← Back to Skills Marketplace
Skill Auditor
by
Ruben Quispe
· GitHub ↗
· v2.1.3
2726
Downloads
1
Stars
20
Active Installs
7
Versions
Install in OpenClaw
/install skill-auditor
Description
Security scanner that catches malicious skills before they steal your data. Detects credential theft, prompt injection, and hidden backdoors. Works immediately with zero setup. Optional AST dataflow analysis traces how your data moves through code.
Usage Guidance
This package appears internally consistent with its stated role as a local security scanner. Before running it: 1) Inspect scripts/setup.js and scripts/scan-skill.js (they are present) to confirm the setup wizard does not run unexpected network commands or install remote code automatically. 2) Run the tool in an isolated environment (VM/temporary container) first, especially before enabling auto-scan. 3) If you plan to use VirusTotal or the LLM features, provide those API keys only if you trust the repository; agree to their privacy implications. 4) Verify the repository/origin (the package.json repo points to a GitHub URL) and check commit history or upstream project to increase confidence. 5) If you want higher assurance, ask the publisher for a signed release or checksum; absence of a homepage / known publisher keeps overall confidence at medium.
Capability Analysis
Type: OpenClaw Skill
Name: skill-auditor
Version: 2.1.3
The OpenClaw AgentSkills skill bundle 'skill-auditor' is a security scanner designed to detect malicious behavior in other skills. Its code and documentation consistently align with this stated purpose. All seemingly 'risky' capabilities, such as file system access, network requests, shell execution, and LLM interaction, are implemented to analyze and audit other skills, not to perform malicious actions against the user or the OpenClaw agent. For example, `scripts/analyzers/static.js` defines extensive regex patterns to detect prompt injection, data exfiltration, and persistence mechanisms, but these patterns are used for detection, not execution by the auditor itself. The setup script creates benign shell hooks to automate scanning of newly installed skills, providing user control over warnings. There is no evidence of intentional harmful behavior by this skill.
Capability Assessment
Purpose & Capability
Name/description match the actual contents: many analyzer scripts (AST, static, virustotal, llm-semantic, scan-url, format-report) are present and expected for a security scanner. Optional features (AST, VirusTotal, LLM) are declared and implemented as optional dependencies.
Instruction Scope
SKILL.md instructs the agent/user to scan local skill directories, audit installed skills, optionally enable AST/Tree-sitter, and optionally use VirusTotal/LLM. These actions legitimately require reading skill files and making network requests when asked. However, the docs also contain prompt-injection examples and guidance (expected for a scanner) which triggered a pre-scan injection signal — verify that these are explanatory examples and not instructions that will be executed by the agent.
Install Mechanism
No automatic installer is provided (no download/execute URL). The tool is a Node.js project with scripts you run locally; optional Python/tree-sitter and optional npm modules are listed. No high-risk remote install URLs or shorteners are present in the package metadata.
Credentials
The skill declares no required environment variables. Optional features request a VIRUSTOTAL_API_KEY and an OpenClaw gateway for LLM analysis — both are proportional to the described optional features. The scanner will read files and env-vars inside scanned skills (that's its purpose) but does not request unrelated credentials.
Persistence & Privilege
always:false and model invocation allowed by default. The setup wizard saves preferences to ~/.openclaw/skill-auditor.json and can optionally enable auto-scan (opt-in). The skill does not request always:true or system-wide config modifications in SKILL.md.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-auditor - After installation, invoke the skill by name or use
/skill-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.3
Removed test malicious files that triggered ClawHub security scan
v2.1.2
Improved setup wizard - explains each feature with test data, asks one-by-one, offers to audit all skills
v2.1.1
v2.1.1 - Setup wizard, audit-all command, fewer false positives, cross-platform support
v2.1.0
Setup wizard with opt-in features, audit-all command scans every installed skill, fewer false positives on legitimate skills, cross-platform tree-sitter install
v1.2.0
Improved intent matching: docs/badge URLs ignored, better purpose-keyword recognition, accuracy scoring fix
v1.1.0
Smarter context-aware analysis + simpler UX
v1.0.0
Initial release - Security scanner for Moltbot/OpenClaw skills
Metadata
Frequently Asked Questions
What is Skill Auditor?
Security scanner that catches malicious skills before they steal your data. Detects credential theft, prompt injection, and hidden backdoors. Works immediately with zero setup. Optional AST dataflow analysis traces how your data moves through code. It is an AI Agent Skill for Claude Code / OpenClaw, with 2726 downloads so far.
How do I install Skill Auditor?
Run "/install skill-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Auditor free?
Yes, Skill Auditor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Auditor support?
Skill Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Auditor?
It is built and maintained by Ruben Quispe (@rubenaquispe); the current version is v2.1.3.
More Skills