← Back to Skills Marketplace

Skill Security Audit

Name: Skill Security Audit
Author: chensu1234

by chensu1234 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

1400

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-security-audit-v2

Description

已安装 Skills 的安全审计工具。用于批量审计 Skills 的安全性，包括命令执行、网络访问、文件访问、数据泄露、依赖风险、提示词越权和触发条件检查。适用于用户提供 Skills 列表和文件内容时进行安全扫描、护栏审查、提示词越权审查或强化建议。

Usage Guidance

This skill appears coherent and low-risk because it is instruction-only and asks you to supply the Skill files to be audited. Before using it: (1) only provide the files you intend to share—do not include secrets, API keys, or private tokens; (2) confirm how your agent runtime enforces file access (ensure the agent will not autonomously read system files or connectors); (3) prefer running the audit in an environment that isolates sensitive data; and (4) consider adding an explicit instruction to the skill to 'only inspect files attached to the user request' to reduce the chance of unintended file access.

Capability Analysis

Type: OpenClaw Skill Name: skill-security-audit-v2 Version: 1.0.0 The skill is a security auditing tool designed to guide an AI agent in reviewing other skills for vulnerabilities. The instructions in SKILL.md and references/review-checklist.md provide a structured framework for identifying risks such as arbitrary command execution, data exfiltration, and prompt injection, while offering safer code patterns for remediation. No malicious logic, data exfiltration, or obfuscation was found.

Capability Assessment

✓ Purpose & Capability

Name and description match the requested inputs and actions: the skill is designed to audit Skills and asks the user to provide a skills list and file contents. There are no unrelated environment variables, binaries, or install steps, so the declared requirements are proportionate to the stated purpose.

ℹ Instruction Scope

SKILL.md provides a clear checklist, categories, and an output template for auditing user-supplied Skill files (SKILL.md, scripts, dependencies, references). It explicitly includes safer patterns (limit to files provided by user, avoid connectors/secrets, require explicit consent for outbound transfers). However, the instructions do not explicitly forbid the agent from independently reading local system files or connectors — the safety relies on the operator/agent implementation and on the user providing only the files they want audited. Recommend explicitly requiring 'only analyze files provided in the request' to avoid overbroad file access.

✓ Install Mechanism

No install spec and no code files — instruction-only skill. This minimizes disk footprint and eliminates risks from remote downloads or package installs.

✓ Credentials

No environment variables, credentials, or config paths are requested. This is proportional to an audit-by-inspection tool. Reminder: users should avoid supplying secrets or credentials as part of the files they submit for audit.

✓ Persistence & Privilege

always:false and no special privileges requested. The skill does not request permanent inclusion or modification of other skills or system-wide settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-security-audit-v2
After installation, invoke the skill by name or use /skill-security-audit-v2
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of skill-security-audit, a tool for batch auditing the security of installed Skills. - Supports detection of command execution, network access, file/system access, data leakage, dependency risks, prompt injection, and trigger condition issues. - Provides structured security reports per Skill with severity ratings, risk evidence, and remediation suggestions. - Includes auditing matrix and severity definitions to standardize risk evaluation. - Output includes both detailed reports and an overall summary highlighting top risks and remediation priorities.

Metadata

Slug skill-security-audit-v2

Version 1.0.0

License MIT-0

All-time Installs 12

Active Installs 11

Total Versions 1

Frequently Asked Questions

What is Skill Security Audit?

已安装 Skills 的安全审计工具。用于批量审计 Skills 的安全性，包括命令执行、网络访问、文件访问、数据泄露、依赖风险、提示词越权和触发条件检查。适用于用户提供 Skills 列表和文件内容时进行安全扫描、护栏审查、提示词越权审查或强化建议。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1400 downloads so far.

How do I install Skill Security Audit?

Run "/install skill-security-audit-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Security Audit free?

Yes, Skill Security Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Security Audit support?

Skill Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Security Audit?

It is built and maintained by chensu1234 (@chensu1234); the current version is v1.0.0.

More Skills