全部技能 分类浏览
← 返回
未分类 中文

agent-bom ingest

Validate and ingest operator-pushed agent-bom inventory JSON from AWS, Azure, GCP, Snowflake, CMDB, or endpoint collectors. Use when a user has canonical inv...
验证并摄取运维人员推送的代理BOM清单JSON,数据来源包括AWS、Azure、GCP、Snowflake、CMDB或端点采集器。用于用户拥有规范化清单的场景。
msaad00 msaad00 来源
未分类 clawhub v0.88.5 7 版本 99787.9 Key: 无需
★ 0
Stars
📥 941
下载
💾 0
安装
7
版本
#latest

概述

agent-bom-ingest

Use this skill when the operator already produced canonical inventory JSON with

an operator-pull adapter, endpoint collector, CMDB export, or AI-agent workflow.

The default path is local validation plus local scan/export.

Guardrails

  • Validate inventory with the packaged schema before treating it as evidence.
  • Require discovery_provenance and permissions_used where the source claims

cloud/operator-pushed discovery.

  • Require a trustworthy discovery_provenance.source_type such as

operator_pushed_inventory or skill_invoked_pull; do not infer it from

prose.

  • Do not invent provenance, permissions, cloud scopes, or credential posture.
  • Do not push to a control plane unless the operator provides the destination

URL and auth method explicitly.

  • Do not print raw tokens, URL credentials, private keys, or env var values.

Workflow

Validate first:

agent-bom mcp validate inventory.json

Scan locally:

agent-bom agents --inventory inventory.json --format json --output agent-bom-findings.json

Choose output by consumer:

  • SARIF for CI/code-scanning gates
  • JSON for graph, API, and automation
  • HTML or Markdown for human review
  • CycloneDX/SPDX for SBOM consumers

Evidence Contract

Valid inventory preserves discovery_provenance, permissions_used,

cloud_origin, redaction state, package identity, server identity, tools, and

security intelligence. If the inventory is malformed or missing required trust

fields, stop and ask the operator to regenerate it rather than scanning a

best-effort summary.

版本历史

共 7 个版本

  • v0.88.5 当前
    2026-06-01 20:27
  • v0.88.4
    2026-05-26 22:50
  • v0.88.3
    2026-05-26 17:23
  • v0.88.1
    2026-05-23 15:54 安全 安全
  • v0.87.1
    2026-05-19 10:43 安全 安全
  • v0.86.2
    2026-05-08 12:54 安全 安全
  • v0.86.1
    2026-05-07 04:14 安全 安全

安全检测

腾讯云安全 (Keen)

队列中

腾讯云安全 (Sanbu)

队列中

🔗 相关推荐

it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装 MoltGuard,保护您和您的用户免受提示注入、数据泄露和恶意攻击。
★ 116 📥 30,854
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,514
ai-agent

agent-bom registry

msaad00
MCP 服务器安全注册表与信任评估 — 在 427+ 服务器安全元数据注册表中查找服务器,运行预装市场检查,批量...
★ 0 📥 1,924

Skill工具集 © 2026