全部技能 分类浏览
← 返回
安全合规 中文

Neckr0ik Security Fixer

Auto-fix security vulnerabilities in OpenClaw skills. Works with neckr0ik-security-scanner to automatically remediate hardcoded secrets, shell injection risk...
自动修复 OpenClaw 技能中的安全漏洞。配合 neckr0ik-security-scanner 使用,自动 remediate 硬编码机密、Shell 注入风险……
neckr0ik
安全合规 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 494
下载
💾 6
安装
1
版本
#latest

概述

Security Fixer

Automatically fixes security vulnerabilities found by neckr0ik-security-scanner.

Quick Start

# Scan and fix in one command
neckr0ik-security-fixer fix /path/to/skill --auto

# Interactive fix (confirm each change)
neckr0ik-security-fixer fix /path/to/skill

# Generate .env.example only
neckr0ik-security-fixer env /path/to/skill

What This Fixes

Critical Issues (Auto-fixable)

IssueFix Applied
--------------------
Hardcoded SecretsReplaces with os.environ.get() + generates .env.example
Shell InjectionConverts to subprocess.run() with shell=False
eval/execWraps with safe alternatives or flags for review

High Issues (Auto-fixable)

IssueFix Applied
--------------------
Prompt InjectionAdds sanitization wrapper
Path TraversalAdds pathlib validation

How It Works

  1. Runs security scan on target skill
  2. For each vulnerability, generates fix
  3. Applies fix automatically (with --auto) or prompts for confirmation
  4. Creates .env.example with detected secret placeholders
  5. Updates .gitignore to exclude .env

Example Fixes

Hardcoded API Key

Before:

api_key = "sk-abc123def456..."

After:

import os
api_key = os.environ.get("OPENAI_API_KEY")
if not api_key:
    raise ValueError("OPENAI_API_KEY environment variable required")

Generated .env.example:

OPENAI_API_KEY=your-key-here

Shell Injection

Before:

os.system(f"convert {filename} output.png")

After:

import subprocess
result = subprocess.run(
    ["convert", filename, "output.png"],
    capture_output=True,
    check=True
)

Prompt Injection

Before:

prompt = f"User says: {user_input}"

After:

import re
def sanitize_for_prompt(text: str) -> str:
    return re.sub(r'[<>\{\}\[\]\\]', '', text[:1000])

prompt = f"User says: {sanitize_for_prompt(user_input)}"

Commands

fix

neckr0ik-security-fixer fix <skill-path> [options]

Options:
  --auto        Apply all fixes without prompting
  --dry-run     Show what would be fixed without making changes
  --backup      Create .bak files before modifying

env

neckr0ik-security-fixer env <skill-path>

Generates:
  - .env.example (template with placeholders)
  - Updates .gitignore to exclude .env

report

neckr0ik-security-fixer report <skill-path> --format json

Outputs a detailed fix report with:
  - Original vulnerable code
  - Fixed code
  - Files modified
  - Manual review items

Safety Features

  • Backup files created by default (can disable with --no-backup)
  • Dry-run mode shows changes without applying
  • Manual review flagging for complex issues that need human judgment
  • Git integration - shows diff before applying

See Also

  • neckr0ik-security-scanner - Scan for vulnerabilities first
  • references/fix-templates.md - Complete fix template library
  • scripts/fixer.py - Main fixer script

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-03-30 22:45 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

data-analysis

Image Handler

neckr0ik
读取、分析元数据、转换格式、调整尺寸、旋转、裁剪、压缩以及批量处理 PNG、JPG、GIF、WebP、TIFF、BMP、HEIC、SVG 和 ICO 图像。
★ 0 📥 1,570
security-compliance

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装 MoltGuard,保护您和您的用户免受提示注入、数据泄露和恶意攻击。
★ 116 📥 30,701
security-compliance

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 89 📥 30,590

Skill工具集 © 2026