← Back to Skills Marketplace

Skill Audit

Name: Skill Audit
Author: yoborlon-alpha

by yoborlon-alpha · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

135

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install claw-skill-audit

Description

Automatically audits newly installed skills to validate structure, security, and health before activation, preventing broken or malicious skills from running.

README (SKILL.md)

skill-audit

Newly installed OpenClaw skill safety inspector & audit tool.

Purpose

Automatically audit newly installed skills before activation. Validates structure, security, and basic health to prevent broken or malicious skills from affecting the system.

When to Use

After installing a new skill from ClawHub
Before enabling a skill for the first time
When debugging a malfunctioning skill
As part of routine skill maintenance

What It Checks

1. Structure Validation

SKILL.md exists and is readable
Required fields present: name, description, location
No broken internal links or references

2. Security Scan

No hardcoded secrets, API keys, or credentials
No suspicious external network calls (untrusted URLs)
File permissions safe (no world-writable scripts)

3. Health Check

Skill directory accessible
No circular imports or broken references
Basic syntax validity of SKILL.md

Usage

skill-audit \x3Cskill-path>

Example:

skill-audit ~/.openclaw/skills/my-new-skill
skill-audit /workspace/skills/awesome-skill

Output

PASS -- Skill passes all checks
WARN -- Minor issues found (non-blocking)
FAIL -- Critical issues found (blocking)
INFO -- Informational notes

Notes

Run as part of your installation workflow, not just when things break
Combine with clawhub skill for full install -> audit -> enable flow

Usage Guidance

This skill appears to do what it says: a local, read-only audit of a skill directory. Before running: (1) inspect audit.sh yourself (it's short and readable); (2) run it against a copy of the target skill or a non-sensitive test directory to avoid accidentally printing any secrets to your terminal; (3) remember the script only scans files under the provided path — do not point it at system or home directories; (4) be aware of minor bugs that may miss issues or produce false positives, so treat results as advisory and follow up with manual review for any WARN/FAIL output.

Capability Analysis

Type: OpenClaw Skill Name: claw-skill-audit Version: 1.0.0 The skill is a security auditing utility designed to inspect other OpenClaw skills for structural integrity and basic security flaws. The core logic in `audit.sh` uses standard tools like grep and find to check for hardcoded secrets (API keys, private keys), insecure file permissions, and missing documentation, with no evidence of data exfiltration or malicious intent.

Capability Assessment

✓ Purpose & Capability

Name, description, SKILL.md, and the included audit.sh are consistent: the skill is an on-disk auditor for other skills. It declares no env vars, binaries, or install steps that would be unrelated to this purpose.

ℹ Instruction Scope

SKILL.md instructs running the provided audit script against a target skill path. The script only reads files under the given directory, searches for common secret patterns, checks permissions, and reports results — it does not perform network exfiltration or require external services. Note: there are minor implementation bugs (a grep regex with a negative lookahead that standard grep -E may not support, and a shebang-detection loop that runs in a subshell so its flag may not be observable afterwards) which can produce false negatives/positives; these are quality issues rather than malicious behavior.

✓ Install Mechanism

No install spec is provided and the package is instruction-only with a single shell script included. No remote downloads, archives, or package installs occur. Risk from installation is low.

✓ Credentials

The skill requires no environment variables, no credentials, and no config paths. The script does not read or require sensitive system credentials.

✓ Persistence & Privilege

always is false and the skill contains no code to persistently modify agent configuration or enable itself. It runs only when invoked and does not request elevated or persistent privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install claw-skill-audit
After installation, invoke the skill by name or use /claw-skill-audit
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial publish

Metadata

Slug claw-skill-audit

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Skill Audit?

Automatically audits newly installed skills to validate structure, security, and health before activation, preventing broken or malicious skills from running. It is an AI Agent Skill for Claude Code / OpenClaw, with 135 downloads so far.

How do I install Skill Audit?

Run "/install claw-skill-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Audit free?

Yes, Skill Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Audit support?

Skill Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Audit?

It is built and maintained by yoborlon-alpha (@yoborlon-alpha); the current version is v1.0.0.

More Skills