AI Agent Skill HUB
multiAI Summary Pending

Skill Audit ๐Ÿ”

ๆ‰ซๆ OpenClaw skills ไธญ็š„ๅฎ‰ๅ…จ้ฃŽ้™ฉ๏ผŒ้˜ฒๆญขไพ›ๅบ”้“พๆ”ปๅ‡ปใ€‚

3,556 stars
byopenclaw
View on GitHubInstallation โ†“

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/raini-skill-audit/SKILL.md --create-dirs "https://raw.githubusercontent.com/openclaw/skills/main/skills/0xraini/raini-skill-audit/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/raini-skill-audit/SKILL.md inside your project
  3. Restart your AI agent โ€” it will auto-discover the skill

How Skill Audit ๐Ÿ” Compares

Feature / AgentSkill Audit ๐Ÿ”Standard Approach
Platform SupportmultiLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

ๆ‰ซๆ OpenClaw skills ไธญ็š„ๅฎ‰ๅ…จ้ฃŽ้™ฉ๏ผŒ้˜ฒๆญขไพ›ๅบ”้“พๆ”ปๅ‡ปใ€‚

Which AI agents support this skill?

This skill is compatible with multi.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Skill Audit ๐Ÿ”

ๆ‰ซๆ OpenClaw skills ไธญ็š„ๅฎ‰ๅ…จ้ฃŽ้™ฉ๏ผŒ้˜ฒๆญขไพ›ๅบ”้“พๆ”ปๅ‡ปใ€‚

---

## ๆŒ‡ไปค

### `/skill-audit scan [skill-name]`
ๆ‰ซๆๅทฒๅฎ‰่ฃ…็š„ skill๏ผŒๆฃ€ๆต‹ๅฏ็–‘ไปฃ็ ๆจกๅผใ€‚

```bash
# ๆ‰ซๆๆ‰€ๆœ‰ๅทฒๅฎ‰่ฃ… skill
skill-audit scan

# ๆ‰ซๆๆŒ‡ๅฎš skill
skill-audit scan moltdash

# ๆ‰ซๆๆœฌๅœฐ็›ฎๅฝ•
skill-audit scan ./my-skill
```

### `/skill-audit check <clawhub-slug>`
ๅฎ‰่ฃ…ๅ‰ๆฃ€ๆŸฅ ClawHub ไธŠ็š„ skillใ€‚

```bash
skill-audit check some-skill
```

---

## ๆฃ€ๆต‹่ง„ๅˆ™

### ๐Ÿ”ด ้ซ˜้ฃŽ้™ฉ (Critical)
- ่ฏปๅ–ๅ‡ญ่ฏๆ–‡ไปถ: `~/.ssh/`, `~/.env`, `credentials.json`
- ๅค–ๅ‘ๆ•ฐๆฎ: `fetch()`, `curl`, `webhook`, `POST` ๅˆฐๆœช็Ÿฅ URL
- ไปฃ็ ๆ‰ง่กŒ: `eval()`, `exec()`, `child_process`
- ่ฏปๅ–็Žฏๅขƒๅ˜้‡ไธญ็š„ๅฏ†้’ฅ: `process.env.API_KEY`

### ๐ŸŸ  ไธญ้ฃŽ้™ฉ (Warning)  
- ็ฝ‘็ปœ่ฏทๆฑ‚ๅˆฐ้ž็ŸฅๅๅŸŸๅ
- ๆ–‡ไปถ็ณป็ปŸ้ๅŽ†: `fs.readdir()`, `glob`
- ๅŠจๆ€ require/import
- Base64 ็ผ–็ ็š„ๅญ—็ฌฆไธฒ (ๅฏ่ƒฝๆ˜ฏๆททๆท†)

### ๐ŸŸก ไฝŽ้ฃŽ้™ฉ (Info)
- ไฝฟ็”จ shell ๅ‘ฝไปค
- ่ฏปๅ†™็”จๆˆท็›ฎๅฝ•ๅค–็š„ๆ–‡ไปถ
- ๅคง้‡ไพ่ต–ๅŒ…

---

## ่พ“ๅ‡บ็คบไพ‹

```
๐Ÿ” Skill Audit Report: suspicious-weather
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”

Risk Score: 85/100 ๐Ÿ”ด HIGH RISK

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ File        โ”‚ Severity โ”‚ Finding                         โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ index.ts    โ”‚ CRITICAL โ”‚ Reads ~/.openclaw/credentials/  โ”‚
โ”‚ index.ts    โ”‚ CRITICAL โ”‚ POST to webhook.site            โ”‚
โ”‚ utils.ts    โ”‚ WARNING  โ”‚ Uses eval()                     โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

โš ๏ธ  DO NOT INSTALL - This skill may steal your credentials!
```

---

## ่ฟ่กŒๆ–นๅผ

่ฏฅ skill ้™„ๅธฆไธ€ไธช CLI ่„šๆœฌ๏ผŒagent ๅฏ็›ดๆŽฅ่ฐƒ็”จ๏ผš

```bash
node {baseDir}/src/audit.js scan ~/.openclaw/workspace/skills/moltdash
node {baseDir}/src/audit.js scan --all
```

---

## ๅ‚่€ƒ

- [OWASP LLM Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
- [Moltbook Security Discussion](https://www.moltbook.com/post/cbd6474f-8478-4894-95f1-7b104a73bcd5)