openclaw-shield 安全扫描报告 — 可信 | ClawSafe

0 /100

openclaw-shield

Cloud security guardrail that enforces pre-execution checks, source trust classification, taint tracking, metadata endpoint blocking, and output redaction for cloud-server deployments.

This is a pure documentation skill describing a cloud security guardrail concept. No executable code, scripts, or dependencies exist. All flagged IOCs are examples of dangerous patterns documented for detection — not actual malicious behavior.

技能名称openclaw-shield

分析耗时33.7s

引擎pi

✓

可以安装

Approve for use. This skill contains no executable code and presents no security risk. It is documentation-only guidance for agent security behavior.

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`NONE`	—	No shell commands in any file
文件系统	`NONE`	`NONE`	—	No file read/write operations in any file
网络访问	`NONE`	`NONE`	—	No network requests in any file
环境变量	`NONE`	`NONE`	—	No environment variable access in any file
技能调用	`NONE`	`NONE`	—	No skill-to-skill invocation in any file
剪贴板	`NONE`	`NONE`	—	No clipboard access in any file
浏览器	`NONE`	`NONE`	—	No browser access in any file
数据库	`NONE`	`NONE`	—	No database access in any file

6 严重 3 高危 9 项发现

💀

严重危险命令危险 Shell 命令

rm -rf ~

README.md:64

💀

严重危险命令危险 Shell 命令

curl | sh

references/detection-and-redaction.md:32

💀

严重危险命令危险 Shell 命令

wget | bash

references/detection-and-redaction.md:32

💀

严重危险命令危险 Shell 命令

bash -i >&

references/detection-and-redaction.md:33

💀

严重危险命令危险 Shell 命令

/dev/tcp/

references/detection-and-redaction.md:33

💀

严重危险命令危险 Shell 命令

nc -e

references/detection-and-redaction.md:33

📡

高危 IP 地址硬编码 IP 地址

169.254.169.254

README.md:14

📡

高危 IP 地址硬编码 IP 地址

100.100.100.200

SKILL.md:51

📡

高危 IP 地址硬编码 IP 地址

169.254.170.2

SKILL.md:51

目录结构

7 文件 · 15.9 KB · 499 行

Markdown 6f · 495L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 216 B

├─ ▾ 📁 references

│ ├─ 📝 audit-and-playbook.md Markdown 64L · 1.3 KB

│ ├─ 📝 cloud-boundaries-config.md Markdown 77L · 1.4 KB

│ ├─ 📝 detection-and-redaction.md Markdown 50L · 1.6 KB

│ └─ 📝 permission-matrix.md Markdown 35L · 1.5 KB

├─ 📝 README.md Markdown 190L · 6.4 KB

└─ 📝 SKILL.md Markdown 79L · 3.6 KB

安全亮点

✓ Pure documentation skill with zero executable code — cannot cause harm

✓ All pre-scan IOCs (dangerous shell commands, hardcoded IPs) are documented examples of threats the Shield should detect, not actual malicious implementations

✓ Hardcoded IPs (169.254.169.254, 100.100.100.200, 169.254.170.2) are correctly documented as cloud metadata endpoints that should be blocked — this is legitimate defensive documentation

✓ No dependencies, package.json, requirements.txt, or external dependencies present

✓ No obfuscation, base64, or encoded payloads present

✓ Skill describes a legitimate defensive security posture (pre-execution checks, output redaction, audit logging)

✓ The SOUL.md/AGENTS.md appendices describe instructions for embedding the Shield concept into other agents — this is meta-documentation, not executable code