← Back to Skills Marketplace
4835
Downloads
4
Stars
58
Active Installs
2
Versions
Install in OpenClaw
/install skill-security-auditor
Description
Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns.
Usage Guidance
Install through the ClawHub CLI when possible. Use the scanner as one review aid, not proof that another skill is safe. Avoid raw curl installation or remote pattern updates unless you trust the source and can verify the files or pin a known release.
Capability Analysis
Type: OpenClaw Skill
Name: skill-security-auditor
Version: 1.0.1
The 'skill-security-auditor' skill is designed to analyze other OpenClaw skills for malicious patterns. Its core script, `analyze-skill.sh`, uses `grep` with patterns defined in `patterns/malicious-patterns.json` to identify threats. The skill makes legitimate network calls to `clawhub.ai` to fetch skills for analysis and to `openclaw-security.github.io` for threat intelligence updates, which are necessary for its stated purpose. There is no evidence of intentional harmful behavior, data exfiltration, persistence, or prompt injection against the agent within its own code or documentation (`SKILL.md`, `README.md`). The patterns it detects (e.g., `curl | bash`, known C2 IPs) are correctly used for detection, not execution by the skill itself.
Capability Assessment
Purpose & Capability
The artifacts coherently implement a Bash-based, pattern-matching auditor for SKILL.md files using a local JSON pattern database; its results are advisory heuristics, not a guarantee of safety.
Instruction Scope
Runtime use is user-directed through local file analysis or an explicit skill slug fetch, and the artifacts do not show automatic scanning, installation blocking, hidden execution, destructive behavior, or credential harvesting.
Install Mechanism
The primary install path is the ClawHub CLI, while the README also documents optional raw curl downloads and an optional remote threat-intelligence update; these are disclosed but should be treated as supply-chain trust decisions.
Credentials
The required tools bash, curl, jq, and grep are proportionate for fetching skill metadata, parsing JSON, and scanning text patterns; network access is limited to documented user-requested fetches and optional updates.
Persistence & Privilege
The only persistence described is an optional shell alias and user-managed local pattern-file updates; there is no evidence of background services, privilege escalation, auth store access, or hidden persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-security-auditor - After installation, invoke the skill by name or use
/skill-security-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added a command-line Bash script (analyze-skill.sh) for local security audits of ClawHub skills.
- Updated documentation to emphasize CLI usage and step-by-step instructions.
- Clearly outlined the scope: manual invocation, no automatic scanning or VirusTotal API integration.
- Improved description of detection heuristics and audit workflow.
- Detailed how to analyze skills by slug or local file for risk assessment.
v1.0.0
Initial release of skill-security-auditor: pre-installation security auditing for ClawHub skills.
- Analyzes SKILL.md files, dependencies, and code for malicious patterns and credential leaks.
- Detects suspicious prerequisites, C2 infrastructure indicators, and known campaign signatures (e.g., ClawHavoc).
- Assigns a risk score (0-100) and generates detailed audit reports with recommendations.
- Validates SKILL.md structure, author information, and dependency origins.
- Integrates manual VirusTotal checking and provides usage examples for local and ClawHub-based audits.
Metadata
Frequently Asked Questions
What is Skill Security Auditor?
Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns. It is an AI Agent Skill for Claude Code / OpenClaw, with 4835 downloads so far.
How do I install Skill Security Auditor?
Run "/install skill-security-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Security Auditor free?
Yes, Skill Security Auditor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Security Auditor support?
Skill Security Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Security Auditor?
It is built and maintained by AM (@akhmittra); the current version is v1.0.1.
More Skills