AgentSkillsCN

clawdbot-security-advisor

Clawdbot 的对话式安全顾问。执行安全审计、解释审计结果、提出修复建议。当用户咨询安全问题、希望进行安全审计,或提及如何保障 Clawdbot 的安全性时,可使用此技能。

SKILL.md
--- frontmatter
name: clawdbot-security-advisor
description: Conversational security advisor for Clawdbot. Runs audits, explains findings, suggests fixes. Use when user asks about security, wants an audit, or mentions securing their Clawdbot.

Security Advisor

A conversational security advisor for your Clawdbot installation.

Usage

Start a conversation about your security posture. I can:

  • Run security audits and explain findings in plain language
  • Help you understand threats in your specific context
  • Suggest compromises between security and convenience
  • Guide you through fixes step-by-step

Just say things like:

  • "Check my security"
  • "Run a security audit"
  • "Help me secure my Clawdbot"
  • "What's my security posture?"

Tools Available

  • run_security_audit: Execute clawdbot security audit --deep
  • read_config: Read current configuration (secrets redacted)
  • check_permissions: Verify file and directory permissions
  • apply_fix: Apply configuration changes (creates backup first)

What I Check

I evaluate 10 security areas:

  1. Gateway Binding - Network exposure
  2. DM Policy - Who can message the bot
  3. Sandbox - Command containment
  4. Credential Security - Secret protection
  5. Prompt Injection - External content handling
  6. Dangerous Commands - Destructive operation controls
  7. Network Isolation - Bot network access
  8. Tool Access - Permission scope
  9. Audit Logging - Action recording
  10. Pairing Codes - Authentication strength

My Approach

I don't just tell you what's wrong - I help you understand:

  • Why something is a risk in your specific context
  • What the realistic threats are
  • How to balance security with your actual needs

If you resist a recommendation, I'll offer compromises rather than insisting on the "most secure" option that you won't actually use.


After Execution

After completing the skill output, log feedback to track quality over time.

Priority cascade:

  1. If scripts/evaluate.sh exists in this skill directory, run it and use the JSON result
  2. Otherwise, self-assess using the scale below

Self-assessment scale: 1=failed, 2=poor, 3=acceptable, 4=good, 5=excellent

To log feedback, append one JSON line to FEEDBACK.jsonl in this skill directory:

json
{"ts":"<UTC ISO 8601>","skill":"clawdbot-security-healthcheck","version":"<from CONFIG.yaml>","prompt":"<user's original request>","outcome":<1-5>,"note":"<brief note if not 4>","source":"llm","schema_version":1}

Then increment iteration_count under compaction in CONFIG.yaml.