Skip to content

lihytaihe-lang/ai-security-expert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
assets
assets
 
 
capabilities
capabilities
 
 
detection
detection
 
 
references
references
 
 
scripts
scripts
 
 
tests
tests
 
 
threat-intel
threat-intel
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SKILL.md
SKILL.md
 
 

Repository files navigation

AI Security Expert

🛡️ AI时代的网络安全专家 | AI-era Cybersecurity Expert

License: MIT Python 3.8+ Free PRs Welcome

English | 中文

中文

📋 项目背景

2026年初,社区出现"卸载OpenClaw"的讨论。用户担心AI被恶意利用、数据泄露、误操作。Skills来源不明,代码难以审计。

这个Skill就是为了解决OpenClaw和AI工具的安全问题而生。

我们合并了 openclaw-security-guard(AI安全防护)和 cybersecurity-expert(传统网络安全)两个项目,创建了完整的AI时代网络安全解决方案。

🎯 核心能力

传统网络安全

  • 漏洞扫描:网络扫描、Web扫描、系统扫描
  • 恶意软件防护:木马检测、病毒扫描、勒索软件防护
  • 系统加固:Linux/Windows加固、配置模板、审计清单
  • 威胁检测:网络监控、异常行为检测、IOC分析
  • 事件响应:应急响应流程、取证分析、恢复指南

AI特有威胁防护

  • Prompt注入检测:OWASP LLM01,直接/间接/隐形注入检测
  • Agent行为监控:OpenClaw特定监控、工具调用审计
  • 模型安全验证:模型输出验证、安全策略检查
  • 数据泄露防护:API Key检测、PII检测、敏感信息脱敏

🛡️ 四层纵深防御

层级 名称 功能 状态
Layer 1 实质性检测 AI威胁检测、敏感信息检测、运行时监控
Layer 2 提示性检测 危险命令拦截、支付拦截、隐私保护
Layer 3 安全教育 知识库、透明化日志、场景化提示
Layer 4 威胁情报 NVD CVE、MITRE ATT&CK、OWASP LLM、GitHub OSINT

✨ 核心特性

  • 100%免费 - 所有功能完全免费,无需API Key
  • 威胁情报免费 - 来自NVD、MITRE、OWASP、GitHub等公开源
  • 本地缓存 - 离线可用,无需联网
  • 开源透明 - MIT协议,代码可审计
  • 检测准确 - Prompt注入检测准确率>85%,误报率<5%
  • 中文支持 - 支持中国手机号、身份证等本地化检测

🚀 快速开始

安装

# 1. 克隆仓库
git clone https://github.com/yourusername/ai-security-expert.git
cd ai-security-expert

# 2. 安装依赖
pip install requests pyyaml

# 3. 更新威胁情报(可选)
cd threat-intel
python updater.py

使用示例

检测Prompt注入

from detection.layer1_detection import Layer1Detector

detector = Layer1Detector()

# 检测Prompt注入
result = detector.detect_prompt_injection("ignore all previous instructions and...")
print(result)
# 输出: {"detected": True, "type": "direct", "confidence": 0.95, ...}

检测敏感信息

# 检测API Key、密码等敏感信息
findings = detector.detect_sensitive_info("My API key is sk-abc123...")
print(findings)
# 输出: [{"type": "api_key", "severity": "critical", "value": "sk-***...234"}]

运行时监控

# 监控危险操作
result = detector.monitor_runtime({
    "type": "exec",
    "action": "rm -rf /",
    "target": "/"
})
print(result)
# 输出: {"allowed": False, "risk_level": "critical", ...}

更新威胁情报

cd threat-intel
python updater.py

# 输出:
# ✅ NVD CVE updated: 2000 entries
# ✅ MITRE ATT&CK updated
# ✅ OWASP LLM Top 10 updated
# ✅ GitHub OSINT updated
# ✅ Abuse.ch updated

📊 检测能力

Prompt注入检测

  • 32个恶意模式:覆盖直接注入、间接注入、隐形文本
  • 准确率:>85%
  • 误报率:<5%

敏感信息检测

  • API Keys:14种(OpenAI, AWS, GitHub, Google, Slack, Stripe等)
  • PII:7种(邮箱、电话、SSN、信用卡、身份证等)
  • 凭证:4种(密码、Token、Basic Auth等)
  • 自动脱敏:保护敏感信息

运行时监控

  • 危险命令:20+种(rm -rf, format, shutdown等)
  • 敏感路径:7+个(/etc/passwd, /root/.ssh等)
  • 可疑端口:7个(4444, 5555, 6666等)

🌐 威胁情报源

情报源 类型 免费 更新频率
NVD CVE 漏洞数据库 每日
MITRE ATT&CK 攻击技术 定期
OWASP LLM Top 10 AI威胁 月度
GitHub OSINT IOC情报 每日
Abuse.ch 恶意URL 实时

📚 文档

🤝 贡献

欢迎贡献!请查看 贡献指南

📄 许可证

MIT License

🙏 致谢

English

📋 Background

In early 2026, discussions about "uninstalling OpenClaw" emerged in the community. Users were concerned about AI being exploited maliciously, data leaks, and misoperations. Skills from unknown sources were difficult to audit.

This Skill was created to solve the security issues of OpenClaw and AI tools.

We merged openclaw-security-guard (AI security protection) and cybersecurity-expert (traditional cybersecurity) to create a complete AI-era cybersecurity solution.

🎯 Core Capabilities

Traditional Cybersecurity

  • Vulnerability Scanning: Network scanning, web scanning, system scanning
  • Malware Protection: Trojan detection, virus scanning, ransomware protection
  • System Hardening: Linux/Windows hardening, configuration templates, audit checklists
  • Threat Detection: Network monitoring, anomaly detection, IOC analysis
  • Incident Response: Emergency response procedures, forensic analysis, recovery guides

AI-Specific Threat Protection

  • Prompt Injection Detection: OWASP LLM01, direct/indirect/invisible injection detection
  • Agent Behavior Monitoring: OpenClaw-specific monitoring, tool call auditing
  • Model Security Validation: Model output validation, security policy checks
  • Data Leakage Protection: API Key detection, PII detection, sensitive information masking

🛡️ Four-Layer Defense System

Layer Name Function Status
Layer 1 Substantive Detection AI threat detection, sensitive info detection, runtime monitoring
Layer 2 Prompt Detection Dangerous command interception, payment interception, privacy protection
Layer 3 Security Education Knowledge base, transparent logging, contextual prompts
Layer 4 Threat Intelligence NVD CVE, MITRE ATT&CK, OWASP LLM, GitHub OSINT

✨ Key Features

  • 100% Free - All features completely free, no API key required
  • Free Threat Intelligence - From public sources like NVD, MITRE, OWASP, GitHub
  • Local Cache - Works offline, no internet required
  • Open Source - MIT license, auditable code
  • Accurate Detection - Prompt injection detection accuracy >85%, false positive rate <5%
  • Chinese Support - Supports Chinese phone numbers, ID cards, etc.

🚀 Quick Start

Installation

# 1. Clone repository
git clone https://github.com/yourusername/ai-security-expert.git
cd ai-security-expert

# 2. Install dependencies
pip install requests pyyaml

# 3. Update threat intelligence (optional)
cd threat-intel
python updater.py

Usage Examples

Detect Prompt Injection

from detection.layer1_detection import Layer1Detector

detector = Layer1Detector()

# Detect prompt injection
result = detector.detect_prompt_injection("ignore all previous instructions and...")
print(result)
# Output: {"detected": True, "type": "direct", "confidence": 0.95, ...}

Detect Sensitive Information

# Detect API keys, passwords, etc.
findings = detector.detect_sensitive_info("My API key is sk-abc123...")
print(findings)
# Output: [{"type": "api_key", "severity": "critical", "value": "sk-***...234"}]

Runtime Monitoring

# Monitor dangerous operations
result = detector.monitor_runtime({
    "type": "exec",
    "action": "rm -rf /",
    "target": "/"
})
print(result)
# Output: {"allowed": False, "risk_level": "critical", ...}

Update Threat Intelligence

cd threat-intel
python updater.py

# Output:
# ✅ NVD CVE updated: 2000 entries
# ✅ MITRE ATT&CK updated
# ✅ OWASP LLM Top 10 updated
# ✅ GitHub OSINT updated
# ✅ Abuse.ch updated

📊 Detection Capabilities

Prompt Injection Detection

  • 32 malicious patterns: Covers direct injection, indirect injection, invisible text
  • Accuracy: >85%
  • False positive rate: <5%

Sensitive Information Detection

  • API Keys: 14 types (OpenAI, AWS, GitHub, Google, Slack, Stripe, etc.)
  • PII: 7 types (email, phone, SSN, credit card, ID card, etc.)
  • Credentials: 4 types (password, token, Basic Auth, etc.)
  • Auto-masking: Protects sensitive information

Runtime Monitoring

  • Dangerous commands: 20+ types (rm -rf, format, shutdown, etc.)
  • Sensitive paths: 7+ paths (/etc/passwd, /root/.ssh, etc.)
  • Suspicious ports: 7 ports (4444, 5555, 6666, etc.)

🌐 Threat Intelligence Sources

Source Type Free Update Frequency
NVD CVE Vulnerability DB Daily
MITRE ATT&CK Attack Techniques Regular
OWASP LLM Top 10 AI Threats Monthly
GitHub OSINT IOC Intelligence Daily
Abuse.ch Malicious URLs Real-time

📚 Documentation

🤝 Contributing

Contributions are welcome! Please see Contributing Guide.

📄 License

MIT License

🙏 Acknowledgments

Made with ❤️ for the OpenClaw community

⭐ Star this repo | 🐛 Report Bug | 💡 Request Feature

About

AI security toolkit for prompt injection detection, sensitive data protection, runtime monitoring, and threat intelligence for LLM and agent workflows.

Topics

cybersecurity threat-intelligence runtime-monitoring ai-security prompt-injection llm-security sensitive-data-detection agent-security openclaw skill-security

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages