策略审计

Policy

by BytesAgain

Audit and enforce security policy baselines. Use when generating policy docs, checking compliance strength, rotating access controls, auditing configs.

4.5k安全与合规未扫描2026年3月23日

安装

claude skill add --url github.com/openclaw/skills/tree/main/skills/bytesagain3/policy

文档

Policy

A comprehensive security policy management toolkit for generating policies, checking compliance strength, rotating access controls, auditing configurations, and managing credential lifecycles. Works entirely offline with local storage, zero configuration required.

Why Policy?

  • Works entirely offline — your data never leaves your machine
  • 12 core security commands covering the full policy lifecycle
  • Simple command-line interface, no GUI needed
  • Export to JSON, CSV, or plain text anytime
  • Automatic history and activity logging with timestamps

Commands

CommandDescription
policy generate <input>Generate security policies, compliance documents, or access rules
policy check-strength <input>Check the strength of passwords, keys, or security configurations
policy rotate <input>Rotate credentials, API keys, or access tokens
policy audit <input>Audit security configurations, access logs, or compliance status
policy store <input>Store security records, policy snapshots, or credential metadata
policy retrieve <input>Retrieve stored policy records or credential metadata
policy expire <input>Mark credentials or policies as expired, track expiration dates
policy policy <input>Define, update, or review policy rules and baselines
policy report <input>Generate security audit reports and compliance summaries
policy hash <input>Hash values for verification, integrity checks, or storage
policy verify <input>Verify hashes, signatures, or policy compliance status
policy revoke <input>Revoke access tokens, certificates, or credentials
policy statsShow summary statistics for all logged entries
policy export <fmt>Export data (json, csv, or txt)
policy search <term>Search across all logged entries
policy recentShow last 20 activity entries
policy statusHealth check — version, data dir, disk usage
policy helpShow full help with all available commands
policy versionShow current version (v2.0.0)

Each core command (generate, check-strength, rotate, audit, store, retrieve, expire, policy, report, hash, verify, revoke) works in two modes:

  • Without arguments: shows recent entries from that command's log
  • With arguments: records the input with a timestamp and saves to the command-specific log file

Data Storage

All data is stored locally at ~/.local/share/policy/. Each command maintains its own .log file (e.g., generate.log, audit.log, rotate.log). A unified history.log tracks all activity across commands with timestamps. Use the export command to back up your data in JSON, CSV, or plain text format at any time.

Requirements

  • Bash 4.0+ (uses set -euo pipefail)
  • Standard Unix utilities: date, wc, du, tail, grep, sed, cat, basename
  • No external dependencies or API keys required
  • Works on Linux, macOS, and WSL

When to Use

  1. Security compliance audits — Run policy audit and policy report to document compliance posture and generate audit trails
  2. Credential rotation workflows — Use policy rotate and policy expire to track and enforce regular credential rotation schedules
  3. Password and key strength assessment — Run policy check-strength to evaluate the strength of passwords, keys, or security configs before deployment
  4. Policy document generation — Use policy generate and policy policy to create, update, and maintain security policy documentation
  5. Access control lifecycle management — Combine policy store, policy retrieve, policy verify, and policy revoke to manage the full lifecycle of credentials and access tokens

Examples

bash
# Generate a security policy document
policy generate "SOC2 access control policy for production databases"

# Check password strength
policy check-strength "MyP@ssw0rd2024! — evaluate complexity and entropy"

# Rotate an API key
policy rotate "AWS IAM key for deployment-bot — rotated 2024-03-18"

# Audit firewall configuration
policy audit "iptables rules on prod-web-01 — check for open ports"

# Store credential metadata
policy store "GitHub PAT for CI/CD — expires 2024-06-01 — scope: repo,workflow"

# Verify a hash
policy verify "SHA256 checksum for release-v2.0.0.tar.gz"

# Revoke an expired token
policy revoke "OAuth2 refresh token for legacy-app — expired"

# View statistics across all commands
policy stats

# Export all data as CSV
policy export csv

# Search for a specific term
policy search "production"

Output

All commands return structured text to stdout. Redirect to a file with policy <command> > output.txt. Exported files are saved to the data directory with the chosen format extension.

Configuration

The data directory defaults to ~/.local/share/policy/. The tool auto-creates this directory on first run.


Powered by BytesAgain | bytesagain.com | hello@bytesagain.com

相关 Skills

安全专家

by alirezarezvani

Universal
热门

覆盖威胁建模、漏洞评估、安全架构设计、代码审计与渗透测试,内置 STRIDE、OWASP、加密模式和安全扫描流程,适合系统设计评审与上线前安全排查。

安全专家把威胁建模、漏洞分析到渗透测试串成一套流程,内置 STRIDE 与 OWASP 指南,做安全设计和排查更省心。

安全与合规
未扫描21.3k

安全运营

by alirezarezvani

Universal
热门

覆盖应用安全、漏洞管理与合规审计,支持代码/依赖扫描、CVE 评估、Secrets 检测和安全自动化,适合做安全基线落地、漏洞响应、审计检查与安全开发治理。

应用安全、漏洞管理和合规检查一套打通,还能自动化扫描与响应,帮团队更早发现并收敛风险。

安全与合规
未扫描21.3k

安全审计

by alirezarezvani

Universal
热门

安装前审计 Claude Code Skill 的代码执行、Prompt 注入和依赖供应链风险,支持本地目录或 Git 仓库扫描,输出 PASS/WARN/FAIL 结论及修复建议

把代码审查、漏洞扫描和合规检查串成一条线,帮团队更早发现风险,做安全治理更省心。

安全与合规
未扫描21.3k

相关 MCP 服务

搜索和分析 Sentry 错误报告,辅助调试。

把零散的 Sentry 错误报告变成可检索线索,帮你在海量报错里更快定位线上故障,排障调试明显省时。

安全与合规
753

为 AI agents 提供安全层:拦截 prompt injection、识别伪造 packages,并扫描漏洞风险。

给 AI Agent 补上关键安全层,能拦截 prompt 注入、识别伪造包并扫描漏洞风险,把防护前置更省心。

安全与合规
113

强化安全性的 NotebookLM MCP,集成 post-quantum encryption,提升数据防护能力。

安全与合规
71

相关资讯

Cloudflare 要求 AI 公司于 2026 年 9 月 15 日前将用于搜索的爬虫与用于 AI 训练及智能体的爬虫分离,否则新客户、新站点及免费客户的默认设置将屏蔽混合爬虫。此举旨在保护出版商内容权益,同时推动可持续的 AI 生态。

深度·7月1日·4 分钟

Anthropic 在系统卡中隐藏了 Claude 对前沿 LLM 开发的限制策略,遭用户强烈抵制。公司现已道歉,并宣布将改为可见反馈,告知用户请求被降级或拒绝的原因。

深度Simon Willison·6月11日·2 分钟

本文提出Draft-OPD,通过在线策略蒸馏训练草稿模型,解决传统监督微调中因训练与推理分布不匹配导致的性能瓶颈。实验表明,该方法在多种任务上实现5倍以上无损加速,优于EAGLE-3和DFlash分别23%和13%。

深度·6月4日·31 分钟

评论