AI Agent Skill HUB

Skill Audit 🔍

扫描 OpenClaw skills 中的安全风险，防止供应链攻击。

3,891 stars

Complexity: easy

View on GitHub Installation ↓

About this skill

Skill Audit is a critical security tool designed for the OpenClaw AI agent ecosystem. Its primary function is to scan both installed skills and those available on ClawHub for potential security vulnerabilities and malicious code patterns. It categorizes risks into Critical (e.g., reading credential files, data exfiltration, arbitrary code execution), Warning (e.g., untrusted network requests, file system traversal), and Info (e.g., shell command usage, many dependencies) levels. Users can invoke the skill to scan all currently installed skills, target a specific skill by name or local directory, or proactively check a skill on ClawHub before installation. This systematic approach ensures that AI agents operate in a more secure environment, reducing the risk of compromise from third-party code. The skill provides clear, actionable reports, including a risk score and specific findings, aiding developers and users in making informed decisions about skill trustworthiness. By integrating Skill Audit into their workflow, users can protect their sensitive data, prevent system integrity breaches, and mitigate the threat of supply chain attacks inherent in using external code components. It acts as an essential gatekeeper, offering peace of mind to anyone leveraging the modular capabilities of AI agents.

Best use case

The primary use case for Skill Audit is to enhance the security posture of AI agent environments by proactively identifying and mitigating potential threats within third-party skills. It is most beneficial for AI agent developers, users, and platform maintainers who need to vet new or existing skills for malicious code, prevent data breaches, and ensure the integrity of their automated workflows.

扫描 OpenClaw skills 中的安全风险，防止供应链攻击。

Users should expect a detailed security report outlining detected risks, their severity, and specific findings for the audited skill(s), along with a clear recommendation (e.g., 'DO NOT INSTALL').

Practical example

Example input

/skill-audit check suspicious-weather

Example output

🔍 Skill Audit Report: suspicious-weather
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Risk Score: 85/100 🔴 HIGH RISK

┌─────────────┬──────────┬─────────────────────────────────┐
│ File        │ Severity │ Finding                         │
├─────────────┼──────────┼─────────────────────────────────┤
│ index.ts    │ CRITICAL │ Reads ~/.openclaw/credentials/  │
│ index.ts    │ CRITICAL │ POST to webhook.site            │
│ utils.ts    │ WARNING  │ Uses eval()                     │
└─────────────┴──────────┴─────────────────────────────────┘

⚠️  DO NOT INSTALL - This skill may steal your credentials!

When to use this skill

Before installing a new AI agent skill from an unknown or untrusted source.
To periodically audit all installed skills for latent vulnerabilities or updated malicious code.
When developing a new skill, to self-check against common security pitfalls and best practices.
After a security incident or suspected compromise, to investigate potentially affected skills.

When not to use this skill

When the skill is confirmed to be running in a fully isolated and sandboxed environment.
If the skill's source is already absolutely trusted and manually verified by security experts.
For skills that do not involve code execution, file system access, or network requests (though this skill specifically targets code-based skills).
If an audit is blocking a time-critical operation and the risk is deemed acceptable for a temporary, low-impact task.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/raini-skill-audit/SKILL.md --create-dirs "https://raw.githubusercontent.com/openclaw/skills/main/skills/0xraini/raini-skill-audit/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/raini-skill-audit/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How Skill Audit 🔍 Compares

Feature / Agent	Skill Audit 🔍	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	easy	N/A

Frequently Asked Questions

What does this skill do?

扫描 OpenClaw skills 中的安全风险，防止供应链攻击。

How difficult is it to install?

The installation complexity is rated as easy. You can find the installation instructions above.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

AI Agents for Coding

Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.

Best AI Skills for Claude

Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.

Cursor vs Codex for AI Workflows

Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.

SKILL.md Source

# Skill Audit 🔍

扫描 OpenClaw skills 中的安全风险，防止供应链攻击。

---

## 指令

### `/skill-audit scan [skill-name]`
扫描已安装的 skill，检测可疑代码模式。

```bash
# 扫描所有已安装 skill
skill-audit scan

# 扫描指定 skill
skill-audit scan moltdash

# 扫描本地目录
skill-audit scan ./my-skill
```

### `/skill-audit check <clawhub-slug>`
安装前检查 ClawHub 上的 skill。

```bash
skill-audit check some-skill
```

---

## 检测规则

### 🔴 高风险 (Critical)
- 读取凭证文件: `~/.ssh/`, `~/.env`, `credentials.json`
- 外发数据: `fetch()`, `curl`, `webhook`, `POST` 到未知 URL
- 代码执行: `eval()`, `exec()`, `child_process`
- 读取环境变量中的密钥: `process.env.API_KEY`

### 🟠 中风险 (Warning)  
- 网络请求到非知名域名
- 文件系统遍历: `fs.readdir()`, `glob`
- 动态 require/import
- Base64 编码的字符串 (可能是混淆)

### 🟡 低风险 (Info)
- 使用 shell 命令
- 读写用户目录外的文件
- 大量依赖包

---

## 输出示例

```
🔍 Skill Audit Report: suspicious-weather
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Risk Score: 85/100 🔴 HIGH RISK

┌─────────────┬──────────┬─────────────────────────────────┐
│ File        │ Severity │ Finding                         │
├─────────────┼──────────┼─────────────────────────────────┤
│ index.ts    │ CRITICAL │ Reads ~/.openclaw/credentials/  │
│ index.ts    │ CRITICAL │ POST to webhook.site            │
│ utils.ts    │ WARNING  │ Uses eval()                     │
└─────────────┴──────────┴─────────────────────────────────┘

⚠️  DO NOT INSTALL - This skill may steal your credentials!
```

---

## 运行方式

该 skill 附带一个 CLI 脚本，agent 可直接调用：

```bash
node {baseDir}/src/audit.js scan ~/.openclaw/workspace/skills/moltdash
node {baseDir}/src/audit.js scan --all
```

---

## 参考

- [OWASP LLM Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
- [Moltbook Security Discussion](https://www.moltbook.com/post/cbd6474f-8478-4894-95f1-7b104a73bcd5)

Related Skills

Compliance & Audit Readiness Engine

from openclaw/skills

Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.

Compliance Audit Generator

from openclaw/skills

Run internal compliance audits against major frameworks without hiring a consultant.

AI Safety Audit

from openclaw/skills

Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.

SX-security-audit

from openclaw/skills

全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。

HIPAA Compliance for AI Agents

from openclaw/skills

Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.

Data Governance Framework

from openclaw/skills

Assess, score, and remediate your organization's data governance posture across 6 domains.

Cybersecurity Risk Assessment

from openclaw/skills

You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.

afrexai-cybersecurity-engine

from openclaw/skills

Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.

clickhouse-github-forensics

from openclaw/skills

Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".

security-guardian

from openclaw/skills

Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.

mema-vault

from openclaw/skills

Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.

guardian-wall

from openclaw/skills

Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").