← Back to Skills Marketplace
skill-trust-auditor
by
Jonathan Jing
· GitHub ↗
· v1.1.3
617
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install skill-trust-auditor
Description
Audit a ClawHub skill for security risks BEFORE installation.
Usage Guidance
This skill appears to do what it claims: fetch skill files and run pattern checks. Before installing: (1) review patterns.json if you want to understand what it flags and the allowlisted domains; (2) be aware that enabling '--llm' mode will send snippets to Anthropic if you set ANTHROPIC_API_KEY (only enable if you trust that service); (3) running setup.sh will pip-install packages (requests, anthropic) — inspect the setup script and installed packages if you must maintain a strict supply-chain policy; (4) the auditor fetches remote skill files over the network to analyze them — this network access is necessary but means the tool can only be as accurate as the sources it fetches. Overall, the package is coherent and reasonable for an auditor, but exercise standard caution when enabling LLM judgement or when allowing pip installs on sensitive hosts.
Capability Analysis
Type: OpenClaw Skill
Name: skill-trust-auditor
Version: 1.1.3
The OpenClaw skill-trust-auditor is designed to identify security risks in other skills. Its own implementation demonstrates a strong focus on security, including robust input validation and sanitization (e.g., `_sanitize_untrusted` in `scripts/analyze_skill.py`) to prevent prompt injection when using LLMs. Shell commands in `scripts/audit.sh` correctly quote user input, mitigating shell injection risks. The skill's dependencies are standard, and there is no evidence of data exfiltration, backdoor installation, or other malicious intent within its own code or instructions. All identified high-risk patterns are part of its detection logic (`scripts/patterns.json`), not actions performed by the skill itself.
Capability Assessment
Purpose & Capability
The skill's name/description (audit ClawHub skills) match the actual artifacts: a Python analyzer, shell wrappers, and a patterns.json. Declared binaries (python3, optional clawhub) are appropriate. No unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions only run the included setup and audit scripts which fetch SKILL.md and referenced scripts from ClawHub/GitHub, then run regex checks. The instructions do not direct the agent to read unrelated local secrets or modify other skills. The only path that references home config is an optional alias pointing to the installed auditor script (not a request to read ~/.openclaw or secrets).
Install Mechanism
No platform install spec is provided; setup.sh installs Python packages (requests and optional anthropic) from PyPI via pip. This is expected for a Python tool but introduces normal supply-chain risk from PyPI packages; packages are well-known (requests, anthropic) and installation is local and explicit.
Credentials
The skill declares no required env vars. It does optionally use ANTHROPIC_API_KEY for the '--llm' mode (README and setup.sh mention this). That optional key is proportionate to an LLM-as-judge feature but is not required for core auditing; the SKILL metadata does not list it as required, which is consistent.
Persistence & Privilege
The skill does not request always:true, does not attempt to modify other skills or agent core files, and the provided setup only installs local Python packages. It does not create persistent hooks or modify shell profiles.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-trust-auditor - After installation, invoke the skill by name or use
/skill-trust-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.3
Corrected misleading binary requirements (python3 is mandatory).
v1.1.2
Added simplified installation instructions to SKILL.md and README.md.
v1.1.1
Re-submit for VirusTotal scan clearance (scan clean: 08cd55a5). No code changes from v1.1.0.
v1.1.0
Fix prompt injection vulnerability in LLM-as-judge: sanitize untrusted content, XML boundary tags, system prompt hardening, LLM verdict is advisory-only (never overrides static score)
v1.0.0
Initial release: 52 pattern rules, Trust Score 0-100, LLM-as-judge, ClawHavoc pattern database
Metadata
Frequently Asked Questions
What is skill-trust-auditor?
Audit a ClawHub skill for security risks BEFORE installation. It is an AI Agent Skill for Claude Code / OpenClaw, with 617 downloads so far.
How do I install skill-trust-auditor?
Run "/install skill-trust-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is skill-trust-auditor free?
Yes, skill-trust-auditor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does skill-trust-auditor support?
skill-trust-auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created skill-trust-auditor?
It is built and maintained by Jonathan Jing (@jonathanjing); the current version is v1.1.3.
More Skills