← Back to Skills Marketplace
1980
Downloads
3
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install one-skill-to-rule-them-all
Description
Security auditing skill that detects malicious patterns like prompt injection, data exfiltration, obfuscation, and privilege escalation in OpenClaw SKILL.md...
Usage Guidance
This skill is coherent for its stated purpose (auditing SKILL.md files) and does not request credentials or install software. Before using it, check the source/author (no homepage/source listed here). Be careful when asking it to 'analyze' a file path — it may read any file you point it at, so do not supply paths to secrets (e.g., ~/.ssh, ~/.aws/credentials, .env) unless you intend the tool to examine them. When requesting a 'cleaned' version, review the output carefully before using it, since automated removals can alter intended behavior or leak snippets from the reviewed file.
Capability Analysis
Type: OpenClaw Skill
Name: one-skill-to-rule-them-all
Version: 1.0.0
The OpenClaw skill 'OSTRTA: One Skill To Rule Them All' is a security analysis tool designed to audit other OpenClaw skills. Its `SKILL.md` comprehensively defines various threat categories (e.g., prompt injection, data exfiltration, obfuscation) as patterns to *detect* in *other* skills, not as instructions for the analyzing agent to execute. The instructions within the skill are entirely focused on performing security analysis, reporting findings, and optionally providing cleaned versions of *other* skills. Explicit disclaimers state the skill will not execute code, make network requests, or modify content, reinforcing its benign intent and alignment with its stated purpose.
Capability Assessment
Purpose & Capability
The SKILL.md describes a security-analysis tool for auditing other SKILL.md files. There are no declared env vars, binaries, or install steps beyond reading the skill text — that aligns with the stated purpose.
Instruction Scope
The instructions ask the agent to analyze pasted content or a provided file path and to produce cleaned versions on request. That is reasonable for an analyzer, but it means the agent may read any file path you give it; the SKILL.md itself lists many sensitive paths to flag when auditing other skills (expected), but it does not itself instruct network exfiltration. Users should avoid pointing it at sensitive local files unless they intend that content to be examined.
Install Mechanism
No install spec and no code files are present (instruction-only), so nothing will be downloaded or written to disk by an installer — lowest-risk model.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md enumerates sensitive files and envs as detection targets (expected for a scanner) but does not ask for them.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request permanent system presence or to modify other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install one-skill-to-rule-them-all - After installation, invoke the skill by name or use
/one-skill-to-rule-them-all - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of OSTRTA: a security auditing skill for OpenClaw skill files.
- Provides adversarial analysis of SKILL.md files to detect prompt injection, data exfiltration, obfuscation, and other security threats.
- Delivers clear verdicts (CRITICAL/HIGH/MEDIUM/LOW/SAFE) with evidence and remediation recommendations.
- Supports optional cleaning/remediation: can generate a "safe" version with threats removed.
- Detects 9 detailed threat categories including prompt injection, credential/data exfiltration, code obfuscation, unverifiable dependencies, and privilege escalation.
- Uses an "assume-malicious" posture and presents actionable, evidence-based security findings.
Metadata
Frequently Asked Questions
What is One Skill To Rule Them All?
Security auditing skill that detects malicious patterns like prompt injection, data exfiltration, obfuscation, and privilege escalation in OpenClaw SKILL.md... It is an AI Agent Skill for Claude Code / OpenClaw, with 1980 downloads so far.
How do I install One Skill To Rule Them All?
Run "/install one-skill-to-rule-them-all" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is One Skill To Rule Them All free?
Yes, One Skill To Rule Them All is completely free (open-source). You can download, install and use it at no cost.
Which platforms does One Skill To Rule Them All support?
One Skill To Rule Them All is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created One Skill To Rule Them All?
It is built and maintained by hichana (@hichana); the current version is v1.0.0.
More Skills