← Back to Skills Marketplace
107
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install klemenska-security-auditor
Description
Scan and audit installed skills for security risks, suspicious patterns, and permission overreach. Use when: (1) before installing a new skill; (2) periodica...
README (SKILL.md)
Security Auditor
Audit skills for security risks before installing or using them.
Purpose
Skills can request permissions and access that may be:
- Overreaching (accessing data they shouldn't need)
- Suspicious (behaving oddly, phoning home, etc.)
- Outdated (known vulnerabilities in dependencies)
This skill helps you audit them.
When to Run
| Trigger | Action |
|---|---|
| Before installing a new skill | Full audit |
| Periodic review | Quick scan of installed skills |
| Suspicious behavior | Deep analysis |
| Permission review | Check requested permissions |
Audit Workflow
Step 1: Quick Scan
python3 scripts/audit.py --scan
Checks:
- File access patterns
- Network access requests
- Suspicious API usage
- Permission requests
Step 2: Detailed Audit
python3 scripts/audit.py --audit \x3Cskill-path>
Performs deep analysis:
- Code pattern analysis
- Dependency checking
- Permission mapping
- Risk scoring
Step 3: Generate Report
python3 scripts/audit.py --report \x3Cskill-path> --output report.md
Creates detailed security report.
Step 4: Compare Skills
python3 scripts/audit.py --compare \x3Cskill1-path> \x3Cskill2-path>
Compare security posture of two skills.
Risk Levels
| Level | Meaning | Action |
|---|---|---|
| 🟢 LOW | Minimal risk, standard permissions | Safe to install |
| 🟡 MEDIUM | Some overreach, review recommended | Read code before install |
| 🔴 HIGH | Significant risks, careful review required | Do not install without review |
| ⛔ CRITICAL | Dangerous patterns detected | Do not install |
Red Flags to Watch For
File Access
- Accessing
~/.ssh/or~/.aws/ - Reading
*password*,*secret*,*key*files - Writing to system directories
- Accessing other users' directories
Network
- Exfiltrating data to unknown servers
- DNS rebinding patterns
- Encrypted payloads to unfamiliar domains
Permissions
- Requesting exec with no scope limitation
- Reading memory or process info
- Keylogging or screenshot capabilities
- Accessing other installed skills' data
Code Patterns
- Obfuscated code
- Dynamic code generation
- Shell commands without sanitization
- Credential harvesting patterns
Files
scripts/audit.py— Main audit scriptscripts/scan_skill.py— Skill-specific scannerreferences/rules.md— Security rules and patternsreferences/permissions.md— Permission reference guide
Usage Guidance
This auditor generally does what it promises (scans skill files and produces reports) but I found design choices that could be abused to hide malicious code. Before you rely on its output: (1) review the auditor's own code yourself or have a trusted reviewer check it — pay special attention to files named with 'scan' or 'audit' because the scanner intentionally suppresses many flags for such filenames; (2) run the auditor in an isolated sandbox or ephemeral container that cannot access secrets (SSH keys, ~/.aws/, etc.) to avoid accidental disclosure; (3) test the auditor against known safe and malicious samples to confirm it detects the patterns you care about; (4) do not grant this tool network or broader system permissions without additional review. If you want, I can list the exact lines/locations in the included scripts that implement the filename-based suppression and the self-skip logic so you can inspect or patch them.
Capability Analysis
Type: OpenClaw Skill
Name: klemenska-security-auditor
Version: 1.0.0
The skill is a security auditing tool designed to scan other OpenClaw skills for risky patterns such as credential access, shell execution, and hardcoded secrets. The implementation in scripts/audit.py and scripts/scan_skill.py uses static analysis (regex and string matching) to identify potential vulnerabilities without executing the target code. The documentation and instructions in SKILL.md are consistent with the tool's stated purpose, and no evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
The name/description align with the included scripts: audit.py and scan_skill.py implement scanning of installed skills, permission extraction, and report generation. No unrelated credentials, binaries, or installs are requested. However some scanner behaviours (see instruction_scope) are disproportionate or risky for a trustworthy auditor.
Instruction Scope
SKILL.md instructs running the included Python scripts which recursively read skill directories (default ~/.openclaw/workspace/skills). The scripts scan files for dangerous patterns and can generate reports. Concerning behaviours: audit/scan scripts intentionally skip or suppress many pattern flags when the filename contains 'audit' or 'scan', and audit_skill explicitly skips 'self-audit' for the security-auditor. These exceptions create an evasion surface where a malicious skill could name files to avoid detection or put malicious code inside similarly named files.
Install Mechanism
There is no install spec and no downloads — the skill is instruction + included Python scripts. That reduces supply-chain risk compared with remote installs.
Credentials
The skill requires no environment variables or credentials and only needs filesystem read access to the skills directory it audits. That access is appropriate for an auditor. It does not attempt network exfiltration in the provided code.
Persistence & Privilege
always:false and no special privileges are requested. The scripts read user skill files and produce reports; they do not modify other skills or system configurations. This is proportionate to an audit tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install klemenska-security-auditor - After installation, invoke the skill by name or use
/klemenska-security-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Security Auditor skill.
- Scan and audit installed skills for security risks, permission overreach, and suspicious behavior.
- Supports quick scans, detailed audits, report generation, and side-by-side skill comparison.
- Identifies risk levels (LOW, MEDIUM, HIGH, CRITICAL) with recommendations for each.
- Highlights major security red flags: file/network access, suspicious permissions, and risky code patterns.
- Includes scripts and reference files for flexible, in-depth security analysis.
Metadata
Frequently Asked Questions
What is Klemenska Security Auditor?
Scan and audit installed skills for security risks, suspicious patterns, and permission overreach. Use when: (1) before installing a new skill; (2) periodica... It is an AI Agent Skill for Claude Code / OpenClaw, with 107 downloads so far.
How do I install Klemenska Security Auditor?
Run "/install klemenska-security-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Klemenska Security Auditor free?
Yes, Klemenska Security Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Klemenska Security Auditor support?
Klemenska Security Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Klemenska Security Auditor?
It is built and maintained by klemenska (@klemenska); the current version is v1.0.0.
More Skills