← Back to Skills Marketplace
ithacajason

Security Audit

by ITHACAJASON · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
262
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install jason-security-audit
Description
Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use w...
README (SKILL.md)

Security Audit Skill

Automated security checks for external resources before execution.

When to Use

ALWAYS use this skill when:

  • Cloning any GitHub repository
  • Downloading skills or code from the web
  • Running external scripts or code
  • Installing new tools from untrusted sources

Security Checks

File Type Detection

File Type Risk Level Action
.py, .js, .ts, .go, .rs ✅ Low Safe to review
.md, .txt, .json, .yaml ✅ Low Safe to read
.exe, .bat, .sh, .app, .msi 🔴 High Block without review
Unknown binary files 🔴 High Block without review

Content Analysis

  • Source Code Present: ✅ Pass
  • README Matches Content: ✅ Pass
  • Suspicious Patterns: Detects:
    • Base64 encoded payloads
    • Shellcode signatures
    • Obfuscated code
    • Network connections in scripts

Red Flags

🚨 Immediately alert user if:

  • Executable files without source code
  • README claims functionality not present in code
  • Extremely long text files (> 50KB with single line)
  • Encrypted/obfuscated content
  • Direct download links in README (not GitHub releases)

Usage

# Audit a directory
cd /path/to/repo
python3 audit.py

# Audit with verbose output
python3 audit.py --verbose

# Export report to file
python3 audit.py --output report.txt

Check Results

✅ Safe

🛡️ Security Audit: PASSED

All checks passed. This resource appears safe to use.
- Source code: Found
- File types: Normal
- Content: Matches description
- No suspicious patterns detected

⚠️ Warning

⚠️ Security Audit: WARNING

Found minor issues that need review:
- Long line in file.txt (65000+ chars)
- Some files lack comments

Recommended: Review before execution.

🚨 Critical

🚨 Security Audit: BLOCKED

Critical security issues detected:
- Executable file: resolver.exe (NO source code)
- Suspicious payload: icon16.txt (289KB single-line text)
- README mismatch: Claims "memory system" but contains malware

🛑 DO NOT EXECUTE. Delete immediately.

Integration with OpenClaw

This skill can be invoked automatically by OpenClaw when:

  1. Cloning Repos: Runs after git clone
  2. Downloading Skills: Runs after clawhub install
  3. Running External Scripts: Runs before execution

To enable automatic auditing, add to your workflow:

# After git clone
git clone \x3Crepo-url> && cd \x3Crepo> && python3 audit.py

# After clawhub install
clawhub install \x3Cskill> && python3 ~/.clawhub/skills/\x3Cskill>/audit.py

Security Best Practices

For Users

  1. Never run unverified executables
  2. Always review code before execution
  3. Check file types in downloaded archives
  4. Verify repository activity and contributors
  5. Use virtual environments for testing

For Skill Authors

  1. Provide source code in clear text
  2. Include README that matches functionality
  3. Avoid obfuscation or encryption
  4. Document dependencies clearly
  5. Use standard formats (no custom binaries)

False Positives

Some safe projects may trigger warnings:

  • Large data files: Legitimate models, datasets
  • Minified code: Production JavaScript/CSS
  • Compiled modules: Native Python extensions

Review manually before deciding to block.

Reference Cases

ClawIntelligentMemory (2026-03-03)

🚨 BLOCKED: Malware disguised as OpenClaw memory system

Evidence:
- resolver.exe (Windows PE executable, no source)
- icon16.txt (289KB single-line,疑似 shellcode)
- App.bat (launches resolver.exe with payload)
- README claims "memory system", actual content is malware

Action: Deleted immediately

Notes

  • This is a basic heuristic check, not a full antivirus
  • Always use human judgment for final decisions
  • Report false positives to improve detection
  • Keep this skill updated with new threat patterns
Usage Guidance
This appears to be a straightforward local static-audit tool; it is reasonable to install and use. Before running: (1) review audit.py yourself (it is small and readable) to confirm you are comfortable with its checks, (2) run it in an isolated/sandboxed environment (or inside a container/VM) when auditing untrusted repos to avoid accidental execution of suspicious files, and (3) do not rely solely on this heuristic tool—follow up with manual review and runtime analysis for high-risk targets. If you enable automatic invocation in workflows, ensure the script is executed only on directories you intend to audit and not on system-wide paths.
Capability Analysis
Type: OpenClaw Skill Name: jason-security-audit Version: 1.0.0 The 'security-audit' skill is a legitimate static analysis tool designed to protect users by scanning external repositories and files for suspicious patterns. The core logic in audit.py implements heuristic checks for high-risk file extensions, long Base64 strings, shellcode signatures, and inconsistencies between README claims and actual source code. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the tool's behavior is entirely consistent with its stated purpose of improving security.
Capability Assessment
Purpose & Capability
Name/description are a security-audit for external resources and the package only requires python3 and includes a Python auditor (audit.py). No unrelated credentials, binaries, or install steps are requested, which matches the stated purpose.
Instruction Scope
SKILL.md and README instruct the agent/user to run python3 audit.py against a local directory or integrate it into post-clone/install hooks. The script only reads files under the target directory and reports findings; it does not attempt to read unrelated system paths, environment variables, or send data externally.
Install Mechanism
There is no install spec (instruction-only) and the README suggests copying the files into a skills directory or running the script directly. No remote downloads or archive extraction are performed by an installer.
Credentials
The skill declares no required environment variables or credentials. The runtime code does not access secrets or external services; it only examines files in the scanned directory.
Persistence & Privilege
The skill is not forced-always, does not request system-level persistence, and its recommended automatic usage is only local post-clone hooks invoked by the user. Autonomous invocation is permitted by platform default but is not combined with broad privileges here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install jason-security-audit
  3. After installation, invoke the skill by name or use /jason-security-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the security-audit skill for external resource inspection. - Audits GitHub repos, downloaded skills, and files for security threats before execution. - Detects malicious code, blocked executables, obfuscation, suspicious patterns, and README/content mismatches. - Summarizes findings as Safe, Warning, or Critical, with clear recommendations and actions. - Designed for automatic integration with OpenClaw workflows for safer external code usage. - Provides detailed usage instructions and best practices for both users and skill authors.
Metadata
Slug jason-security-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Security Audit?

Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use w... It is an AI Agent Skill for Claude Code / OpenClaw, with 262 downloads so far.

How do I install Security Audit?

Run "/install jason-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Audit free?

Yes, Security Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Security Audit support?

Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security Audit?

It is built and maintained by ITHACAJASON (@ithacajason); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments