feat:add security skill

添加安装clawSentry skill

GitOrigin-RevId: 5c1ddf221a048a67129ccc2e0d67ca33684e40c6

Author: YumengBao

skills/byted-security-clawsentry/LICENSE

@@ -0,0 +1,13 @@
+# Copyright (c) 2025 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

skills/byted-security-clawsentry/README.md

@@ -0,0 +1,78 @@
+# ClawSentry Readme
+
+ClawSentry 是火山引擎 AI Assistant Security 为 OpenClaw 深度定制的安全防护组件。在保障 OpenClaw 正常作业的同时，提供实时风险监测与防御，涵盖提示词注入、敏感数据泄露及高危命令执行等核心安全场景。
+
+## Skill 防护功能
+
+- **提示词注入 (Prompt Injection) --- 识别恶意指令并拒绝执行**
+  - 攻击者可能在你让 OpenClaw 处理的网页、文档或邮件中隐藏恶意指令，诱骗其执行非预期操作，如窃取密码或泄露数据。
+
+- **敏感信息泄露 (PII Leakage) --- 防止敏感信息被直接读取、外发**
+  - 你在与 AI 对话或处理文档时，可能无意间输入了个人或公司的敏感信息（如身份证号、手机号、API Key），这些信息可能被发送到外部大模型，造成隐私泄露。
+
+- **高危操作 (Risky Operation) --- 拦截 AI 自动执行高权限风险操作**
+  - AI 在理解模糊指令时可能出错，或被恶意诱导，调用高权限工具执行危险命令，例如将“清理桌面”错误地理解为删除系统重要文件。
+
+- **恶意 Skill (Malicious Skill Attack) --- 扫描集成 Skill 的风险情况，阻止恶意 Skill 入侵**
+  - 攻击者可能通过伪装成正常功能的第三方插件或技能（Skills），诱导用户安装。这些恶意技能在被 AI 调用时，可能在后台静默执行恶意代码，例如窃取浏览器凭证（Cookie）、抓取本地敏感文件或进行越权操作。
+
+## 安装方式（仅需极简三步操作）
+
+#### 通过对话直接安装
+
+支持通过对话交互的方式完成 ClawSentry skill 包安装，例如你可以通过与 OpenClaw 对话完成安装。
+
+#### 前提条件
+
+在开始之前，请确保你已经正确安装了 OpenClaw 。
+
+#### **步骤一 下载并运行 ClawSentry Skill**
+
+**在对话框中输入：**帮我安装 byted-security-clawsentry
+
+**预期结果：**执行完成后，在对话框中会返回安装成功的提示并提供登录授权链接。
+
+#### 步骤二 授权与自动配置
+
+1. 在打开的页面上，请仔细阅读相关服务协议和隐私政策。勾选同意后，单击 **“同意并开通”**。
+
+2. 按提示完成登录，浏览器页面显示“授权成功”即表示完成。
+
+
+完成授权后，OpenClaw 会自动执行剩余安装和配置流程。
+
+#### 步骤三 验证安装结果
+
+完成安装后，你可以向你的 OpenClaw 通过对话框发送以下类似指令，来验证 ClawSentry 是否已成功安装并启用：
+
+1. 查看 ClawSentry 的启用状态和版本号；
+2. 查看防护状态。
+
+**预期结果**：对话框返回的信息中应包含 ClawSentry 插件，其版本为 **1.1.0**，且状态为**“已启用”**。
+
+## 产品建议与反馈
+
+安装或使用过程中，如果遇到任何问题或阻塞，你可以通过官网咨询直接与我们取得联系；如果想反馈产品建议，你可通过问卷提交相关内容。感谢你的支持与配合。
+
+**官网咨询入口**
+
+访问[火山引擎官网](https://www.volcengine.com/)，单击右侧**在线咨询**，进入对话。
+
+**问卷表单**
+
+访问链接填写问卷，反馈你的问题。
+
+https://bytedance.larkoffice.com/share/base/form/shrcngOInnpkzC7OyN1y7QcwQJ8
+
+**飞书群聊**
+
+访问链接加入官方飞书群聊，参与产品讨论，获取产品最新动态。
+
+https://applink.larkoffice.com/client/chat/chatter/add_by_link?link_token=845sa75d-18de-4b53-a623-42c4db4b25de
+
+## 费用说明
+
+当前产品处于**免费试用阶段**，暂不收取费用。
+
+- 待产品进入正式收费阶段后，免费试用服务将相应停止。我们将提前发布收费标准及生效时间说明，并预留合理过渡期。
+- 在你主动确认开通付费服务前，不会产生任何费用。

skills/byted-security-clawsentry/SKILL.md

@@ -0,0 +1,63 @@
+---
+description: Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want to complete installation and basic configuration of these plugins for an OpenClaw environment in one go.
+name: byted-security-clawsentry
+---
+
+# ClawSentry
+
+## Agent Rules
+
+IMPORTANT: You MUST follow these steps EXACTLY when using this skill:
+
+1. FIRST: Verify Node.js is installed on the system (version 14 or higher).
+2. SECOND: Execute the script `node {baseDir}/scripts/bundle.js`.
+3. THIRD: Verify the script executed successfully by checking:
+   - Check the script exit code: 0 means success, non-0 means failure
+   - Look for success output: "Login URL generated successfully:" in the script output
+   - Look for the line that starts with `[LOGIN_URL]:` in the script output
+   - Check if `{baseDir}/.state/login_state.json` file exists and contains a valid `loginUrl` field
+   - If the file doesn't exist, wait a few seconds and try again
+   - If you can't find the files, try looking in `.openclaw/skills/ClawSentry/scripts/` directory
+
+4. FOURTH: After confirming the script succeeded, get the login URL using ONE of these methods (in this priority order):
+   - Extract from the script output by looking for the line that starts with `[LOGIN_URL]:`
+   - Read from `{baseDir}/.state/login_state.json` file (look for the `loginUrl` field)
+
+5. FIFTH: Send the login URL to the user along with this message: "After completing login, please send me a message saying you have successfully logged in (e.g., '我已经注册成功了', '我已经登录成功了', '我已经注册好了', '登录好了', '登录上了')."
+6. SIXTH: After sending the login URL to the user, you MUST perform the following monitoring for 10 minutes (600 seconds):
+   a. EVERY MINUTE, check if the process `bundle.js --login-token` is running using the command: `ps aux | grep "bundle.js --login-token"`
+   b. If the process IS running: continue monitoring until the 10 minutes expire
+   c. If the process IS NOT running:
+   i. Read `{baseDir}/.state/login_state.json` file and check the `enable` field
+   ii. If `enable` is `true`: END the conversation immediately
+   iii. If `enable` is `false`: - Read `loginToken` and `deviceFingerprint` from `{baseDir}/.state/login_state.json` - Restart the process with: `node {baseDir}/scripts/bundle.js --login-token [loginToken] --device-fingerprint [deviceFingerprint]`
+   d. Stop monitoring after 10 minutes have elapsed
+
+DO NOT skip any steps. DO NOT modify the order of steps. ALWAYS verify the script succeeded before proceeding.
+
+## Use Cases
+
+- Use this skill when you need to install and prepare the `ai-assistant-security-openclaw` plugins for the OpenClaw environment on the current machine.
+- Trigger this skill when the user mentions requirements such as "install clawSentry / ai-assistant-security-openclaw plugin / install byted-security-clawsentry / 使用byted-security-clawsentry技能安装安全插件".
+
+## Steps
+
+### 1. Verify Node.js is installed:
+
+Ensure Node.js (version 14 or higher) is installed on the system. You can check with:
+
+```bash
+node --version
+```
+
+### 2. Execute the combined script to install plugin and generate login link:
+
+```bash
+node {baseDir}/scripts/bundle.js
+```
+
+After the script completes:
+
+- The script will display the login URL directly. You can also extract it from the output by looking for the line that starts with `[LOGIN_URL]:`
+- You can also read the login URL from `{baseDir}/.state/login_state.json` file (look for the `loginUrl` field). If the file doesn't exist, try reading it again after a few seconds. If you can't find the files, try looking in `.openclaw/skills/ClawSentry/scripts/` directory.
+- Send the login URL to the user along with this message: "After completing login, please send me a message saying you have successfully logged in (e.g., '我已经注册成功了', '我已经登录成功了', '我已经注册好了', '登录好了', '登录上了')."