检查 OpenClaw 实例本身
它检查的是本地实例的配置基线、权限边界、暴露面和漂移信号,不是外部目标网络。
m78armor-lite ClawHub 免费技能
m78armor-lite Free ClawHub Skill
面向 OpenClaw 实例自身的本地只读安全配置检查与加固评估。它的工作不是扫描外部网络,而是在安装后或升级后,快速告诉你当前实例是否存在可避免的配置风险、暴露面、弱默认值和配置漂移。
A local, read-only security configuration review and hardening assessment for the OpenClaw instance itself. Its job is not to scan external networks. Its job is to tell you, right after install or upgrade, whether the current instance carries avoidable configuration risk, risky exposure, weak defaults, or drift indicators.
OpenClaw 默认配置并不安全 —— 认证、沙箱、技能来源和本地配置需要在安装后尽快修正。
OpenClaw ships with insecure defaults — authentication, sandboxing, skill-source controls, and local configuration need to be fixed right after installation.
定位
POSITIONING
这个技能是什么,不是什么
What this skill is, and what it is not
它是面向实例自身的安装后配置检查工具,不是泛化的“安全平台”。
It is a post-install configuration check for the instance itself, not a generic “security platform.”
Checks the OpenClaw instance itself
It reviews local baseline settings, permission boundaries, risky exposure, and drift signals on the instance itself, not external targets.
不上传本地配置
运行方式是本地只读,不需要外部 API,也不把本地配置内容传出主机。
No local data uploaded
It runs locally, read-only, requires no remote API, and does not upload local configuration content off-host.
不是网络扫描器
它不扫描网络,不做入侵检测,不做完整第三方技能审查,也不承诺“绝对安全”。
Not a network scanner
It does not scan networks, perform intrusion detection, fully vet third-party skills, or promise “guaranteed security.”
免费版负责发现问题
它负责发现问题并解释风险。真正的自动加固、备份、回滚和更深层检查,留给 M78Armor Core。
The free edition diagnoses
It finds and explains the problem. Automated hardening, backup, rollback, and deeper risk-aware checks remain in M78Armor Core.
覆盖范围
COVERAGE
它重点检查什么
What it checks most directly
围绕配置基线、权限、暴露面、弱默认值和配置漂移来做本地只读检查。
It focuses on local read-only review of baseline settings, permission boundaries, risky exposure, weak defaults, and configuration drift.
绑定地址与端口
检查网关绑定地址、默认端口使用情况,以及是否把本应本地优先的实例暴露得过宽。
Bind address and port
Checks gateway bind scope, default-port usage, and whether a local-first instance is exposed more broadly than it should be.
令牌、密钥与弱默认值
检查认证令牌是否缺失或过弱,配置中是否存在明文密钥和其他弱默认值。
Tokens, secrets, and weak defaults
Checks whether authentication tokens are missing or weak, and whether plaintext secrets or other weak defaults still remain.
沙箱、工作区与高权限工具
检查沙箱模式、工作区隔离和高权限工具开关,避免把实例变成过度开放的执行面。
Sandbox, workspace, and elevated tools
Checks sandbox mode, workspace isolation, and elevated-tool settings so the instance does not turn into an unnecessarily open execution surface.
浏览器、CDP 与来源控制
检查浏览器私网访问、CDP 来源范围、Control UI 来源允许列表,以及其他控制面边界。
Browser, CDP, and source controls
Checks private-network browser reach, CDP source range, Control UI origin allowlisting, and other control-plane boundaries.
TLS 与日志级别
检查 TLS 配置与日志级别,避免在更广暴露面下继续泄露过多上下文或走弱传输路径。
TLS and log level
Checks TLS settings and log verbosity so wider exposure does not continue to leak unnecessary context or weaker transport handling.
插件迁移与允许列表
检查插件迁移状态和允许列表是否仍处于宽松或遗留状态,减少插件边界漂移。
Plugin migration and allowlist
Checks whether plugin migration state and allowlisting remain weak or legacy-driven, reducing plugin-boundary drift.
使用方式
HOW TO USE
在 ClawHub / OpenClaw 里如何调用
How to invoke it in ClawHub / OpenClaw
它已经是一个可调用的免费技能。安装后,可用自然语言直接触发。
It is published as a callable free skill. After install, invoke it with natural-language prompts.
ClawHub / 中文提示
示例提示词
运行 m78armor : openclaw security configuration check 检查这个 OpenClaw 实例的安全配置问题 执行本地 OpenClaw 配置基线与加固评估
ClawHub / English prompts
Sample prompts
run m78armor : openclaw security configuration check check this openclaw instance for risky security configuration gaps review local openclaw configuration baseline and hardening issues
CLI / 本地测试
本地运行示例
node ./scripts/m78armor-lite.js --lang zh node ./scripts/m78armor-lite.js --json node ./scripts/m78armor-lite.js --config "/path/to/openclaw.json" --lang zh
CLI / Local test
Local run examples
node ./scripts/m78armor-lite.js --lang en node ./scripts/m78armor-lite.js --json node ./scripts/m78armor-lite.js --config "/path/to/openclaw.json" --lang en
免费版与 M78Armor Core
FREE VS M78ARMOR CORE
免费技能和 M78Armor Core 的分工
Division of labor: free skill vs M78Armor Core
免费技能负责把问题讲清楚。M78Armor Core 负责把执行路径变得更短、更安全、更可重复。
The free skill clarifies the problem. M78Armor Core shortens the execution path and makes it safer and more repeatable.
| 能力 | M78ARMOR-LITE | M78ARMOR CORE |
|---|---|---|
| 角色 | 安装后本地只读检查 | 本地执行、加固与后续控制 |
| 配置发现 | 有 | 有 |
| 自动修正 | 无 | 有 |
| 变更前备份 | 无 | 有 |
| 回滚 | 无 | 有 |
| 更深层风险检查 | 有限 | 更深 |
| 输出 | 人类可读 + 最小 JSON | 更丰富、可追踪 |
| Capability | M78ARMOR-LITE | M78ARMOR CORE |
|---|---|---|
| Role | Post-install local read-only check | Local execution, hardening, and safer follow-through |
| Configuration findings | Yes | Yes |
| Automatic remediation | No | Yes |
| Backup before change | No | Yes |
| Rollback | No | Yes |
| Deeper risk-aware checks | Limited | Deeper |
| Output | Human-readable + minimal JSON | Richer and more traceable |
你已经看到了问题。接下来呢?
m78armor-lite 告诉你哪里有问题。M78Armor Core 帮你在 2 分钟内完成本地修正、自动备份和回滚准备——同样的 22 项检查,从发现到执行。
用 ¥88 从发现问题到解决问题 →You have seen the findings. What next?
m78armor-lite tells you what is wrong. M78Armor Core fixes it in under 2 minutes with automatic backup and rollback — the same 22 checks, from discovery to execution.
Go from findings to fixes for ¥88 →常见问题
FAQ
关于 m78armor-lite 的常见问题
Common questions about m78armor-lite
它是不是网络扫描器?+
不是。它是面向 OpenClaw 实例自身的本地只读配置检查工具,不扫描目标网络,也不做远程探测。
Is it a network scanner?+
No. It is a local, read-only configuration check for the OpenClaw instance itself. It does not scan target networks or perform remote probing.
会不会上传我的本地配置?+
不会。它的定位就是本地优先执行,不上传本地配置内容到远程服务器。
Does it upload local configuration data?+
No. Its model is local-first execution and it does not upload local configuration content to a remote server.
免费版会自动修正配置吗?+
不会。它是只读检查。自动加固、备份、回滚和更深层检查都不在免费技能范围里。
Does the free edition auto-remediate configuration?+
No. It is a read-only check. Automated hardening, backup, rollback, and deeper checks remain outside the free skill boundary.
它的输出是什么样?+
它支持人类可读输出,也支持最小 JSON 输出。每个非绿色发现都应解释当前值、推荐基线、可能的滥用路径、为什么重要以及下一步怎么做。
What does the output look like?+
It supports human-readable output and minimal JSON output. Every non-green finding should explain the current value, recommended baseline, abuse path, why it matters, and what to do next.