← Back to Skills Marketplace
Massat Security Audit
by
craigmbrown
· GitHub ↗
· v1.0.0
· MIT-0
84
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install massat-security-audit
Description
Security audit for multi-agent AI systems - OWASP ASI01-ASI10
Usage Guidance
This skill is an instruction-only wrapper around an external audit API (craigmbrown.com / BlindOracle). Before installing: 1) Confirm the vendor (craigmbrown) and service reputation and review the privacy policy — the skill will send targets (repo URLs) over the network and could expose code or metadata. 2) Clarify payment handling: who provides the X-Payment token, how it's stored, and whether it should be supplied via a secure env var rather than embedded. 3) Ask why file_read permission is declared and whether the skill will ever read or upload local repositories or files; avoid giving it access to sensitive local repos unless necessary. 4) Test on non-sensitive or public repos first. If you need stronger assurance, request a signed provenance (homepage, source repo, or contact) and an explicit explanation of what data is transmitted to the external API.
Capability Analysis
Type: OpenClaw Skill
Name: massat-security-audit
Version: 1.0.0
The skill bundle provides instructions for an AI agent to interface with an external security auditing API (BlindOracle) hosted at craigmbrown.com. It requests 'network' and 'file_read' permissions to perform OWASP-aligned audits on multi-agent systems by submitting a target URL to a remote endpoint. The documentation in SKILL.md is transparent about its functionality, pricing, and data requirements, with no evidence of malicious prompt injection, obfuscation, or unauthorized data exfiltration.
Capability Tags
Capability Assessment
Purpose & Capability
The SKILL.md describes a MASSAT/BlindOracle network-based audit service and the shown curl examples align with that purpose. However the skill metadata in the runtime instructions declares file_read permission (but the examples never show reading local files), and the registry metadata lists no required env vars while the service requires an ecash payment header for paid audits. The missing homepage/source and an opaque owner ID are additional provenance gaps.
Instruction Scope
The instructions are narrow: POST a target repo URL to an external API and receive an audit report. They do not instruct reading unrelated system files or environment variables. That said, the declared permission set (network + file_read) is broader than what the examples use, and some claims (e.g., 'validate Microsoft AGT runtime governance') are vague and not mapped to concrete steps.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes on-disk footprint and install-time risk.
Credentials
Registry declares no required env vars, yet the SKILL.md requires a payment header (X-Payment: x402) for full audits. The skill also declares file_read permission without showing why it is needed. Sending repository URLs or potentially uploading code to an external endpoint (craigmbrown.com) is sensitive — the skill requests network access and possibly file reads that could expose secrets if the implementation were to upload or read local repos.
Persistence & Privilege
always is false and there is no install-time persistence. Autonomous invocation is allowed (platform default) but not combined with other high privileges in the manifest.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install massat-security-audit - After installation, invoke the skill by name or use
/massat-security-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of blindoracle-massat-audit.
- Provides comprehensive security audits for multi-agent AI systems, covering OWASP ASI01-ASI10 categories.
- Returns risk scores, findings, and remediation priorities for each OWASP category.
- Supports full (paid) and quick (free) scans via API.
- Designed for use before deployment, after major changes, or for compliance validation.
- Includes sample usage, response format, pricing details, and payment instructions.
Metadata
Frequently Asked Questions
What is Massat Security Audit?
Security audit for multi-agent AI systems - OWASP ASI01-ASI10. It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.
How do I install Massat Security Audit?
Run "/install massat-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Massat Security Audit free?
Yes, Massat Security Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Massat Security Audit support?
Massat Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Massat Security Audit?
It is built and maintained by craigmbrown (@craigmbrown); the current version is v1.0.0.
More Skills