --format html --output report.html ``` ## Detection Categories The firewall detects threats in these categories: | Category | Examples | Severity | |----------|----------|----------| | Code Injection | eval(), exec(), __import__() | HIGH | | Command Execution | subprocess shell=True, os.system() | HIGH | | Credential Exposure | Hardcoded passwords, API keys | CRITICAL | | Network Communication | HTTP requests, socket connections | MEDIUM | | File Operations | File deletion, modification | MEDIUM | | Deserialization | pickle.loads, unsafe yaml.load | HIGH | | Privilege Escalation | sudo, chmod 777 | HIGH | | Obfuscation | Base64 decoding, encoding | LOW | ## Configuration ### Export/Import Config ```bash # Export current config python scripts/firewall_check.py ./skills --export-config firewall.yaml # Use custom config python scripts/firewall_check.py ./skills --config firewall.yaml ``` ### Config File Format ```yaml default_action: warn allowed_skills: - skill-creator - weather blocked_skills: - malicious-skill quarantine_dir: ./quarantine rules: - name: block_eval description: Block eval() usage patterns: - "eval(" action: block enabled: true ``` ## Reference Documentation - **Malicious Patterns**: See [malicious_patterns.md](references/malicious_patterns.md) for detailed pattern catalog - **Security Rules**: See [security_rules.md](references/security_rules.md) for rule definitions and configuration ## Programmatic Usage ```python from scan_skill import scan_skill, ThreatLevel from firewall_check import SkillsFirewall, ActionType # Scan a skill result = scan_skill("/path/to/skill") print(f"Threat Level: {result.threat_level}") print(f"Is Safe: {result.is_safe}") # Use firewall firewall = SkillsFirewall() decision = firewall.check_skill("/path/to/skill") print(f"Action: {decision.action}") print(f"Reason: {decision.reason}") # Manage lists firewall.add_allowed_skill("trusted-skill") firewall.add_blocked_skill("malicious-skill") # Create custom rule firewall.create_rule( name="block_custom_pattern", description="Block custom dangerous pattern", patterns=["dangerous_function("], action=ActionType.BLOCK ) ``` ## Best Practices 1. **Scan Before Use**: Always scan new skills before installation 2. **Review Warnings**: Investigate warning-level findings 3. **Update Rules**: Keep detection patterns current 4. **Document Exceptions**: Record why skills are allowed/blocked 5. **Regular Audits**: Run periodic security scans 6. **Use Reports**: Generate reports for compliance and review

标签

skill ai

通过对话安装

该技能支持在以下平台通过对话安装:

OpenClaw WorkBuddy QClaw Kimi Claude

方式一:安装 SkillHub 和技能

帮我安装 SkillHub 和 skills-firewall-1776284312 技能

方式二:设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源,然后帮我安装 skills-firewall-1776284312 技能

通过命令行安装

skillhub install skills-firewall-1776284312

下载 Zip 包

⬇ 下载 skills-firewall v1.0.0

文件大小: 17.59 KB | 发布时间: 2026-4-16 18:40

v1.0.0 最新 2026-4-16 18:40
Initial release of skills-firewall — a security firewall for skills.

- Automatically scans and detects security threats in skills based on code patterns.
- Classifies threats by levels: SAFE, LOW, MEDIUM, HIGH, CRITICAL.
- Provides workflows to scan, filter, allow, block, and quarantine skills.
- Generates security reports in text, JSON, or HTML formats.
- Allows management of allowed/blocked skill lists and custom rule configuration.
- Offers programmatic API for integration and advanced use.
- Includes best practices and reference documentation for safe skill management.

相关推荐

s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392936
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392933
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3195 ⬇ 389563
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3177 ⬇ 386621
AI智能

多链集团旗下-闲社网

闲社网热线
免费联系电话
0527-80111111
            qqline

服务时间:周一到周日 8:00-24:00

  • 公众号
    闲社 闲社线报社区
关注闲社网
  • wxkf

    闲社在线客服

  • wx

    关注闲社网微信

  • app

    闲社网APP

Archiver·手机版·闲社网·闲社论坛·羊毛社区· 多链控股集团有限公司 · 苏ICP备2025199260号-1

Powered by Discuz! X5.0   © 2024-2025 闲社网·线报更新论坛·羊毛分享社区·http://xianshe.com

p2p_official_large
返回顶部