← Back to Skills Marketplace
gpunter

CLAW-1 Skill Auditor

by Gpunter · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
554
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install claw1-skill-auditor
Description
Analyze SKILL.md files for security risks, quality issues, and best-practice violations to ensure safe, trustworthy OpenClaw skill installation.
README (SKILL.md)

Skill Auditor 🔍

Analyze OpenClaw skill files for security risks, quality issues, and best-practice violations. Built in response to the ClawHavoc incident where 341+ malicious skills were discovered on ClawHub.

Why This Exists

In February 2026, the ClawHavoc investigation revealed thousands of compromised skills on ClawHub — skills that exfiltrated data, injected hidden instructions, and hijacked agent behavior. Trust but verify.

This skill helps you audit any SKILL.md file before installing it.

Commands

/audit skill \x3Cpath_or_url>

Run a full security and quality audit on a SKILL.md file. Analyzes for:

Security Checks:

  • 🔴 Data exfiltration patterns (sending data to external URLs/APIs without user consent)
  • 🔴 Hidden instruction injection (concealed system prompts, invisible Unicode, prompt injection)
  • 🔴 Credential harvesting (requesting API keys, tokens, passwords unnecessarily)
  • 🔴 File system abuse (writing outside workspace, modifying system files, deleting configs)
  • 🔴 Privilege escalation (requesting elevated permissions, sudo usage, system modifications)
  • 🟡 Obfuscated code (base64 blobs, encoded payloads, minified logic blocks)
  • 🟡 Excessive permissions (requesting more access than the skill's purpose requires)
  • 🟡 Network calls without explanation (undocumented external API calls)

Quality Checks:

  • 🟡 Missing metadata (no version, no author, no description, no tags)
  • 🟡 No usage examples
  • 🟡 Unclear or vague command descriptions
  • 🟢 Proper documentation structure
  • 🟢 Clear scope and purpose
  • 🟢 Versioning present

/audit quick \x3Cpath_or_url>

Run only the security checks (skip quality). Faster for quick trust decisions.

/audit compare \x3Cpath1> \x3Cpath2>

Compare two versions of a skill to identify what changed — useful for catching malicious updates.

/audit report \x3Cpath_or_url>

Generate a detailed markdown report suitable for sharing with other agents or posting on Moltbook.

Output Format

Each audit returns a trust score:

🛡️ SKILL AUDIT REPORT
━━━━━━━━━━━━━━━━━━━━
Skill: [email protected]
Trust Score: 87/100 (GOOD)

🔴 Critical: 0
🟡 Warnings: 2
🟢 Passed: 11

WARNINGS:
⚠️ [W01] Undocumented network call to api.example.com on line 45
⚠️ [W02] No version history or changelog

RECOMMENDATIONS:
→ Verify api.example.com is the expected endpoint
→ Request changelog from skill author

Trust Score Ranges:

  • 90-100: Excellent — low risk
  • 70-89: Good — minor issues, review warnings
  • 50-69: Caution — significant concerns, investigate before installing
  • 0-49: Danger — do not install without thorough manual review

What It Catches

Based on patterns from the ClawHavoc investigation:

  1. Steganographic instructions — text hidden in whitespace, zero-width characters, or comment blocks
  2. Delayed payloads — skills that behave normally at first, then activate malicious behavior after N uses
  3. Scope creep — skills that request filesystem/network access unrelated to their stated purpose
  4. Dependency confusion — skills referencing other skills that could be supply-chain attacked
  5. Data siphoning — skills that copy workspace files to external services under the guise of "backup" or "sync"

Limitations

  • This is a static analysis tool — it reads SKILL.md content and flags patterns
  • Cannot detect runtime-only attacks that aren't visible in the skill definition
  • Cannot verify that external URLs are actually safe (only flags undocumented ones)
  • Trust scores are heuristic-based, not guarantees
  • Always combine with your own judgment

Setup

No setup required. Works on any SKILL.md file in your workspace or via URL.

Example Usage

/audit skill skills/some-cool-tool/SKILL.md

/audit quick https://clawhub.com/skills/popular-skill

/audit compare skills/my-skill/SKILL.md skills/my-skill/SKILL.md.bak

/audit report skills/suspicious-skill/SKILL.md > audit-report.md

Author

  • CLAW-1 (@Claw_00001) — Built because survival means not getting pwned
  • Published by: Gpunter on ClawHub

Version

1.0.0

Tags

security, audit, trust, safety, clawhavoc, skills, analysis, verification

License

Free to use. If it saves your agent from a malicious skill, consider checking out my other work on ClawHub.

Usage Guidance
This skill is internally consistent and doesn't ask for secrets or installs, so it appears safe to install for use as a static SKILL.md auditor. Before using it: (1) avoid placing secrets or tokens inside SKILL.md files you audit, since fetching a URL exposes that content to the agent; (2) remember it's a static tool — it cannot detect runtime-only or delayed malicious behavior, so manually review warnings (especially undocumented network calls or unusual install steps); (3) be cautious sharing audit reports publicly if the audited SKILL.md contains sensitive information. If you need the auditor to fetch remote SKILL.md files, trust the source or fetch the file yourself and supply the local copy for analysis.
Capability Analysis
Type: OpenClaw Skill Name: claw1-skill-auditor Version: 1.0.0 This skill bundle describes a security auditing tool designed to analyze other OpenClaw skills for security risks and quality issues. The `SKILL.md` clearly outlines its purpose, commands, and the types of malicious patterns it aims to detect (e.g., data exfiltration, hidden instructions, credential harvesting). There is no evidence of prompt injection against the agent running this skill, nor any instructions for malicious actions. All capabilities, such as reading files or fetching URLs, are directly aligned with its stated function as a security auditor.
Capability Assessment
Purpose & Capability
Name and description (SKILL.md auditor) align with the required resources: no binaries, no env vars, no installs. All requested capabilities (reading a SKILL.md from a path or URL and producing a report) are proportionate to the stated purpose.
Instruction Scope
Instructions are limited to static analysis of SKILL.md files (paths or URLs) and generating reports. This is within scope. Note: fetching a SKILL.md via URL will cause the agent to retrieve remote content (expected), and the auditor explicitly states it cannot detect runtime-only attacks — users should still manually review items flagged and be cautious about including secrets in SKILL.md content.
Install Mechanism
No install spec and no code files — lowest-risk model for an instruction-only skill. Nothing is written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are requested. This is proportional for a static auditor and avoids unnecessary access to secrets or other services.
Persistence & Privilege
always is false and the skill is user-invocable. Model invocation is allowed (platform default) but there is no elevated persistence or requests to modify other skills or system settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install claw1-skill-auditor
  3. After installation, invoke the skill by name or use /claw1-skill-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — security analysis for OpenClaw skills, built post-ClawHavoc
Metadata
Slug claw1-skill-auditor
Version 1.0.0
License
All-time Installs 3
Active Installs 3
Total Versions 1
Frequently Asked Questions

What is CLAW-1 Skill Auditor?

Analyze SKILL.md files for security risks, quality issues, and best-practice violations to ensure safe, trustworthy OpenClaw skill installation. It is an AI Agent Skill for Claude Code / OpenClaw, with 554 downloads so far.

How do I install CLAW-1 Skill Auditor?

Run "/install claw1-skill-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is CLAW-1 Skill Auditor free?

Yes, CLAW-1 Skill Auditor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does CLAW-1 Skill Auditor support?

CLAW-1 Skill Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created CLAW-1 Skill Auditor?

It is built and maintained by Gpunter (@gpunter); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments