← Back to Skills Marketplace
Skill Security Auditor Jack
by
sunbinnju-star
· GitHub ↗
· v1.0.0
· MIT-0
133
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-security-auditor-jack
Description
Audit third-party or custom skills for permission risk, unsafe commands, and integration safety. Use before: installing a new skill, enabling external script...
Usage Guidance
This skill is instruction-only and coherent with its purpose: it defines checks and an output schema but does not itself perform installs or request secrets. Keep in mind: (1) its effectiveness depends on accurate inputs — it will not automatically fetch or verify remote code unless the agent supplies that data; (2) treat its audit as advisory, not authoritative — for high-risk skills follow up with manual code review; (3) when adopting untrusted skills, prefer sandboxed execution or manual review even if the auditor reports low risk. If you want stronger guarantees, run this auditor alongside actual inspections of the install artifacts and source repository rather than relying solely on its textual analysis.
Capability Analysis
Type: OpenClaw Skill
Name: skill-security-auditor-jack
Version: 1.0.0
The skill is a security auditing tool designed to evaluate other skills for risks such as unsafe commands, over-privilege, and suspicious installation steps. The instructions in SKILL.md provide a structured framework for identifying potential threats (e.g., eval, curl|bash, sensitive file access) and recommending mitigation strategies, aligning perfectly with its stated purpose without any malicious or suspicious indicators.
Capability Assessment
Purpose & Capability
Name and description match the SKILL.md content: it is an auditor that expects skill metadata and installation details as input. It doesn't request unrelated credentials, binaries, or system access.
Instruction Scope
Runtime instructions define what to inspect (manifests, install steps, env usage, shell commands) and what to flag. The SKILL.md does not instruct the agent to read host secrets or run arbitrary commands itself — it only prescribes checks to perform on provided inputs.
Install Mechanism
No install spec and no code files are provided, so nothing is written to disk or fetched. This reduces risk and is proportional for an instruction-only auditor.
Credentials
The skill declares no required environment variables or credentials. The auditor correctly lists environment-related issues to flag in other skills rather than requesting secrets itself.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated privileges and does not modify other skills' configuration in its instructions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-security-auditor-jack - After installation, invoke the skill by name or use
/skill-security-auditor-jack - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish
Metadata
Frequently Asked Questions
What is Skill Security Auditor Jack?
Audit third-party or custom skills for permission risk, unsafe commands, and integration safety. Use before: installing a new skill, enabling external script... It is an AI Agent Skill for Claude Code / OpenClaw, with 133 downloads so far.
How do I install Skill Security Auditor Jack?
Run "/install skill-security-auditor-jack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Security Auditor Jack free?
Yes, Skill Security Auditor Jack is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Security Auditor Jack support?
Skill Security Auditor Jack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Security Auditor Jack?
It is built and maintained by sunbinnju-star (@sunbinnju-star); the current version is v1.0.0.
More Skills