← Back to Skills Marketplace
ithacajason

Security Audit by Jason

by ITHACAJASON · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
247
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install jasonlai-security-audit
Description
Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use w...
README (SKILL.md)

Security Audit Skill

Automated security checks for external resources before execution.

When to Use

ALWAYS use this skill when:

  • Cloning any GitHub repository
  • Downloading skills or code from the web
  • Running external scripts or code
  • Installing new tools from untrusted sources

Security Checks

File Type Detection

File Type Risk Level Action
.py, .js, .ts, .go, .rs ✅ Low Safe to review
.md, .txt, .json, .yaml ✅ Low Safe to read
.exe, .bat, .sh, .app, .msi 🔴 High Block without review
Unknown binary files 🔴 High Block without review

Content Analysis

  • Source Code Present: ✅ Pass
  • README Matches Content: ✅ Pass
  • Suspicious Patterns: Detects:
    • Base64 encoded payloads
    • Shellcode signatures
    • Obfuscated code
    • Network connections in scripts

Red Flags

🚨 Immediately alert user if:

  • Executable files without source code
  • README claims functionality not present in code
  • Extremely long text files (> 50KB with single line)
  • Encrypted/obfuscated content
  • Direct download links in README (not GitHub releases)

Usage

# Audit a directory
cd /path/to/repo
python3 audit.py

# Audit with verbose output
python3 audit.py --verbose

# Export report to file
python3 audit.py --output report.txt

Check Results

✅ Safe

🛡️ Security Audit: PASSED

All checks passed. This resource appears safe to use.
- Source code: Found
- File types: Normal
- Content: Matches description
- No suspicious patterns detected

⚠️ Warning

⚠️ Security Audit: WARNING

Found minor issues that need review:
- Long line in file.txt (65000+ chars)
- Some files lack comments

Recommended: Review before execution.

🚨 Critical

🚨 Security Audit: BLOCKED

Critical security issues detected:
- Executable file: resolver.exe (NO source code)
- Suspicious payload: icon16.txt (289KB single-line text)
- README mismatch: Claims "memory system" but contains malware

🛑 DO NOT EXECUTE. Delete immediately.

Integration with OpenClaw

This skill can be invoked automatically by OpenClaw when:

  1. Cloning Repos: Runs after git clone
  2. Downloading Skills: Runs after clawhub install
  3. Running External Scripts: Runs before execution

To enable automatic auditing, add to your workflow:

# After git clone
git clone \x3Crepo-url> && cd \x3Crepo> && python3 audit.py

# After clawhub install
clawhub install \x3Cskill> && python3 ~/.clawhub/skills/\x3Cskill>/audit.py

Security Best Practices

For Users

  1. Never run unverified executables
  2. Always review code before execution
  3. Check file types in downloaded archives
  4. Verify repository activity and contributors
  5. Use virtual environments for testing

For Skill Authors

  1. Provide source code in clear text
  2. Include README that matches functionality
  3. Avoid obfuscation or encryption
  4. Document dependencies clearly
  5. Use standard formats (no custom binaries)

False Positives

Some safe projects may trigger warnings:

  • Large data files: Legitimate models, datasets
  • Minified code: Production JavaScript/CSS
  • Compiled modules: Native Python extensions

Review manually before deciding to block.

Reference Cases

ClawIntelligentMemory (2026-03-03)

🚨 BLOCKED: Malware disguised as OpenClaw memory system

Evidence:
- resolver.exe (Windows PE executable, no source)
- icon16.txt (289KB single-line,疑似 shellcode)
- App.bat (launches resolver.exe with payload)
- README claims "memory system", actual content is malware

Action: Deleted immediately

Notes

  • This is a basic heuristic check, not a full antivirus
  • Always use human judgment for final decisions
  • Report false positives to improve detection
  • Keep this skill updated with new threat patterns
Usage Guidance
This appears to be a local static-audit tool; it's coherent with its description. Before installing or auto-wiring it into workflows: (1) review audit.py yourself so you trust the logic, (2) run it in an isolated environment (VM/container) the first few times, (3) remember it's heuristic-only and can produce false positives (large data files, minified code), and (4) do not rely on it as a sole defense — use it as a pre-check and perform manual review for critical code. If you plan to auto-run it after every git clone, be aware you must add that hook yourself; the skill does not auto-install that behavior.
Capability Analysis
Type: OpenClaw Skill Name: jasonlai-security-audit Version: 1.0.0 The skill is a legitimate security auditing tool designed to perform static analysis on directories to detect high-risk file types, suspicious patterns (like long base64 strings or shellcode), and README mismatches. The audit.py script uses standard Python libraries to scan files locally without any network activity, data exfiltration, or unauthorized execution. The instructions in SKILL.md correctly guide the AI agent to use the tool for defensive purposes.
Capability Assessment
Purpose & Capability
Name/description match implementation: the skill includes a Python script (audit.py) that performs static checks, and the only declared requirement is python3. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md instructs running audit.py against a local repo and suggests inserting it into workflows (after git clone / clawhub install). The script scans files recursively in the provided directory for suspicious patterns and large single-line files; it does not attempt to read environment secrets or reach external endpoints. Note: the README/SKILL.md suggests automatic invocation by OpenClaw but the package contains no install hooks — wiring into CI/clone workflows is manual.
Install Mechanism
No install spec; this is instruction + script only. The script is local and there are no downloads or extract steps that would pull arbitrary remote code.
Credentials
The skill requires no environment variables, no credentials, and only needs read access to the scanned directory. No credentials or unrelated external service tokens are requested.
Persistence & Privilege
always is false and the script does not write persistent configuration or modify other skills. It prints reports to stdout / optional output file only. Enabling automatic invocation would be a user action.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install jasonlai-security-audit
  3. After installation, invoke the skill by name or use /jasonlai-security-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the security-audit skill. - Provides automated security checks for external resources such as GitHub repos, downloaded skills, and files. - Detects malicious code, suspicious executables, obfuscated content, and README/content mismatches. - Includes clear risk assessment by file type and detailed instructions for use and integration. - Offers actionable audit results: Safe, Warning, or Critical, with guidance on next steps. - Designed for integration with OpenClaw workflows and includes best practices for both users and skill authors.
Metadata
Slug jasonlai-security-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Security Audit by Jason?

Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use w... It is an AI Agent Skill for Claude Code / OpenClaw, with 247 downloads so far.

How do I install Security Audit by Jason?

Run "/install jasonlai-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Audit by Jason free?

Yes, Security Audit by Jason is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Security Audit by Jason support?

Security Audit by Jason is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security Audit by Jason?

It is built and maintained by ITHACAJASON (@ithacajason); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments