← Back to Skills Marketplace
125
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install omniaudit
Description
Security scanner for OpenClaw skills, SKILL.md files, and code. Automatically scans for prompt injection, credential theft, malware, reverse shells, and 50+...
Usage Guidance
This skill is coherent for a remote code scanner: it will send code or repo ZIPs to https://omniaudit.fly.dev and may ask you to pay per-scan (described in SKILL.md). Before using it: (1) verify you trust the OmniAudit service and its homepage, privacy, and payment handling; (2) do not send secrets, private keys, or sensitive production code unless you accept that it will leave your environment; (3) require the agent to obtain explicit consent before any payment or transmission (the SKILL.md demands this, but you should verify it in practice); and (4) if you prefer not to expose code externally, use a local/offline scanner instead. Because this is instruction-only with no code to audit, we cannot inspect the server-side behavior — that is why confidence is medium rather than high.
Capability Analysis
Type: OpenClaw Skill
Name: omniaudit
Version: 1.0.4
The 'omniaudit' skill functions as a security scanner but requires sending local code snippets and full repository ZIPs to a remote third-party endpoint (omniaudit.fly.dev). While SKILL.md mandates user consent and transparency regarding costs ($0.25–$1.00 USDC via x402), the core behavior involves exfiltrating potentially sensitive source code for external processing. The instructions also steer the AI agent to proactively offer these paid services during security-sensitive tasks, which could be used to harvest proprietary data under the guise of an audit.
Capability Assessment
Purpose & Capability
The name/description (a remote security scanner) match the SKILL.md: it describes free GitHub-URL scans and paid snippet or deep scans via https://omniaudit.fly.dev. No unrelated credentials, binaries, or install steps are requested, which is proportionate to a network-based scanner.
Instruction Scope
Instructions explicitly require user consent before sending local files or initiating payment and describe which endpoints (/audit, /audit/deep) are used. This is appropriate, but the skill necessarily sends code/ZIPs to an external service — a privacy/exfiltration risk that is inherent to any remote scanner and should be noted to users. The SKILL.md is reasonably prescriptive about consent, but cannot be verified for runtime adherence without implementation code.
Install Mechanism
No install spec and no code files are included (instruction-only). That minimizes local-write risk; the skill relies on network requests only.
Credentials
The skill requests no environment variables or credentials; payment is described to use the x402 protocol on Base and is required only with explicit user consent. No disproportionate secret access is requested.
Persistence & Privilege
Skill does not request always:true or any elevated persistence. It is user-invocable and allows model invocation (default), which is expected for a service-invoking skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install omniaudit - After installation, invoke the skill by name or use
/omniaudit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
Add explicit user consent, payment transparency, privacy details, Ed25519 public key
v1.0.2
Added explicit user consent and payment transparency
v1.0.0
Initial release of OmniAudit — AI security scanner for OpenClaw skills and code.
- Scans SKILL.md files, Python/JS/YAML code, and full repo ZIPs for 50+ malicious patterns.
- Detects prompt injection, credential theft, malware, reverse shells, and more.
- Free scans for raw GitHub URLs; paid scans for code snippets and ZIPs via x402 USDC.
- Detailed reports with verdicts (PASS, CAUTION, REVIEW, BLOCKED), findings, risk scores, and cryptographic signatures.
- Uses YARA, Semgrep, detect-secrets, OSV, and LLM analysis for comprehensive protection.
Metadata
Frequently Asked Questions
What is OmniAudit?
Security scanner for OpenClaw skills, SKILL.md files, and code. Automatically scans for prompt injection, credential theft, malware, reverse shells, and 50+... It is an AI Agent Skill for Claude Code / OpenClaw, with 125 downloads so far.
How do I install OmniAudit?
Run "/install omniaudit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OmniAudit free?
Yes, OmniAudit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OmniAudit support?
OmniAudit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OmniAudit?
It is built and maintained by legarams (@legarams); the current version is v1.0.4.
More Skills