← Back to Skills Marketplace
1030
Downloads
0
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install raini-skill-audit
Description
Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks.
Usage Guidance
This appears to be a legitimate local security scanner. Before installing: 1) Note SKILL.md mentions a 'check' command that the bundled CLI does not implement — treat that as a documentation mismatch. 2) The scanner uses simple regex heuristics and will produce false positives (and could miss sophisticated obfuscation); review flagged files manually. 3) When running 'scan --all' the tool will read all files in your skills directory — run it in a safe environment or with explicit paths if you're concerned about sensitive locations. 4) Because the skill can be invoked autonomously by the agent, consider whether you want it enabled for automatic runs; this is not a red flag by itself but be mindful of what paths the agent may instruct the skill to scan. 5) If you rely on its results for critical decisions, open the bundled src/audit.js and verify the detection rules and allowlist domains yourself (the code is short and readable).
Capability Analysis
Type: OpenClaw Skill
Name: raini-skill-audit
Version: 1.0.0
This skill is a security scanner designed to detect malicious patterns in other OpenClaw skills. The `SKILL.md` clearly outlines its purpose and the types of risks it identifies (e.g., credential reading, data exfiltration, dynamic code execution). The `src/audit.js` file implements this scanner by using regular expressions to analyze the content of other skill files. While it performs file system access (`fs.readdirSync`, `fs.readFileSync`), this is strictly for reading the code of target skills, which is necessary for its stated security auditing function. There is no evidence of prompt injection, data exfiltration, or malicious execution by this skill itself; rather, it identifies these behaviors in *other* skills.
Capability Assessment
Purpose & Capability
Name, package.json description, SKILL.md and the included src/audit.js implement a security scanner for OpenClaw skills. The code scans files and looks for credential references, network calls, and dynamic execution patterns — all are appropriate for a skill-audit tool. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md and the CLI instruct running the scanner against skill directories (e.g., ~/.openclaw/workspace/skills or a provided path), which is appropriate. However SKILL.md documents a '/skill-audit check <clawhub-slug>' command that is not implemented in src/audit.js (the CLI only supports 'scan'). Also the scanner will read any files in the target path (which is expected) and could report many heuristic hits; that behavior is normal for a file-scanner but worth knowing.
Install Mechanism
No install spec or remote downloads are included — this is an instruction-only/package-contained skill with the scanner source bundled. Nothing is fetched from external URLs at install time.
Credentials
No environment variables, credentials, or config paths are required. The code reads filesystem paths supplied by the user and uses process.env.HOME to locate the default workspace; that is proportionate to a scanner. It does not ask for unrelated secrets.
Persistence & Privilege
always is false and the skill does not request elevated persistence or modify other skills. disable-model-invocation is false (agent can call it autonomously) — appropriate for a utility skill. There is no evidence it alters agent/system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install raini-skill-audit - After installation, invoke the skill by name or use
/raini-skill-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - Security scanner for OpenClaw skills
Metadata
Frequently Asked Questions
What is Skill Audit by Raini?
Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks. It is an AI Agent Skill for Claude Code / OpenClaw, with 1030 downloads so far.
How do I install Skill Audit by Raini?
Run "/install raini-skill-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Audit by Raini free?
Yes, Skill Audit by Raini is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Audit by Raini support?
Skill Audit by Raini is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Audit by Raini?
It is built and maintained by 0xRaini (@0xraini); the current version is v1.0.0.
More Skills