← Back to Skills Marketplace
aohoyo

Silas Skill Auditor

by silas · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
68
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install silas-skill-auditor
Description
技能安全审查工具。深度审查已安装或远程技能的代码安全性、权限风险、数据泄露和内容合规性。支持预装审查(远程拉取)和已装审查两种模式。当用户说"审查技能"、"检查安全"、"审核技能"、"skill audit"时使用。
Usage Guidance
这是一个为技能审查而写的指导性 SKILL.md,功能和说明大体一致,但安装包内的 _meta.json 与注册表信息不一致,值得怀疑来源或打包正确性。建议: 1) 在运行任何远程拉取命令前,确认技能来源与发布者(不要直接在生产环境运行)。 2) 在隔离环境(临时 VM 或容器)中执行 `clawdhub install` 并展开包,避免在主机上直接运行或让自动安装脚本执行。 3) 验证下载内容(检查签名、校验哈希、人工审阅 package/meta 文件)后再继续自动化扫描。 4) 对发现的任何密钥/Token 切勿上传到外部服务;如需要汇报,去除或遮盖秘密。 5) 在决定安装该技能到你的 agent 之前,联系发布者确认元数据不一致的原因,或仅使用来源已知且可验证的审计工具。
Capability Analysis
Type: OpenClaw Skill Name: silas-skill-auditor Version: 1.0.0 The silas-skill-auditor is a security utility designed to help users audit other OpenClaw skills for vulnerabilities, hardcoded secrets, and malicious patterns. The SKILL.md file provides a comprehensive and transparent framework for the AI agent to perform file discovery, pattern matching (searching for keys, RCE, and data exfiltration), and risk scoring. The tool includes explicit safety instructions, such as warning the agent not to exfiltrate any discovered secrets to external services, and its behavior is entirely consistent with its stated purpose as a security auditor.
Capability Tags
requires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
技能名称/描述与 SKILL.md 的审查流程一致——它确实说明如何拉取并扫描技能代码、搜索关键风险关键词等。但包内 _meta.json 与注册表头部元数据(owner/slug/version)不一致,表明包可能被复制、篡改或未正确打包;这不属于审查功能本身,需核实来源与签名。
Instruction Scope
SKILL.md 指令紧紧围绕‘审查技能’这一目的:拉取到临时目录、列出文件、按分类搜索风险关键字、分析 SKILL.md 等。它明确提示不要将发现的密钥外发,并建议删除临时目录。说明中包含对 .env、隐藏文件、配置文件等敏感路径的检查,这是做安全审查时的合理需要,但意味着审查过程会读取敏感数据——用户应当清楚并在隔离环境中进行。
Install Mechanism
技能为指令式、无安装脚本,但 SKILL.md 推荐使用 `clawdhub install <技能名> --dir /tmp/skill-audit-tmp` 来拉取远程技能。拉取远程代码本身是审计需要,但任何自动下载并解包第三方技能都有风险(例如安装脚本或 postinstall 脚本可能被触发)。缺少对如何安全地做这一步(如只下载不运行、校验签名、在沙箱/只读环境下展开)的明确说明,增加了风险。
Credentials
技能声明不需要任何环境变量、凭据或配置路径。SKILL.md 指示会检查技能内可能存在的 `.env`、`~/.openclaw` 等敏感路径,这是审计内容的一部分 and consistent with purpose. 没有请求外部 API key 或其他凭据,这与其描述相符。
Persistence & Privilege
技能不是 always:true,也没有安装步骤将自身持久化或修改其他技能配置;它只是给出在运行时应执行的审计步骤,因此在持久化/权限请求上没有明显异常。
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install silas-skill-auditor
  3. After installation, invoke the skill by name or use /silas-skill-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Rename sam→silas, 重命名技能
Metadata
Slug silas-skill-auditor
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Silas Skill Auditor?

技能安全审查工具。深度审查已安装或远程技能的代码安全性、权限风险、数据泄露和内容合规性。支持预装审查(远程拉取)和已装审查两种模式。当用户说"审查技能"、"检查安全"、"审核技能"、"skill audit"时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 68 downloads so far.

How do I install Silas Skill Auditor?

Run "/install silas-skill-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Silas Skill Auditor free?

Yes, Silas Skill Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Silas Skill Auditor support?

Silas Skill Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Silas Skill Auditor?

It is built and maintained by silas (@aohoyo); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments