← Back to Skills Marketplace
108
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install skill-diff-auditor
Description
Audits what changed between your installed skill and a pending update — flags new tool requests and risk changes before you approve. Free taster. Full audit...
Usage Guidance
This skill appears to do what it says: it reads your installed SKILL.md and fetches the remote SKILL.md on ClawHub, then compares tool lists and reports a verdict. Before installing or relying on it, consider these points:
- Blind spots: it only inspects SKILL.md. Updates that introduce new endpoints, credentials, or behaviors inside code files, scripts, or bundled assets will be missed — the free/lite version explicitly won't report new external endpoints. For high-risk environments, manually review the updated package or use tools that inspect code files, not just SKILL.md.
- Trust and provenance: registry metadata shows no homepage/source; verify the publisher (ordo-tech) and the ClawHub URLs used to fetch remote SKILL.md before trusting reports. An attacker could spoof or publish malicious SKILL.md on a registry under an unfamiliar account.
- Operational caution: do not rely solely on the free report for updates that add sensitive tools (exec, write, network access). If an update adds exec/write or similar, perform a thorough code review or use the 'full' audit capability the author advertises (or other auditing tools) before approving.
If you need higher assurance, request/require an auditor that scans all package files (not just SKILL.md) and validates remote content authenticity (signed releases or trusted publisher verification).
Capability Analysis
Type: OpenClaw Skill
Name: skill-diff-auditor
Version: 1.1.0
The skill-diff-auditor is a security-focused tool designed to audit changes between installed OpenClaw skills and pending updates. It uses the 'read' tool to access local skill definitions and 'web_fetch' to retrieve remote versions from clawhub.com for comparison. The logic is transparently aimed at identifying new tool requests (like 'exec' or 'write') and risk profile changes, as evidenced in the provided examples in SKILL-FULL.md. There is no evidence of data exfiltration, malicious execution, or prompt injection; the tiered 'Lite' and 'Full' versions are standard commercial offerings for security tooling.
Capability Assessment
Purpose & Capability
Name/description claim to diff an installed skill and its update; the SKILL.md explicitly requires only 'read' and 'web_fetch' and describes reading the installed SKILL.md and fetching the remote SKILL.md for comparison. These capabilities are proportional to the stated purpose.
Instruction Scope
The instructions are narrowly scoped to reading and diffing SKILL.md frontmatter, instruction body, and any URLs mentioned there. This is coherent, but a significant limitation: many skills embed endpoints or behavior in other files (code, scripts, bundled assets) that this auditor will not inspect. The free/lite variant explicitly does NOT report new external endpoints or full instruction diffs, creating a blind spot for exfiltration or hidden changes.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code executed at install time — lowest-risk install model and consistent with the stated behavior.
Credentials
No environment variables, no credentials, and no additional config paths are required. Requested access (read local SKILL.md and web_fetch remote SKILL.md) is proportionate to the task.
Persistence & Privilege
Not always-enabled; user-invocable and allows model invocation (platform default). It does not request persistent system-wide privileges, nor does it modify other skills' configs. Autonomous invocation is permitted by default but not combined with extra privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-diff-auditor - After installation, invoke the skill by name or use
/skill-diff-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Lite version: free taster. Full version in the ClawHub Security/Ops Pack on Gumroad.
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Diff Auditor?
Audits what changed between your installed skill and a pending update — flags new tool requests and risk changes before you approve. Free taster. Full audit... It is an AI Agent Skill for Claude Code / OpenClaw, with 108 downloads so far.
How do I install Diff Auditor?
Run "/install skill-diff-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Diff Auditor free?
Yes, Diff Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Diff Auditor support?
Diff Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Diff Auditor?
It is built and maintained by Ordo-tech (@ordo-tech); the current version is v1.1.0.
More Skills