skill-auditor
Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration before installation. Features 0-100 numeric risk scoring, MITRE ATT&CK mappings, base64/hex deobfuscation, IoC database, whitelist system, and SHA256 file inventory. Use before installing any third-party skill. Triggers: audit skill, check security, scan skill, is this skill safe, security review, quarantine.
Best use case
skill-auditor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration before installation. Features 0-100 numeric risk scoring, MITRE ATT&CK mappings, base64/hex deobfuscation, IoC database, whitelist system, and SHA256 file inventory. Use before installing any third-party skill. Triggers: audit skill, check security, scan skill, is this skill safe, security review, quarantine.
Teams using skill-auditor should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/skill-auditor-v2/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How skill-auditor Compares
| Feature / Agent | skill-auditor | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration before installation. Features 0-100 numeric risk scoring, MITRE ATT&CK mappings, base64/hex deobfuscation, IoC database, whitelist system, and SHA256 file inventory. Use before installing any third-party skill. Triggers: audit skill, check security, scan skill, is this skill safe, security review, quarantine.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Skill Auditor v2.0 🔍🛡️
Comprehensive security scanner for OpenClaw/ClawHub skills. Merges static analysis, deobfuscation, and threat intelligence into a single Python tool.
## When to Use
- Before installing **any** third-party skill from ClawHub
- When reviewing skill updates for security regressions
- To audit your own skills before publishing
- When someone asks: "is this skill safe?", "audit this", "check security"
## Quick Start
### Audit a local skill directory
```bash
python3 {baseDir}/scripts/audit_skill.py /path/to/skill --human
```
### Audit a ClawHub skill by slug
```bash
python3 {baseDir}/scripts/audit_skill.py --slug skill-name --human
```
### Quarantine workflow (audit + prompt to install)
```bash
bash {baseDir}/scripts/quarantine.sh /path/to/skill
bash {baseDir}/scripts/quarantine.sh --slug skill-name
```
### JSON output for programmatic use
```bash
python3 {baseDir}/scripts/audit_skill.py /path/to/skill --json
```
## Scoring System
| Score | Level | Action |
|-------|-------|--------|
| 0–20 | ✅ SAFE | Auto-install OK |
| 21–40 | 🟢 LOW RISK | Proceed with caution |
| 41–60 | 🟡 MEDIUM RISK | Manual review required |
| 61–80 | 🟠 HIGH RISK | Expert review needed |
| 81–100 | 🔴 CRITICAL | Do NOT install |
Exit codes: `0` = safe (≤20), `1` = review (21–60), `2` = dangerous (>60)
## Detection Layers
### Layer 1: Static Pattern Analysis
- 10+ scan categories with regex patterns
- Shell execution, network calls, env access, filesystem escape
- Prompt injection, data exfiltration, crypto wallet access
- Dynamic imports, browser credential theft, fake prerequisites
### Layer 2: Deobfuscation
- Base64 string extraction and decode → re-scan decoded content
- Hex escape sequence decode → re-scan
- Detects hidden commands, C2 IPs in encoded payloads
### Layer 3: Threat Intelligence
- IoC database: known malicious IPs, domains
- Social engineering detection: urgency, false authority, fear tactics
- MITRE ATT&CK ID mapping on every finding
- Whitelist system reduces score for safe binaries/domains
### Additional Checks
- SHA256 file inventory for integrity verification
- Typosquat detection (Levenshtein distance on package names)
- Zero-width character detection in SKILL.md
- Comment-context severity reduction (findings in comments scored lower)
- Permission scope analysis (what tools does the skill request?)
## IoC Database
Structured threat data in `references/ioc-database.json`. Update when new threats emerge. The scanner auto-loads this file at runtime.
## References
- `references/ioc-database.json` — Structured IoC data (IPs, domains, patterns)
- `references/known-patterns.md` — Human-readable threat documentation
- `references/prompt-injection-patterns.md` — Prompt injection pattern reference
## Credits
Built by [M. Abidi](https://www.linkedin.com/in/mohammad-ali-abidi) | [agxntsix.ai](https://www.agxntsix.ai)
[YouTube](https://youtube.com/@aiwithabidi) | [GitHub](https://github.com/aiwithabidi)
Part of the **AgxntSix Skill Suite** for OpenClaw agents.
📅 **Need help setting up OpenClaw for your business?** [Book a free consultation](https://cal.com/agxntsix/abidi-openclaw)
Fork of [skill-auditor-pro](https://clawhub.ai/skills/skill-auditor-pro) by sypsyp97, merged with [skill-security-auditor](https://clawhub.ai/skills/skill-security-auditor) by akm626.Related Skills
Payroll Compliance Auditor
Run a full payroll audit in under 10 minutes. Catches the errors that cost companies $845 per violation.
Agent Security Auditor
Scans ERC-8004 agents for security vulnerabilities and generates comprehensive security reports.
Devvit Publishing Auditor
A specialized auditor for Reddit Devvit developers to verify app readiness before uploading to the Reddit servers. It ensures compliance with Devvit CLI v0.12.x and Reddit’s publishing standards.
hefestoai-auditor
Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine.
clauditor
Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.
azure-storage-exposure-auditor
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
aws-security-group-auditor
Audit AWS Security Groups and VPC configurations for dangerous internet exposure
aws-s3-exposure-auditor
Identify publicly accessible S3 buckets, dangerous ACLs, and misconfigured bucket policies
azure-nsg-firewall-auditor
Audit Azure NSG rules and Azure Firewall policies for dangerous internet exposure
azure-key-vault-auditor
Audit Azure Key Vault configuration, access policies, and secret hygiene for credential exposure risks
aws-iam-policy-auditor
Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
azure-entra-id-auditor
Audit Microsoft Entra ID for over-privileged roles, dangerous access patterns, and identity security gaps