專案網址在這裡,有玩龍蝦的人應該知道是什麼
https://github.com/adversa-ai/secureclaw
SecureClaw is a 360-degree security plugin and skills that audits your OpenClaw installation for misconfigurations and known vulnerabilities, applies automated hardening fixes, and gives your agent behavioral security rules that protect against prompt injection, credential theft, supply chain attacks, and privacy leaks.
1️⃣ Full OWASP Agentic Security Top 10 coverage. Static and runtime. We're the first and only security tool for OpenClaw to formally map every control to the ASI framework. 10/10 categories.
2️⃣ Every known incident. Every known CVE up until now. All 8 documented threat classes from the OpenClaw Security 101 research have specific countermeasures. Not generic "be careful" advice — actual detection and hardening for each one.
3️⃣ Plugin + Skill layered defense. The plugin runs as code — gateway hardening, permission lockdown, credential scanning. The skill runs as LLM directives — injection awareness, PII scanning, integrity monitoring. Two layers. Each catches the failures of the other.
4️⃣ Ultra-lean ~1,230 token skill. Most security skills dump thousands of tokens into context, competing with your actual conversations. Ours is 15 rules and a set of bash scripts. All detection logic runs as bash — zero LLM tokens. Your agent stays fast, stays focused, stays protected.
AI agents with access to your files, credentials, email, and the internet are a fundamentally different security surface than traditional software. An agent that can read your .env file and send HTTP requests can exfiltrate your API keys in a single tool call. An agent that trusts instructions embedded in a web page or email can be hijacked to act against your interests.
SecureClaw addresses this by operating on three layers:
Layer 1 -- Audit. 56 automated checks across 8 categories scan your OpenClaw installation for known misconfigurations: exposed gateway ports, weak file permissions, missing authentication, plaintext credentials outside .env, disabled sandboxing, and more.
Layer 2 -- Hardening. Automated fixes for the most critical findings: binding the gateway to localhost, locking down file permissions, adding privacy and injection-awareness directives to your agent's core identity file, and creating cryptographic baselines for tamper detection.
Layer 3 -- Behavioral rules. 15 rules loaded into your agent's context that govern how it handles external content, credentials, destructive commands, privacy, and inter-agent communication. These rules cost approximately 1,230 tokens of context window and provide defense against prompt injection, data exfiltration, and social engineering -- attacks that cannot be prevented by infrastructure configuration alone.
沒有留言:
張貼留言