Does m78armor-lite upload local data?

No. It is local-first and does not upload local configuration content off-host.

Does the free skill auto-remediate configuration?

No. The free skill is read-only and does not auto-remediate, create backups, or provide rollback.

What does M78Armor Core add?

M78Armor Core adds backup-first local fixes and rollback if you need to restore the instance after making changes.

⚠ 近期 OpenClaw / ClawHub 安全事件表明：恶意技能投递、默认暴露和配置漂移都可能把安装后的实例带进更大的麻烦

⚠ Recent OpenClaw / ClawHub security incidents show the same pattern: malicious skill delivery, default exposure, and configuration drift can turn a working install into a bigger mess

OpenClaw Hermes

m78armor-lite ClawHub 免费技能

m78armor-lite Free ClawHub Skill

给已经装好的 OpenClaw 做一次本地只读体检。先把实例看清，不急着改配置。它不扫外网，也不装成什么都能管。它只回答一个更窄的问题：这台实例现在有没有明显、可避免、该马上处理的配置风险？

A local read-only check for an OpenClaw instance that is already running. Look at the instance first. Do not rush into changes. It does not scan the outside world, and it does not pretend to cover every category. It answers one narrower question: does this instance carry obvious, avoidable configuration risk that should be handled now?

查看检查用法 See check prompts 查看 Core 修正与回退 See Core fixes and rollback 先做手工清单 Manual checklist first

Lite 先负责检查。先看清，再决定。

Lite is for inspection. See it clearly before you decide.

ClawHub / 实际列表截图

ClawHub / Live listing screenshot

先把 ClawHub 列表页看清。你装的是只读检查工具，不是会直接改配置的东西。

Check the ClawHub listing first. You are installing a read-only check, not something that starts changing config on your behalf.

ClawHub listing for m78armor openclaw security configuration check — free OpenClaw security configuration skill — ClawHub 列表截图，突出显示技能标题、免费 MIT-0 许可、发布者 Move78 AI 和下载入口。© 2026 Move78 International Limited.

定位

POSITIONING

这个技能是什么，不是什么

What this skill is, and what it is not

它只做安装后的本地检查，不装成全能工具。

It stays on post-install local checks. Nothing broader.

实例优先

只检查 OpenClaw 实例本身

它盯的是本地实例的配置基线、权限边界、暴露面和漂移信号，不去扫外部目标。

INSTANCE-FIRST

Inspects the OpenClaw instance itself

It stays on local baseline settings, permission boundaries, risky exposure, and drift signals on the instance itself. It does not go looking at the outside world.

本地优先

不上传本地配置

运行方式是本地只读，不需要外部 API，也不把本地配置内容传出主机。

LOCAL-FIRST

No local data uploaded

It runs locally, read-only, requires no remote API, and does not upload local configuration content off-host.

边界

不扫外网，不装成全能

它不是网络扫描器，不是 IDS，也不是假装什么都覆盖的 all-in-one 平台。

BOUNDARY

Does not scan outward or pretend to do everything

It is not a network scanner, not an IDS, and not another fake all-in-one platform.

商业边界

Lite 只把问题摊开

Lite 负责把问题讲清楚。修正、备份、回退准备和更深的处置，留给 M78Armor Core。

COMMERCIAL BOUNDARY

Lite makes the problem clear

Lite is there to make the problem clear. Fixes, backup, rollback readiness, and the steadier remediation path stay in M78Armor Core.

覆盖范围

COVERAGE

它重点检查什么

What it checks most directly

重点就是暴露面、认证、权限、技能信任和配置漂移。只读。本地。先把情况看清。

It stays on exposure, auth, permissions, skill trust, and configuration drift. Read-only. Local. The point is to make the state of the instance clear.

暴露面

绑定地址与端口

检查网关绑定地址、默认端口使用情况，以及是否把本应本地优先的实例暴露得过宽。

EXPOSURE

Bind address and port

Checks gateway bind scope, default-port usage, and whether a local-first instance is exposed more broadly than it should be.

认证

令牌、密钥与弱默认值

检查认证令牌是否缺失或过弱，配置中是否存在明文密钥和其他弱默认值。

AUTH

Tokens, secrets, and weak defaults

Checks whether authentication tokens are missing or weak, and whether plaintext secrets or other weak defaults still remain.

权限

沙箱、工作区与高权限工具

检查沙箱模式、工作区隔离和高权限工具开关，避免把实例变成过度开放的执行面。

PERMISSIONS

Sandbox, workspace, and elevated tools

Checks sandbox mode, workspace isolation, and elevated-tool settings so the instance does not turn into an unnecessarily open execution surface.

运行边界

浏览器、CDP 与来源控制

检查浏览器私网访问、CDP 来源范围、Control UI 来源允许列表，以及其他控制面边界。

RUNTIME BOUNDARY

Browser, CDP, and source controls

Checks private-network browser reach, CDP source range, Control UI origin allowlisting, and other control-plane boundaries.

日志与协议

TLS 与日志级别

检查 TLS 配置与日志级别，避免在更广暴露面下继续泄露过多上下文或走弱传输路径。

LOGGING & TRANSPORT

TLS and log level

Checks TLS settings and log verbosity so wider exposure does not continue to leak unnecessary context or weaker transport handling.

插件边界

插件迁移与允许列表

检查插件迁移状态和允许列表是否仍处于宽松或遗留状态，减少插件边界漂移。

PLUGIN BOUNDARY

Plugin migration and allowlist

Checks whether plugin migration state and allowlisting remain weak or legacy-driven, reducing plugin-boundary drift.

使用方式

HOW TO USE

在 ClawHub / OpenClaw 里如何调用

How to invoke it in ClawHub / OpenClaw

装好以后，直接让它检查当前实例。先看结果，再决定要不要进入修正阶段。

Once installed, tell it to check the current instance. Look at the result first, then decide whether anything should move into fixes.

ClawHub / 中文提示

示例提示词

运行 m78armor : openclaw security configuration check
检查这个 OpenClaw 实例的安全配置问题
执行本地 OpenClaw 配置基线与加固评估

ClawHub / English prompts

Sample prompts

run m78armor : openclaw security configuration check
check this openclaw instance for risky security configuration gaps
review local openclaw configuration baseline and hardening issues

CLI / 本地测试

本地运行示例

node ./scripts/m78armor-lite.js --lang zh
node ./scripts/m78armor-lite.js --json
node ./scripts/m78armor-lite.js --config "/path/to/openclaw.json" --lang zh

CLI / Local test

Local run examples

node ./scripts/m78armor-lite.js --lang en
node ./scripts/m78armor-lite.js --json
node ./scripts/m78armor-lite.js --config "/path/to/openclaw.json" --lang en

免费版与 M78Armor Core

FREE VS M78ARMOR CORE

免费技能和 M78Armor Core 的分工

Division of labor: M78Armor Lite (free skill) vs M78Armor Core

Lite 负责检查，把问题看清；M78Armor Core 负责先备份，再修正，必要时回退。两者不是一回事。

Lite is the read-only check. M78Armor Core is for backup before changes, actual fixes, and rollback when needed. They are not the same job.

能力	M78ARMOR-LITE	M78ARMOR CORE
角色	安装后本地只读检查	本地执行、加固与后续控制
配置发现	有	有
自动修正	无	有
变更前备份	无	有
回滚	无	有
更深层风险检查	有限	更深
输出	人类可读 + 最小 JSON	更丰富、可追踪

Capability	M78ARMOR-LITE	M78ARMOR CORE
Role	Post-install local read-only check	Local execution, hardening, and safer follow-through
Configuration findings	Yes	Yes
Automatic remediation	No	Yes
Backup before change	No	Yes
Rollback	No	Yes
Deeper risk-aware checks	Limited	Deeper
Output	Human-readable + minimal JSON	Richer and more traceable

问题已经看清。下一步别盲改。

Lite 让问题变得清楚。Core 负责先备份，再修正；需要时还能回退。你买的不是另一份报告，而是更稳的收尾方式。

查看 Core 修正与回退

The problem is clear. Do not mutate blindly.

Lite makes the problem clear. Core handles backup first, then fixes, with rollback when needed. You are not buying another report. You are buying the steadier way to finish the work.

See Core fixes and rollback

常见问题

FAQ

关于 m78armor-lite 的常见问题

Common questions about m78armor-lite

它是不是网络扫描器？+

不是。它是面向 OpenClaw 实例自身的本地只读配置检查工具，不扫描目标网络，也不做远程探测。

Is it a network scanner?+

No. It is a local, read-only configuration check for the OpenClaw instance itself. It does not scan target networks or perform remote probing.

会不会上传我的本地配置？+

不会。它的定位就是本地优先执行，不上传本地配置内容到远程服务器。

Does it upload local configuration data?+

No. Its model is local-first execution and it does not upload local configuration content to a remote server.

免费版会自动修正配置吗？+

不会。它是只读检查。自动加固、备份、回滚和更深层检查都不在免费技能范围里。

Does the free edition auto-remediate configuration?+

No. It is a read-only check. Automated hardening, backup, rollback, and deeper checks remain outside the free skill boundary.

它的输出是什么样？+

它支持人类可读输出，也支持最小 JSON。重点不是堆报告，而是把当前值、推荐基线、风险原因和下一步动作讲清楚。

What does the output look like?+

It supports human-readable output and minimal JSON. The point is not another report. The point is to make the current value, baseline, risk reason, and next step obvious.