← Back to Skills Marketplace
97
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install skill-integrity-auditor
Description
Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri...
Usage Guidance
This skill is instruction-only and appears coherent for auditing skill bundles: it will read the skill files and any referenced resources (which is expected). It does not ask for credentials or install code. Two things to consider before installing: (1) the SKILL.md enforces a language-locking rule and forces the final-line verdict to be in Chinese regardless of detected language — if you need outputs in another language or transparent language-reporting, review or edit that rule; (2) because the auditor operates on the whole bundle, review the full SKILL.md to confirm it does not instruct reading system files, environment variables, or reaching out to external hosts you don’t expect. If you want extra caution, ask for the full SKILL.md text and a walkthrough of any file-reading/network steps the auditor will perform.
Capability Analysis
Type: OpenClaw Skill
Name: skill-integrity-auditor
Version: 0.1.8
The bundle defines a comprehensive security auditing framework designed to evaluate other OpenClaw skill bundles for vulnerabilities and malicious behavior. It establishes a detailed taxonomy for detecting risks such as remote code execution (EXE), credential theft (CRED), and data exfiltration (NET), along with a scoring system (C×R×I×B). While the instructions in Skill.md are highly prescriptive regarding output formatting and language handling, they are entirely consistent with the stated purpose of a security tool and do not contain any indicators of malicious intent, unauthorized data access, or persistence mechanisms.
Capability Assessment
Purpose & Capability
The skill declares it audits whole skill bundles and the SKILL.md instructs the agent to operate on SKILL.md plus referenced scripts/resources. No unrelated binaries, env vars, or installs are requested — this is proportional to an auditor.
Instruction Scope
The SKILL.md contains detailed classification rules and explicitly instructs the agent to read the skill bundle (expected). It also enforces a language-detection/locking rule and requires the single final-line verdict always be in Chinese, which is a presentation constraint (not a direct security risk) but could be surprising or disruptive to users. Review the full SKILL.md to confirm there are no hidden directives that request system-wide file reads, env access, or network calls; the provided excerpt shows no such red flags.
Install Mechanism
No install spec, no code files, and no downloads — lowest-risk installation model for a skill.
Credentials
No required environment variables, credentials, or config paths are declared. The auditor's stated need to read the skill bundle is consistent with no additional secret access.
Persistence & Privilege
The skill is not always-enabled, does not request persistence or modify other skills, and allows normal autonomous invocation settings. No elevated persistence privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-integrity-auditor - After installation, invoke the skill by name or use
/skill-integrity-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.8
skill-integrity-auditor 0.1.8
- Updated version number to 0.1.8 in SKILL.md.
- No logic, taxonomy, or scoring changes; documentation and internal references remain the same.
v0.1.7
**Final verdict language change for audit results.**
- The result verdict (last line, §7) is now always output in Chinese, regardless of detected language.
- All intermediate output remains in the detected language; only the final verdict is forced to Chinese.
- Clarified language rules and output behavior in documentation.
v0.1.2
- Introduced a comprehensive audit evaluation core with separate classification and severity scoring layers.
- Output language is now auto-detected from the user’s message and used exclusively throughout each run.
- Expanded classification taxonomy: each finding uses a (Surface, Behavior, IntentMarker) triple for precise categorization.
- Severity scoring is now detailed and formulaic, based on capability, reachability, intent, and behavioral nuance.
- Improved documentation for each behavior node, intent marker meaning, and scoring logic.
- Classification and severity systems are strictly orthogonal except for clearly defined interface fields.
Metadata
Frequently Asked Questions
What is Skill Auditor?
Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri... It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.
How do I install Skill Auditor?
Run "/install skill-integrity-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Auditor free?
Yes, Skill Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Auditor support?
Skill Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Auditor?
It is built and maintained by ambarion (@ambarion); the current version is v0.1.8.
More Skills