首页 / 全部技能 / skillhub-picoclaw-security-guardian
P

Skill 详情

picoclaw-security-guardian

Picoclaw安全态势技能,提供威胁情报感知、配置漂移检测和供应链验证指导

来源平台:SkillHub
来源标识:SkillHub/picoclaw-security-guardian
源文件:原始说明
自动化与浏览器 高关注 SkillHub 高 风险 下载 375 SkillHub
来源平台SkillHub
文档版本0.0.3
热度高关注
排名信号下载 375
概述 安装 文档 下载

快速判断

Picoclaw安全态势技能,提供威胁情报感知、配置漂移检测和供应链验证指导

最后校验2026-05-27
来源平台SkillHub
安全提示
下载副本ZIP 可用

适合任务

  • 按 SkillHub 收录说明复用成熟任务流程。
  • 通过下载包离线阅读完整 Skill 内容。
  • 结合热度指标优先评估常用 Skill。

输入与输出

输入:任务目标、上下文材料、文件路径、约束条件或需要处理的内容。

输出:按 Skill 说明生成的文档、代码、检查结果、计划、建议或操作步骤。

示例任务

  • 使用 picoclaw-security-guardian 帮我处理当前任务,并说明需要准备哪些输入。
  • 根据 picoclaw-security-guardian 的说明,先列出使用前的安全检查项。

安装方式

  1. 下载本站提供的 Skill ZIP 并解压。
  2. 把解压后的 Skill 目录放入当前 AI 工具支持的 skills 目录。
  3. 如需在线查看原始内容,可打开 GitHub 的 SKILL.md

在线原始地址:skillhub-picoclaw-security-guardian/SKILL.md

风险边界

SkillHub 提供了源站安全报告入口,但本站不替代人工审查。使用前仍需检查权限、外部依赖和敏感数据边界。

SKILL.md 文档介绍

Picoclaw Security Guardian

Detailed architecture/operator docs: wiki/modules/picoclaw-security-guardian.md.

Release Artifact Verification

For standalone installs, verify the signed release manifest before trusting SKILL.md, skill.json, or the archive. The skill.json file is the package metadata/SBOM source, and the release pipeline signs checksums.json with the ClawSec release key.

set -euo pipefail

SKILL_NAME="picoclaw-security-guardian"
VERSION="0.0.3"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
ZIP_NAME="${SKILL_NAME}-v${VERSION}.zip"
TMP_DIR="$(mktemp -d)"
trap 'rm -rf "$TMP_DIR"' EXIT

RELEASE_PUBKEY_SHA256="711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8"

curl -fsSL "$BASE/checksums.json" -o "$TMP_DIR/checksums.json"
curl -fsSL "$BASE/checksums.sig" -o "$TMP_DIR/checksums.sig"
curl -fsSL "$BASE/signing-public.pem" -o "$TMP_DIR/signing-public.pem"
curl -fsSL "$BASE/$ZIP_NAME" -o "$TMP_DIR/$ZIP_NAME"
curl -fsSL "$BASE/SKILL.md" -o "$TMP_DIR/SKILL.md"
curl -fsSL "$BASE/skill.json" -o "$TMP_DIR/skill.json"

ACTUAL_PUBKEY_SHA256="$(openssl pkey -pubin -in "$TMP_DIR/signing-public.pem" -outform DER | shasum -a 256 | awk '{print $1}')"
if [ "$ACTUAL_PUBKEY_SHA256" != "$RELEASE_PUBKEY_SHA256" ]; then
  echo "ERROR: signing-public.pem fingerprint mismatch" >&2
  exit 1
fi

openssl base64 -d -A -in "$TMP_DIR/checksums.sig" -out "$TMP_DIR/checksums.sig.bin"
openssl pkeyutl -verify -rawin -pubin \
  -inkey "$TMP_DIR/signing-public.pem" \
  -sigfile "$TMP_DIR/checksums.sig.bin" \
  -in "$TMP_DIR/checksums.json" >/dev/null

hash_file() {
  if command -v shasum >/dev/null 2>&1; then
    shasum -a 256 "$1" | awk '{print $1}'
  else
    sha256sum "$1" | awk '{print $1}'
  fi
}

verify_manifest_file() {
  asset="$1"
  path="$2"
  expected="$(jq -r --arg asset "$asset" '.files[$asset].sha256 // empty' "$TMP_DIR/checksums.json")"
  if [ -z "$expected" ]; then
    echo "ERROR: checksums.json missing $asset" >&2
    exit 1
  fi
  actual="$(hash_file "$path")"
  if [ "$actual" != "$expected" ]; then
    echo "ERROR: checksum mismatch for $asset" >&2
    exit 1
  fi
}

expected_archive="$(jq -r '.archive.sha256 // empty' "$TMP_DIR/checksums.json")"
if [ -z "$expected_archive" ]; then
  echo "ERROR: checksums.json missing archive.sha256" >&2
  exit 1
fi
actual_archive="$(hash_file "$TMP_DIR/$ZIP_NAME")"
if [ "$actual_archive" != "$expected_archive" ]; then
  echo "ERROR: archive checksum mismatch" >&2
  exit 1
fi

verify_manifest_file "SKILL.md" "$TMP_DIR/SKILL.md"
verify_manifest_file "skill.json" "$TMP_DIR/skill.json"

echo "Signed release manifest, archive, SKILL.md, and skill.json verified."

Only install or extract the archive after this verification succeeds.

Goal

Provide Picoclaw with the same support-matrix security capabilities ClawSec tracks for mature platform modules:

| Skill name | supported platform | security feed | config drift | agent posture-review lane | chain of supply verification |

|---|---|---|---|---|---|

| picoclaw-security-guardian | Picoclaw | Yes | Yes | Separate package | Yes |

Threat model

Picoclaw is a lightweight AI gateway that can expose chat channels, a Web UI, tool execution, MCP servers, credentials, schedulers, and embedded/router deployments. This skill focuses on the trust boundaries where those features become security-sensitive.

Default safety posture

  • Read-only by default.
  • No scheduler creation in v0.0.1.
  • No outbound network by default.
  • Writes only explicit report/profile outputs under $PICOCLAW_HOME/security/clawsec/ unless the operator supplies test-local temporary paths.
  • Advisory checks fail closed when verification state is not verified unless the operator passes --allow-unsigned for a documented emergency/offline window.

Security advisory awareness

Use scripts/check_advisories.mjs with a local feed/cache and verification state:

node scripts/check_advisories.mjs   --feed ~/.picoclaw/security/clawsec/feed.json   --state ~/.picoclaw/security/clawsec/feed-verification-state.json

The script filters advisories for picoclaw, ai-gateway, empty/all-platform advisories, or affected package entries containing picoclaw.

The expected feed input is the consolidated signed ClawSec advisory feed, so it can contain NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.

Drift protection

Generate a deterministic profile:

node scripts/generate_profile.mjs   --output ~/.picoclaw/security/clawsec/current-profile.json

Compare against an approved baseline:

node scripts/check_drift.mjs   --baseline ~/.picoclaw/security/clawsec/baseline-profile.json   --current ~/.picoclaw/security/clawsec/current-profile.json   --fail-on critical

Critical drift includes public Web UI enablement, Web UI auth disablement, workspace restriction disablement, unsigned/insecure verification mode, verified-feed regression, and watched-file/release-artifact fingerprint changes.

Chain-of-supply verification

Verify a Picoclaw release artifact against a checksum manifest plus detached signature. Signed manifest verification is required for a passing supply-chain verdict:

node scripts/verify_supply_chain.mjs \
  --artifact ./picoclaw \
  --checksums ./checksums.json \
  --signature ./checksums.json.sig \
  --public-key ./feed-signing-public.pem

Checksum-only mode is integrity-only, not provenance. Use --allow-unsigned-checksums only for short, documented offline triage windows; it should not satisfy production install verification.

Operator review notes

  • Treat public UI binding (0.0.0.0, -public) as a critical review item until auth and network allowlists are proven.
  • Treat MCP servers as separate trust boundaries; review each server's filesystem, network, and credential access.
  • Treat third-party OpenWrt/LuCI wrappers as separate supply-chain artifacts. Verify provenance before installing them on routers.
  • Never leave unsigned advisory mode enabled in recurring or production checks.

Validation

python utils/validate_skill.py skills/picoclaw-security-guardian
node skills/picoclaw-security-guardian/test/profile.test.mjs
node skills/picoclaw-security-guardian/test/drift.test.mjs
node skills/picoclaw-security-guardian/test/supply_chain.test.mjs
bash -n skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

Pre-release install regression

Before publishing v0.0.1 release artifacts, run the isolated install lane from the repo root:

skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

The regression installs the skill through Picoclaw's own find_skills / install_skill path from a local ClawHub-compatible registry into an isolated Docker-hosted Picoclaw workspace with isolated HOME, PICOCLAW_HOME, and PICOCLAW_WORKSPACE. It verifies signed release-artifact preflight inputs, confirms Picoclaw's skill loader can list/load the installed skill, then runs the installed copy's profile, drift, advisory fail-closed, advisory filtering, and supply-chain verification paths against Picoclaw-style config.json and launcher-config.json files.

建议反馈