← Back to Skills Marketplace
yustnust

Skill Auditor (于松涛版)

by Yustnust · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
163
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install yusongtao-skill-auditor
Description
安全审计OpenClaw技能,检测文件操作、网络请求、命令执行、权限和数据泄露等安全风险并生成报告。
Usage Guidance
This skill appears to be what it says: a local static auditor that reads files under a path you provide and reports matches against configurable regex rules. Before running it: (1) only audit skill project directories you control or trust — do not point it at /, your home directory, or other sensitive locations; (2) expect false positives (allowed_imports is conservative and will flag many imports by default); (3) you can review/adjust audit_config.json (patterns, allowed_imports) to reduce noise; (4) the tool does not perform network calls or exfiltrate data, but it will read any file under the supplied path — treat that as a local read-only operation. If you want extra safety, run it in a sandboxed environment or on a copy of the skill files.
Capability Analysis
Type: OpenClaw Skill Name: yusongtao-skill-auditor Version: 1.0.0 The skill is a static analysis tool designed to audit other OpenClaw skills for security risks. It uses regex-based pattern matching in auditor.py to identify dangerous functions (e.g., eval, exec, os.system) and unauthorized imports. The requested permissions are limited to file system read access, which is consistent with its stated purpose, and no evidence of malicious intent or data exfiltration was found.
Capability Assessment
Purpose & Capability
Name/description (skill security auditor) match the delivered artifacts: SKILL.md, auditor.py, and audit_config.json implement static file scanning for dangerous patterns. Declared permissions (file_system read) align with the need to read skill files. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to provide a skill path, run a scan, and generate a report. The code implements exactly that: recursive read of files under the provided path, regex checks, import analysis, and report generation. It does not attempt network calls, environment-variable access, or modifying other skills. Note: the auditor will read all files under the supplied path (including any sensitive files if you point it at system locations).
Install Mechanism
No install spec or external downloads. This is an instruction-plus-source skill; it doesn't fetch or extract remote code and does not install third-party packages. Risk from install mechanism is low.
Credentials
No environment variables, credentials, or unusual config paths are required. The only declared permission is file_system read, which is appropriate for an auditor. The required inputs are proportional to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill privileges. It does request read access to the filesystem (skill.json). This is necessary for its function but means you should avoid pointing it at system/root directories or other skills' private data to prevent accidental exposure of sensitive files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yusongtao-skill-auditor
  3. After installation, invoke the skill by name or use /yusongtao-skill-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初始版本 - 技能安全审计工具
Metadata
Slug yusongtao-skill-auditor
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Skill Auditor (于松涛版)?

安全审计OpenClaw技能,检测文件操作、网络请求、命令执行、权限和数据泄露等安全风险并生成报告。 It is an AI Agent Skill for Claude Code / OpenClaw, with 163 downloads so far.

How do I install Skill Auditor (于松涛版)?

Run "/install yusongtao-skill-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Auditor (于松涛版) free?

Yes, Skill Auditor (于松涛版) is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Auditor (于松涛版) support?

Skill Auditor (于松涛版) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Auditor (于松涛版)?

It is built and maintained by Yustnust (@yustnust); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments