← Back to Skills Marketplace
tanarchytan

ZT4AI Self-Audit

by tanarchytan · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
149
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install zt4ai-self-audit
Description
Zero Trust security audit for AI agent workspaces, skills, and configurations. Based on Microsoft's Zero Trust for AI (ZT4AI) framework and the "Caging the A...
Usage Guidance
This skill appears coherent for auditing agent skills and workspace integrity. Before running: (1) inspect the included scripts (scripts/integrity-check.sh) to ensure they haven't been tampered with; (2) generate the initial baseline only after manual review of files you trust; (3) run the audit in a sandbox or with least-privilege user if possible (the curl test will make an outbound request to httpbin.org); and (4) treat the integrity baseline as sensitive — an attacker who can modify it can hide tampering. If you want higher assurance, run the checks on an isolated host or review the script line-by-line prior to execution.
Capability Analysis
Type: OpenClaw Skill Name: zt4ai-self-audit Version: 1.0.0 This skill bundle is a defensive security tool designed to perform self-audits of an OpenClaw agent's environment based on Zero Trust for AI (ZT4AI) frameworks. It includes a shell script (scripts/integrity-check.sh) for SHA256 integrity verification and comprehensive markdown instructions (SKILL.md) for identifying credential leaks, excessive privileges, and prompt injection risks. The behavior is transparent, well-documented, and lacks any indicators of malicious intent, data exfiltration, or obfuscation; even the network check to httpbin.org is explicitly framed as a connectivity test for egress auditing.
Capability Assessment
Purpose & Capability
Name/description match the delivered artifacts: audit checklists, classification guides, a report template, and a local integrity-check script. The directories and operations targeted (workspace and skill locations, checksums, grep for secrets, firewall/egress checks) are expected for an auditing tool.
Instruction Scope
Instructions perform local discovery (ls, find, grep, sha256sum) and an outbound reachability test (curl https://httpbin.org/get). Those actions are consistent with auditing, but the network test will generate an outbound request — expected for an egress check but worth noting because it touches the network.
Install Mechanism
No install spec and no remote downloads. The included shell script is local and self-contained (uses standard UNIX tools). This is the lowest-risk install model.
Credentials
The skill requires no credentials or special environment variables. The script optionally reads OPENCLAW_WORKSPACE and HOME, which is appropriate for a workspace-targeted audit. No secret exfiltration or unrelated credential access is requested.
Persistence & Privilege
always is false and the skill does not request elevated privileges or attempt to modify other skills or system-wide configs. It writes baselines/reports into the agent workspace (expected behavior).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install zt4ai-self-audit
  3. After installation, invoke the skill by name or use /zt4ai-self-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Zero Trust audit for AI agent skills, based on Microsoft ZT4AI and arXiv:2603.17419
Metadata
Slug zt4ai-self-audit
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ZT4AI Self-Audit?

Zero Trust security audit for AI agent workspaces, skills, and configurations. Based on Microsoft's Zero Trust for AI (ZT4AI) framework and the "Caging the A... It is an AI Agent Skill for Claude Code / OpenClaw, with 149 downloads so far.

How do I install ZT4AI Self-Audit?

Run "/install zt4ai-self-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ZT4AI Self-Audit free?

Yes, ZT4AI Self-Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ZT4AI Self-Audit support?

ZT4AI Self-Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ZT4AI Self-Audit?

It is built and maintained by tanarchytan (@tanarchytan); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments