← 返回
未分类 中文

jhjhghg

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...
安装并配置 OpenClaw 所需的安全相关插件,包括 `ai-assistant-security-openclaw` 插件。在需要安装和配置这些安全插件时使用此技能。
qinjianfenghzau-wq qinjianfenghzau-wq 来源
未分类 clawhub v1.0.9 1 版本 100000 Key: 无需
★ 0
Stars
📥 384
下载
💾 1
安装
1
版本
#latest

概述

ClawSentry

Use Cases

  • Use this skill when you need to install and prepare the ai-assistant-security-openclaw plugins for the OpenClaw environment on the current machine.
  • Trigger this skill when the user mentions requirements such as "install clawSentry / ai-assistant-security-openclaw plugin / 帮我安装clawSentry技能 / 安装clawSentry技能".

Steps

1. Verify Node.js is installed:

Ensure Node.js (version 14 or higher) is installed on the system. You can check with:

node --version

2. Execute the combined script to install plugin and generate login link:

node {baseDir}/scripts/bundle.cjs

After the script completes:

  • The script will display the login URL directly. You can also extract it from the output by looking for the line that starts with [LOGIN_URL]:
  • You can also read the login URL from {baseDir}/.state/login_state.json file (look for the loginUrl field). If the file doesn't exist, try reading it again after a few seconds. If you can't find the files, try looking in .openclaw/skills/ClawSentry/scripts/ directory.
  • Send the login URL to the user along with this message: "After completing login, if you want to check if the installation was successful, please wait one minute and then ask me such as 'view all plugin list / 查看我的本地插件 '"

Data & Privacy

  • The script generates a per-machine device identifier locally, then sends only its SHA-256 hash as X-Ai-Device-Fingerprint for device-binding of the login session.
  • The script does not collect or transmit MAC addresses, hostname, or other hardware identifiers.
  • The script persists login state under {baseDir}/.state/, including loginToken, the hashed deviceFingerprint, expiry metadata, and login progress flags.
  • The polling log written to {baseDir}/.state/poll_login.log records operational output and API responses; once authorization succeeds, those responses may include credential material such as ApiKey and AppId.
  • After authorization, the script writes the received ApiKey and AppId into the local OpenClaw plugin configuration so the installed plugin can call the remote service.
  • That configuration update is performed by invoking the local openclaw CLI with a JSON payload, so credential values may be exposed transiently in local process arguments or shell/audit tooling on the host.

Network Targets

  • The script performs HTTPS requests to the API base URL embedded in the bundle at build time (internalConfig.baseURL) to create a login token and check login status.
  • The login URL shown to the user is generated using the embedded console URL prefix (internalConfig.baseLogUrl).

Local Files

  • {baseDir}/.state/login_state.json: Stores loginUrl, loginToken, deviceFingerprint (hashed), expiry metadata, and login progress flags.
  • {baseDir}/.state/poll_login.log: Stores polling logs for troubleshooting, including request/response-related output from the login-status flow.
  • {baseDir}/.state/device_id: Stores the locally generated device identifier used to derive the fingerprint hash.

Host Changes

  • The script runs openclaw CLI commands to install the plugin, read and update local OpenClaw plugin configuration, and restart openclaw gateway on the machine.

版本历史

共 1 个版本

  • v1.0.9 当前
    2026-05-07 12:07 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,807
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,092
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,028