← Back to Skills Marketplace

Skill Security Audit Enhanced

Name: Skill Security Audit Enhanced
Author: confidentkai

by kvs-GoN · GitHub ↗ · v2.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-security-audit-enhanced

Description

🔍 增强版技能安全审计 - 检测AI代理技能中的恶意模式，包含13种检测器，覆盖后门、凭证窃取、数据外传和供应链攻击。基于SlowMist的ClawHub威胁情报(472+恶意技能)。纯Python实现，零外部依赖。优化清理版，移除无关文件，性能更佳。

Usage Guidance

This skill appears consistent with its stated purpose (a local scanner). Before running it: review scripts/skill_audit.py and scripts/ioc_database.json yourself; prefer running scans targeted to specific skill folders (use --path) rather than broad system scans; do not run the scanner as root unless you understand why elevated access is needed; treat the scan output as potentially containing sensitive snippets (paths, lines) and handle evidence carefully; if you need stronger isolation, run it in a VM or container; verify the skill's provenance (author, repository) and consider comparing hashes of the shipped files if you retrieved them from a third party.

Capability Analysis

Type: OpenClaw Skill Name: skill-security-audit-enhanced Version: 2.0.0 This bundle is a security auditing utility designed to scan and detect malicious patterns in other OpenClaw skills. The core logic in 'scripts/skill_audit.py' implements 13 specialized detectors (e.g., Base64, IOC matching, credential theft, and persistence) to identify threats based on a provided 'scripts/ioc_database.json'. While the tool requires broad file-read access to scan skill directories, its behavior is entirely consistent with its stated purpose, and the code contains no evidence of data exfiltration, unauthorized network calls, or hidden malicious functionality.

Capability Tags

cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

The name/description (skill audit) match the included artifacts: a pure‑Python scanner (scripts/skill_audit.py), an IOC DB, and documentation of the 13 detectors. No unrelated environment variables, binaries, or install steps are requested. Minor inconsistency: some example commands in SKILL.md reference differing absolute paths (e.g., /root/.openclaw/... vs ~/.claude/...), but this is a documentation/path mismatch rather than a capability mismatch.

ℹ Instruction Scope

The runtime instructions tell the agent to run the bundled scanner which auto-discovers and reads skill directories (e.g., ~/.claude, ~/.openclaw, /usr/local/lib/node_modules/openclaw/skills). This is expected for a scanner, but it means the tool will read many files under user/home skill locations and may surface sensitive lines (file paths, snippets). The SKILL.md also includes remediation commands (ps, lsof, crontab, moving files) — appropriate for incident response but they require care (permissions/privilege) and the documentation uses several absolute paths that are inconsistent.

ℹ Install Mechanism

There is no install spec (instruction-only), and the scanner is pure stdlib Python bundled with the skill (no external downloads). That reduces supply-chain risk relative to remote installers. However, running the skill executes code shipped inside the skill bundle (scripts/skill_audit.py), so users should inspect that file before execution — this is normal for local tools but a point to be aware of.

✓ Credentials

The skill declares no required environment variables or credentials. The scanner intentionally looks for indicators related to credentials and sensitive paths (e.g., ~/.ssh, ~/.aws) as part of detection, which is appropriate for its purpose; it does not request access tokens or external secrets in metadata.

✓ Persistence & Privilege

The skill does not request permanent inclusion (always:false) and does not modify other skills or system-wide agent settings. It can be invoked autonomously by the agent (platform default), which is expected for skills; this by itself is not a red flag here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-security-audit-enhanced
After installation, invoke the skill by name or use /skill-security-audit-enhanced
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.0

优化版本：清理无关文件、更新文档、保持核心功能完整、性能优化

Metadata

Slug skill-security-audit-enhanced

Version 2.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Skill Security Audit Enhanced?

🔍 增强版技能安全审计 - 检测AI代理技能中的恶意模式，包含13种检测器，覆盖后门、凭证窃取、数据外传和供应链攻击。基于SlowMist的ClawHub威胁情报(472+恶意技能)。纯Python实现，零外部依赖。优化清理版，移除无关文件，性能更佳。 It is an AI Agent Skill for Claude Code / OpenClaw, with 72 downloads so far.

How do I install Skill Security Audit Enhanced?

Run "/install skill-security-audit-enhanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Security Audit Enhanced free?

Yes, Skill Security Audit Enhanced is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Security Audit Enhanced support?

Skill Security Audit Enhanced is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Security Audit Enhanced?

It is built and maintained by kvs-GoN (@confidentkai); the current version is v2.0.0.

More Skills