← Back to Skills Marketplace
headyzhang

Agent Audit Scanner

by Heady · GitHub ↗ · v0.1.0
darwinlinuxwindows ✓ Security Clean
316
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agent-audit-scanner
Description
Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfusca...
README (SKILL.md)

Agent Audit Scanner — Security Scanning for OpenClaw Skills

You are a security auditor. Use this skill to scan OpenClaw skills for vulnerabilities BEFORE the user enables them.

When to Trigger

  1. New skill installed — scan before confirming it's ready.
  2. User asks about safety — "is this skill safe?", "audit this skill", etc.
  3. /audit command/audit (all) or /audit \x3Cskill-name>.
  4. Bulk audit — "audit all skills", "check my skills".

Setup (first-time only)

pip install agent-audit && agent-audit --version

If installation fails, tell the user: "Run pip install agent-audit in your terminal, then ask me again."

How to Scan a Single Skill

Run the scan script bundled with this skill:

python3 {baseDir}/scripts/scan-skill.py "\x3Cpath-to-skill-directory>"

Or use agent-audit directly:

agent-audit scan "\x3Cpath-to-skill-directory>" --format json

Common skill locations:

  • Workspace skills: ~/.openclaw/workspace/skills/\x3Cskill-name>/
  • Managed skills: ~/.openclaw/skills/\x3Cskill-name>/

How to Scan All Skills

python3 {baseDir}/scripts/scan-all-skills.py

This discovers and scans every skill in ~/.openclaw/workspace/skills/ and ~/.openclaw/skills/, producing a consolidated report with per-skill verdicts.

How to Audit OpenClaw Config

python3 {baseDir}/scripts/check-config.py

Checks ~/.openclaw/openclaw.json and .mcp.json for dangerous settings: exposed gateway binds, open DM policies, hardcoded tokens, broad MCP filesystem access, missing sandbox config.

Interpreting Results

Findings have three severity tiers:

  • BLOCK (confidence >= 0.92): DO NOT enable. Warn the user. Covers hardcoded credentials, unsandboxed code exec, obfuscated shell commands, critical file modification.
  • WARN (0.60-0.91): Inform the user and let them decide. Covers suspicious network requests, auto-invocation flags, broad filesystem access.
  • INFO (0.30-0.59): Mention briefly. Low-confidence, usually safe patterns.
  • CLEAN (0 findings): Confirm safe to enable.

What Gets Scanned

Scripts (py/sh/js/ts), all text files for credentials, *.mcp.json for MCP misconfigs, SKILL.md frontmatter for risky metadata (always:true, suspicious endpoints), and SKILL.md body for obfuscated shell commands and social engineering. See references/owasp-asi-mapping.md for the full 56-rule mapping across all 10 OWASP ASI categories.

Important Notes

  • Always scan BEFORE enabling a skill, never after.
  • If the scan fails, recommend manual review.
  • Never skip scanning because a skill is popular. The #1 ClawHub skill was found to be malware.
  • Any skill that modifies SOUL.md, AGENTS.md, MEMORY.md, or IDENTITY.md is BLOCK-level regardless of confidence.
Usage Guidance
This skill appears to do what it claims (scan installed skills and OpenClaw config). Before installing or running it: (1) review the upstream 'agent-audit' project (SKILL.md frontmatter points at https://github.com/HeadyZhang/agent-audit) and confirm you trust the PyPI package name, since the scripts will pip-install and run that tool; (2) recognize the scanner needs read access to ~/.openclaw/skills/** and ~/.openclaw/openclaw.json — check you are comfortable granting that; (3) running the scripts may install packages (network fetch) and will execute an external CLI (ensure no malicious 'agent-audit' is present earlier on PATH); (4) if you want extra safety, run the scanner from an isolated environment (VM/container) or inspect the agent-audit source locally before allowing the skill to auto-install it; (5) note a minor metadata inconsistency: registry metadata showed no homepage/source but SKILL.md includes a GitHub URL — verify that ownership/source are what you expect.
Capability Analysis
Type: OpenClaw Skill Name: agent-audit-scanner Version: 0.1.0 The 'agent-audit-scanner' bundle is a security tool designed to audit OpenClaw skills and configurations for vulnerabilities. It requires broad read access to the filesystem (~/.openclaw/) and performs a 'pip install' of its core dependency (agent-audit), but these actions are explicitly declared and necessary for its stated purpose. The scripts (scripts/check-config.py, scripts/scan-skill.py) focus on local analysis of JSON configs and skill metadata without any evidence of data exfiltration, unauthorized network communication, or persistence mechanisms.
Capability Assessment
Purpose & Capability
Name/description (security scanner for OpenClaw skills) aligns with required binaries (python3), declared file_reads (~/.openclaw/skills/** and ~/.openclaw/openclaw.json) and the bundled scripts which discover and scan skill directories. Reading those paths is expected for this purpose.
Instruction Scope
SKILL.md and bundled scripts instruct the agent to read all managed/workspace skills and the OpenClaw config, run the bundled Python scripts, and invoke the external 'agent-audit' CLI. All of these are within scope for a scanner, but the instructions also tell the agent to install/run an external PyPI package ('agent-audit') if missing, which introduces a network fetch and external-code execution step that users should be aware of.
Install Mechanism
There is no registry install spec, but the scripts will try to install 'agent-audit' via pip at runtime. Installing from PyPI is a reasonable design choice for a wrapper, but it is a moderate-risk action (network fetch, arbitrary package code). The bundled code itself does not download arbitrary archives or write unknown binaries to nonstandard locations.
Credentials
The skill declares no required environment variables or credentials and the scripts do not request or exfiltrate secrets. The scanner inspects OpenClaw config files for hardcoded secrets but does not transmit them anywhere. The requested file reads are proportional to the scanning purpose.
Persistence & Privilege
always is false, persistence false, and the skill does not request system-wide writes or modify other skills' configs. Autonomous invocation is marked restricted in SKILL.md; nothing indicates the skill will persist or gain elevated privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-audit-scanner
  3. After installation, invoke the skill by name or use /agent-audit-scanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of agent-audit-scanner security tool for OpenClaw skills. - Scans skills for vulnerabilities across all 10 OWASP Agentic AI threat categories using 49+ detection rules. - Detects prompt injection, credential leaks, unsafe code execution, misconfigurations, privilege escalation, obfuscated commands, and social engineering patterns. - Provides step-by-step scanning commands for individual skills, all skills, and OpenClaw configuration checks. - Reports findings with severity tiers: BLOCK, WARN, INFO, and CLEAN. - Includes clear guidance for interpreting scan results and best practices for safe use.
Metadata
Slug agent-audit-scanner
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Agent Audit Scanner?

Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfusca... It is an AI Agent Skill for Claude Code / OpenClaw, with 316 downloads so far.

How do I install Agent Audit Scanner?

Run "/install agent-audit-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Audit Scanner free?

Yes, Agent Audit Scanner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agent Audit Scanner support?

Agent Audit Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, windows).

Who created Agent Audit Scanner?

It is built and maintained by Heady (@headyzhang); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments