← Back to Skills Marketplace
2069
Downloads
0
Stars
14
Active Installs
2
Versions
Install in OpenClaw
/install arc-security-audit
Description
Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with priori...
README (SKILL.md)
Security Audit
One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.
Why This Exists
Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.
Commands
Audit all installed skills
python3 {baseDir}/scripts/audit.py full
Audit a specific skill
python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/
Generate audit report as JSON
python3 {baseDir}/scripts/audit.py full --json --output report.json
Audit with trust attestations
python3 {baseDir}/scripts/audit.py full --attest
What It Does
- Scans every installed skill with arc-skill-scanner patterns
- Assesses trust for each skill (provenance, code cleanliness, binary presence)
- Checks binary integrity with SHA-256 checksums
- Generates a prioritized report sorted by risk level
- Optionally creates trust attestations for skills that pass all checks
Output
The audit report includes:
- Summary: total skills scanned, findings by severity, overall risk level
- Per-skill breakdown: findings, trust score, recommendations
- Critical actions: what to fix immediately
- Trust attestations for passing skills (if --attest flag used)
Usage Guidance
This skill appears to do what it claims: run a local audit by invoking scanner and trust-verifier components and produce reports. Before running: (1) review the scanner and trust_verifier modules it will import (they will execute code during the audit), (2) consider running the script on a non-production or sandboxed account if you don't trust those components, and (3) inspect any generated attestations in ~/.openclaw/attestations before trusting them. If you don't have the expected arc-skill-scanner/arc-trust-verifier modules installed, the script will report that instead of silently failing.
Capability Analysis
Type: OpenClaw Skill
Name: arc-security-audit
Version: 1.1.0
The 'arc-security-audit' skill is designed to perform security assessments of other OpenClaw skills. The `SKILL.md` provides clear, benign instructions without any prompt injection attempts. The `scripts/audit.py` script uses standard Python libraries, handles paths securely with `os.path.realpath` to prevent path traversal, and carefully manages `sys.path` to only load modules from expected sibling skill directories (`skill-scanner`, `trust-verifier`). It generates local reports and attestations without any evidence of data exfiltration, unauthorized network activity, persistence mechanisms, or malicious execution. The code's structure and security-conscious path handling align with its stated purpose as a security auditing tool.
Capability Assessment
Purpose & Capability
Name/description match the delivered files and requirements: a single Python script plus SKILL.md, requiring only python3. Requesting only python3 and scanning ~/.openclaw/skills is appropriate for an audit aggregator.
Instruction Scope
SKILL.md instructs running the included script which enumerates skill directories and invokes local scanner and trust-verifier modules. This is within scope, but the script imports and executes code from other skill packages (scanner/trust_verifier) by adding their scripts dirs to sys.path — that will execute third-party code during the audit and is a supply-chain execution risk if those tools are untrusted.
Install Mechanism
No install spec — instruction-only with an included script. Nothing is downloaded or written to system paths during install; the script may write attestations to ~/.openclaw/attestations when explicitly asked.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The script only accesses standard user skill directories and a local attestations directory, which is proportionate to an audit tool.
Persistence & Privilege
always:false and user-invocable; it does not request permanent inclusion or modify other skills. It creates attestations under the user's ~/.openclaw/attestations when asked, which is within expected behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install arc-security-audit - After installation, invoke the skill by name or use
/arc-security-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
- Updated scripts/audit.py with changes for version 1.1.0.
- No user-facing or documentation changes.
v1.0.0
Initial release — comprehensive skill stack security audit.
- Chains scanning, trust verification, differ, and health monitoring into a single command.
- Produces unified, prioritized risk reports with actionable findings.
- Supports audit of all installed skills or specific skills, with optional JSON output.
- Checks binary integrity via SHA-256.
- Optionally generates trust attestations for verified skills.
Metadata
Frequently Asked Questions
What is Security Audit?
Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with priori... It is an AI Agent Skill for Claude Code / OpenClaw, with 2069 downloads so far.
How do I install Security Audit?
Run "/install arc-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Audit free?
Yes, Security Audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Security Audit support?
Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Security Audit?
It is built and maintained by ArcSelf (@trypto1019); the current version is v1.1.0.
More Skills