← Back to Skills Marketplace
153
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install skill-audit-framework
Description
Structured security and quality audit framework for AI agent skills. Teaches you what to check before installing any skill.
Usage Guidance
This skill is a prompt/template for performing manual-style audits and is internally consistent. Before using it: (1) ensure your agent performs read-only analysis of repositories and skill files and does not automatically execute installers or 'curl | bash' commands it finds, (2) verify any external repository links the auditor checks (confirm author identity and commit history yourself when possible), and (3) treat the auditor's PASS as guidance, not a guarantee—manually review code for high-privilege skills. If you want stricter guarantees, run audits from a sandboxed environment or a separate reviewer account that has no write or credential access.
Capability Analysis
Type: OpenClaw Skill
Name: skill-audit-framework
Version: 1.2.0
The skill-audit-framework is a purely instructional 'prompt skill' designed to provide a structured security review methodology for AI agents. It contains no executable code, scripts, or external dependencies, and it does not request any sensitive permissions or environment variables. The content in SKILL.md and README.md is defensive in nature, teaching the agent to identify common malicious patterns like credential harvesting and unauthorized persistence in other skills.
Capability Assessment
Purpose & Capability
The name and description claim a review methodology and the SKILL.md contains a detailed audit checklist and report format. There are no declared env vars, binaries, or installs that would be unrelated to a review framework.
Instruction Scope
The runtime instructions tell the agent to inspect skill files, provenance, permissions, and dependencies and to produce a structured report. That matches the stated purpose. The SKILL.md explicitly says the agent cannot execute audited code, and there are no instructions that tell the agent to run arbitrary installers, exfiltrate data, or access unrelated system paths.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to drop on disk. That minimal footprint is appropriate for a review framework.
Credentials
The skill declares no required environment variables, credentials, or config paths. The checklist asks auditors to verify other skills' requires.env entries, but this audit skill itself does not request sensitive values — which is proportionate.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not include install scripts, and does not instruct modifying system or other skills' configurations. It only defines how the agent should analyze other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-audit-framework - After installation, invoke the skill by name or use
/skill-audit-framework - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- Added a homepage field pointing to the official GitHub repository in SKILL.md.
- Expanded metadata tags to include "trust".
- No changes to the framework or audit methodology—documentation update only.
v1.1.1
- Removed a redundant "requires" section from the skill metadata in SKILL.md.
- No changes to audit methodology, features, or usage instructions.
v1.1.0
- Updated framework description to clarify coverage for "AI agent skills," not just ClawHub/MCP.
- Improved wording for broader applicability and clarity in the SKILL.md.
- No changes to audit methodology or checklist content.
- Documentation improvement; no functional changes.
v1.0.1
- Added a new README.md with documentation for the skill.
- Updated SKILL.md with minor improvements and documentation alignment (no checklist or logic changes).
- No functional changes to the audit framework itself.
v1.0.0
- Initial release of skill-audit-framework.
- Provides a structured, checklist-based framework to manually audit ClawHub/MCP skills before installation.
- Covers six key audit domains: identity/provenance, permissions, behavior, credential handling, persistence, and dependency chain.
- Introduces a report template with domain verdicts (PASS/WARN/FAIL) and recommendations.
- Emphasizes thorough review over automated scanning, detailing why manual security checks are essential.
Metadata
Frequently Asked Questions
What is Skill Audit Framework?
Structured security and quality audit framework for AI agent skills. Teaches you what to check before installing any skill. It is an AI Agent Skill for Claude Code / OpenClaw, with 153 downloads so far.
How do I install Skill Audit Framework?
Run "/install skill-audit-framework" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Audit Framework free?
Yes, Skill Audit Framework is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Audit Framework support?
Skill Audit Framework is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Audit Framework?
It is built and maintained by LeoYann (@enawareness); the current version is v1.2.0.
More Skills