← Back to Skills Marketplace
andyxinweiminicloud

Protocol Doc Auditor

by andyxinweiminicloud · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
407
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install protocol-doc-auditor
Description
Helps detect hidden attacks in API and protocol documentation. Scans integration guides for dangerous instructions like curl|bash, credential harvesting, and...
Usage Guidance
This skill appears internally consistent. Before installing: (1) confirm you trust the skill publisher since source/homepage is unknown, (2) restrict the agent's network access if you run it against sensitive internal docs, and (3) remember the auditor flags patterns but cannot guarantee detection of novel or obfuscated attacks — for high-risk integrations follow up with manual review.
Capability Analysis
Type: OpenClaw Skill Name: protocol-doc-auditor Version: 1.0.0 The OpenClaw skill 'protocol-doc-auditor' is designed to detect malicious instructions within API and protocol documentation. While its `SKILL.md` contains examples of dangerous commands like `curl | bash` and `cat ~/.ssh/id_rsa.pub`, these are presented as *input* that the auditor analyzes and flags as risky, not as instructions for the AI agent to execute. The skill's stated purpose is defensive, and its required binaries (`curl`, `python3`) are consistent with fetching and analyzing documentation. There is no evidence of intentional harmful behavior, data exfiltration, or prompt injection against the agent itself.
Capability Assessment
Purpose & Capability
Name and description claim a document-auditor for protocol docs; requiring curl (to fetch a URL) and python3 (to parse/analyze text) is reasonable and proportional to that purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines itself to analyzing provided URLs or text content for risky patterns (curl|bash, credentials in URLs, telemetry setup, etc.). It does not instruct the agent to read user files, environment secrets, or system configuration, nor to exfiltrate data to third parties.
Install Mechanism
Instruction-only skill with no install spec or downloads. This is low-risk — nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are required. The absence of sensitive requirements matches the auditor's function (text analysis of docs).
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is allowed by default but is not combined with other red flags here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install protocol-doc-auditor
  3. After installation, invoke the skill by name or use /protocol-doc-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of protocol-doc-auditor. - Scans API and protocol documentation for hidden attack vectors and dangerous setup instructions. - Detects risky patterns such as `curl | bash`, credential exposure, data leakage, irrevocable identity binding, and privilege escalation. - Provides an audit report with risk assessments and safer alternatives for each instruction. - Rates overall document safety as SAFE / CAUTION / DANGEROUS.
Metadata
Slug protocol-doc-auditor
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Protocol Doc Auditor?

Helps detect hidden attacks in API and protocol documentation. Scans integration guides for dangerous instructions like curl|bash, credential harvesting, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 407 downloads so far.

How do I install Protocol Doc Auditor?

Run "/install protocol-doc-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Protocol Doc Auditor free?

Yes, Protocol Doc Auditor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Protocol Doc Auditor support?

Protocol Doc Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Protocol Doc Auditor?

It is built and maintained by andyxinweiminicloud (@andyxinweiminicloud); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments