← Back to Skills Marketplace
permission-auditor
by
jpengcheng523-netizen
· GitHub ↗
· v1.0.0
· MIT-0
151
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install jpeng-permission-auditor
Description
Audit tool usage patterns and permissions to identify security risks and excessive access. Use when you need to review tool usage, check for permission issue...
README (SKILL.md)
Permission Auditor
Review tool usage and permissions.
Usage
const { auditToolUsage, checkPermissions, generateReport } = require('./skills/permission-auditor');
// Audit tool usage from logs
const audit = auditToolUsage(toolLogs);
// Check if permissions are excessive
const issues = checkPermissions(requiredPermissions, grantedPermissions);
// Generate security report
const report = generateReport(audit);
CLI
node skills/permission-auditor/index.js demo
Features
- Tool usage pattern analysis
- High-risk operation detection
- Permission scope verification
- Security recommendations
- Audit report generation
Usage Guidance
This skill appears to be an honest permission-auditing utility: its code analyzes logs and permission lists and returns reports. Before installing, note the packaging/instruction mismatches (SKILL.md points to a 'skills/' subfolder while the code is at the repo root, and package.json references a main() that isn't exported). These are likely benign mistakes but will break the example CLI/test commands. Recommended steps: (1) review the full index.js to confirm there are no hidden network/file operations (the visible code is local and safe); (2) run it in an isolated environment (or inspect/run the demo function) rather than granting any credentials; (3) if you plan to use it long-term, fix the module paths or exports (export a main/demo function or update SKILL.md) so behavior is explicit. If you need higher assurance, request the author clarify file layout and provide a build/install script or tests that demonstrate expected behavior.
Capability Analysis
Type: OpenClaw Skill
Name: jpeng-permission-auditor
Version: 1.0.0
The permission-auditor skill is a security tool designed to analyze tool usage logs and permission sets for potential risks. It identifies patterns like high 'exec' usage, excessive permissions, and wildcard access, providing a security score and recommendations. The implementation in index.js is purely analytical, contains no external network calls or file system modifications, and aligns perfectly with its stated purpose.
Capability Assessment
Purpose & Capability
The name, description, and included code implement permission and tool-usage auditing (analyzing logs, flagging excessive permissions, generating reports). The required capabilities (none) are proportional to the stated purpose.
Instruction Scope
SKILL.md shows usage examples that require modules at './skills/permission-auditor' and a CLI path 'node skills/permission-auditor/index.js demo', but the package contains index.js at the repository root (no 'skills/' subfolder). package.json test script calls require('./index.js').main(), but the source provides a demo() function and appears not to export a main() function. This is a packaging / doc mismatch (likely a benign packaging error) but means the supplied instructions/CLI may not work as written.
Install Mechanism
There is no install spec and no downloads or external installers. The skill is instruction + a local JS file only, which minimizes install-time risk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code likewise does not read environment variables, network endpoints, or attempt to access system credentials.
Persistence & Privilege
The skill is not forced-always and does not request persistent system privileges. Autonomous invocation is allowed by default (platform normal), but the skill itself does not attempt to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install jpeng-permission-auditor - After installation, invoke the skill by name or use
/jpeng-permission-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Permission Auditor.
- Analyze tool usage patterns and detect high-risk operations.
- Verify permission scopes to identify excessive or risky access.
- Generate security audit reports with actionable recommendations.
- Includes both JavaScript API and CLI usage instructions.
Metadata
Frequently Asked Questions
What is permission-auditor?
Audit tool usage patterns and permissions to identify security risks and excessive access. Use when you need to review tool usage, check for permission issue... It is an AI Agent Skill for Claude Code / OpenClaw, with 151 downloads so far.
How do I install permission-auditor?
Run "/install jpeng-permission-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is permission-auditor free?
Yes, permission-auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does permission-auditor support?
permission-auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created permission-auditor?
It is built and maintained by jpengcheng523-netizen (@jpengcheng523-netizen); the current version is v1.0.0.
More Skills