← 返回
未分类 中文

OpenClaw Tool Audit

Audit OpenClaw agent tool exposure versus observed use. Use when reviewing allowed tools, spotting broad or unused tool allowances, or checking whether agent...
审计 OpenClaw 代理的工具暴露与实际使用情况。用于审查允许的工具、发现过于宽泛或未使用的工具权限,或检查代理是否...
pfrederiksen pfrederiksen 来源
未分类 clawhub v0.1.2 1 版本 100000 Key: 无需
★ 0
Stars
📥 461
下载
💾 0
安装
1
版本
#latest

概述

OpenClaw Tool Audit

Use this skill to audit local OpenClaw agent tool configuration against observed tool usage.

Repository

Primary source repo:

  • https://github.com/pfrederiksen/openclaw-tool-audit

Prerequisites

Required:

  • a trusted local installation of openclaw-tool-audit
  • access to the local OpenClaw config and session data the tool reads

Before running:

  • verify the local binary or source install is one you trust
  • inspect local source if you did not build or install it yourself
  • avoid elevated/root execution unless you actually need it
  • confirm local session/config files do not expose secrets you are unwilling to inspect

When to use

Use this when the user asks to:

  • audit which tools agents are allowed to use
  • compare allowed tools vs tools actually used
  • spot overly broad tool access
  • review whether agent tool configs could be tightened
  • generate a markdown or JSON tool exposure report

Safe source guidance

Prefer one of these:

  • a previously installed trusted local binary on PATH
  • a trusted local source checkout you have already inspected
  • a pinned internal/local install workflow you control

Do not instruct users to install directly from a remote GitHub URL inside this skill.

Recommended commands

Default markdown summary:

openclaw-tool-audit --markdown --top-tools 15

JSON output:

openclaw-tool-audit --json

Broadest-first review:

openclaw-tool-audit --markdown --broadest-first

Unused-only review:

openclaw-tool-audit --markdown --unused-only

If the binary is not on PATH, use the trusted local path you already manage.

Parser / transcript notes

Real-world OpenClaw installs may have nested tool config shapes and transcript variants that require recent upstream fixes. If the tool crashes or reports zero observed invocations unexpectedly:

  • verify you are using a trusted current local build
  • validate with --json
  • check whether observed agent names and tool tokens look sane before making policy decisions

Recommended interpretation

Use the report to answer:

  • which agents have very broad allowlists
  • which tools are actually used most often
  • which agents have a high unused-allowance ratio
  • whether any observed tool tokens look like parser mistakes or unmatched config/runtime shapes

Packaging / safety

Keep this skill minimal and transparent:

  • plain text only
  • no binaries
  • no obfuscation
  • no remote install commands in SKILL.md
  • prefer already-installed local/auditable tooling

版本历史

共 1 个版本

  • v0.1.2 当前
    2026-05-03 07:39 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-agent

Find Skills

root
帮助用户发现和安装智能体技能,当用户询问如「如何做X」、「找X的技能」、「有能做...的吗」等问题时
★ 1,507 📥 566,483
ai-agent

self-improving agent

pskoett
记录自身发现以实现自我改进的技能
★ 4,152 📥 924,821
content-creation

Photo Captions

pfrederiksen
生成平台适配的社交媒体摄影文案。当用户分享照片并需要发布文案时使用。触发条件:分享带有...的照片
★ 2 📥 1,831