AOI OpenClaw Security Toolkit (Core)
Run local-only fail-closed security checks to detect and report data leaks, secrets, egress risks, and prompt injections before publishing or committing code.
技能说明
name: aoi-openclaw-security-toolkit-core description: Fail-closed OpenClaw security toolkit (public-safe). Use to prevent accidental or unexpected data leakage by running local-only checks: default-deny allowlists, lightweight secret/token scans, egress-risk pattern scans, and prompt/document injection pattern scans. Use when preparing GitHub/ClawHub publishing, reviewing skills/scripts for risky behavior, or validating inbound text/doc content before tool execution.
AOI OpenClaw Security Toolkit (Core)
Why: Prevent “one bad commit” incidents (accidental file leakage + secret exposure) with a fast, local-only, fail-closed check.
When: Before committing/pushing, before publishing a skill, and when reviewing scripts/skills for unexpected egress behavior.
How: Run a single command to get PASS/WARN/BLOCK and an optional redaction-safe report.
Scope: Detection + reporting only (no auto-fix, no uploads, no auto-posting).
Quickstart: openclaw-sec check --preset repo --diff staged
This is a public-safe toolkit skill.
- Does: detect + report risks (PASS/WARN/BLOCK)
- Does NOT: auto-fix, auto-upload, auto-post, or exfiltrate data
CLI
Binary: openclaw-sec
Common:
openclaw-sec check --lang en
openclaw-sec check --lang ko
openclaw-sec scan-secrets
openclaw-sec scan-egress
openclaw-sec scan-prompt --file inbound.txt
Exit codes:
0PASS1WARN2BLOCK
Default scan scope
If --paths is omitted, it scans existing paths among:
.skills/scripts/context/
Rules
Rule files live in rules/:
secret_patterns.txtegress_patterns.txtprompt_injection_patterns.txt
Edit these to tune sensitivity.
如何使用「AOI OpenClaw Security Toolkit (Core)」?
- 打开小龙虾AI(Web 或 iOS App)
- 点击上方「立即使用」按钮,或在对话框中输入任务描述
- 小龙虾AI 会自动匹配并调用「AOI OpenClaw Security Toolkit (Core)」技能完成任务
- 结果即时呈现,支持继续对话优化