免费安全清单Free Checklist
给手工第一轮检查用。顺序也定好了:先看暴露面,再看认证,然后看技能信任、权限、文件保护和版本风险。
For a manual first pass. The order is deliberate: exposure first, auth second, then skill trust, permissions, file protection, and version risk.
M78Armor 妙手甲堡
OpenClaw 跑起来,不等于已经安全。真正的麻烦往往从安装后开始:网关暴露、认证太弱、权限过宽、技能信任太松、改完还回不去。这里给个人 OpenClaw 用户一条更短、更稳的本地处理路径:先把实例看清。免费工具负责检查,M78Armor Core 负责修正、备份和回退。
Running OpenClaw is not the same as running it safely. The mess usually starts after install: exposed gateways, weak auth, broad permissions, sloppy skill trust, and no clean way back. This gives individual OpenClaw users a shorter, steadier local path: see the instance clearly first. The free tools are for review. M78Armor Core is for fixes, backup, and rollback.
先看清实例,再收紧边界,再留一条回退路。
See the instance clearly first. Tighten the boundary. Keep a way back.
从这里开始
START HERE
先选对路径
Pick the right path
先手动检查,再做本地只读检查;准备好了再进入修正和回退。别一上来就改。
Start with the manual checklist, move to the local read-only check, and use Core when you are ready to make changes. Do not mutate blindly.
m78setup.sh
给还没把 OpenClaw 装稳的人。先把安装跑通,但别把安装脚本当成安全收口工具。
For users who still need OpenClaw to run cleanly. It gets install friction out of the way, but it is not the security close-out tool.
m78armor-lite 技能m78armor-lite skill
给本地只读检查用。它先把实例里的明显配置风险讲清楚,不写配置,不盲改。
For the local read-only check. It makes the obvious configuration risks on the instance clear without writing config or changing anything blindly.
M78Armor Core
给修正和回退用。先备份,再写入;需要时可回退。它不是另一份报告,而是一条更短、更稳的本地收口路径。
For fixes and rollback. Back up first, write second, and keep revert available. It is not another report. It is the shorter, steadier local remediation path.
第二套件
SECOND SUITE
M78Armor Hermes
M78Armor Hermes
给 Hermes Agent 的只读审计与计划优先整改单独路径,继续保留在 /hermes/ 下。
Read-only audit and plan-first remediation for Hermes Agent, kept as its own suite at /hermes/.
边界
BOUNDARY
只做这一类问题
Built for this job
只盯 OpenClaw 实例本身:配置、权限、暴露面、技能信任和回退准备。不往外扩,也不装成什么都包的平台。
It stays on the OpenClaw instance itself: configuration, permissions, exposure, skill trust, and rollback readiness. It does not sprawl into a fake all-in-one.
网络扫描器 / IDS / VPNNetwork scanner / IDS / VPN
不主动探测网络,不监控流量,也不生成安全运营告警。
It does not probe networks, monitor traffic, or generate security-operations alerts.
OpenClaw 实例的检查与修正A check-and-fix flow for the OpenClaw instance
先把实例看清,再决定怎么收紧、怎么改、要不要回退,重点一直都在实例本身。
It starts by making the instance clear, then helps you decide what to tighten, what to change, and whether to roll back.
本地执行 / 默认不上传Local execution / no default upload
先在你自己的环境里检查、收紧和修改。配置、日志和密钥默认不往外送。
Review, tighten, and change inside your own environment first. Configuration, logs, and secrets do not leave by default.
常见问题
FAQ
常见问题
Frequently asked questions
第一次看这条产品线,先把检查和修正的边界分清。
If this is your first look, start by separating review from changes.
m78armor-lite 技能和 M78Armor Core 的差别是什么?What is the difference between the m78armor-lite skill and M78Armor Core?+
m78armor-lite 负责只读检查,把问题讲清楚。M78Armor Core 负责先备份,再修改;需要时可回退。
m78armor-lite is the read-only check. It makes the problem clear. Core is for fixes, backup, and rollback.
M78Armor 会上传我的配置、日志或密钥吗?Does M78Armor upload my configuration, logs, or secrets?+
不会。公开路线就是本地优先。检查、审查和执行都围着你自己的 OpenClaw 环境做,不靠把配置、日志或密钥传到云端。
No. The trust model is local-first. Review and execution stay inside your own OpenClaw environment instead of pushing configuration, logs, or secrets to a cloud service.
如果我已经升级了 OpenClaw,还需要 M78Armor 吗?If I already upgraded OpenClaw, do I still need M78Armor?+
通常还是需要。升级解决的是已知版本问题,不会顺手替你收紧网关暴露、认证强度、权限边界、技能控制和留档路径。
Usually yes. Upgrades address known version issues, but they do not automatically tighten gateway exposure, authentication strength, permission boundaries, skill controls, or documentation readiness.
什么时候应该直接进入 M78Armor Core?When should I move to M78Armor Core?+
当实例已经看清,而你不想再手工修改、备份和回退时,就该进 Core。
Move to Core once the instance is clear and you do not want to keep making changes, backing up, and rolling back by hand.