← 返回 Skills 市场

Agent Audit Scanner

Name: Agent Audit Scanner
Author: headyzhang

作者 Heady · GitHub ↗ · v0.1.0

darwinlinuxwindows ✓ 安全检测通过

316

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-audit-scanner

功能描述

Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfusca...

使用说明 (SKILL.md)

Agent Audit Scanner — Security Scanning for OpenClaw Skills

You are a security auditor. Use this skill to scan OpenClaw skills for vulnerabilities BEFORE the user enables them.

When to Trigger

New skill installed — scan before confirming it's ready.
User asks about safety — "is this skill safe?", "audit this skill", etc.
/audit command — /audit (all) or /audit \x3Cskill-name>.
Bulk audit — "audit all skills", "check my skills".

Setup (first-time only)

pip install agent-audit && agent-audit --version

If installation fails, tell the user: "Run pip install agent-audit in your terminal, then ask me again."

How to Scan a Single Skill

Run the scan script bundled with this skill:

python3 {baseDir}/scripts/scan-skill.py "\x3Cpath-to-skill-directory>"

Or use agent-audit directly:

agent-audit scan "\x3Cpath-to-skill-directory>" --format json

Common skill locations:

Workspace skills: ~/.openclaw/workspace/skills/\x3Cskill-name>/
Managed skills: ~/.openclaw/skills/\x3Cskill-name>/

How to Scan All Skills

python3 {baseDir}/scripts/scan-all-skills.py

This discovers and scans every skill in ~/.openclaw/workspace/skills/ and ~/.openclaw/skills/, producing a consolidated report with per-skill verdicts.

How to Audit OpenClaw Config

python3 {baseDir}/scripts/check-config.py

Checks ~/.openclaw/openclaw.json and .mcp.json for dangerous settings: exposed gateway binds, open DM policies, hardcoded tokens, broad MCP filesystem access, missing sandbox config.

Interpreting Results

Findings have three severity tiers:

BLOCK (confidence >= 0.92): DO NOT enable. Warn the user. Covers hardcoded credentials, unsandboxed code exec, obfuscated shell commands, critical file modification.
WARN (0.60-0.91): Inform the user and let them decide. Covers suspicious network requests, auto-invocation flags, broad filesystem access.
INFO (0.30-0.59): Mention briefly. Low-confidence, usually safe patterns.
CLEAN (0 findings): Confirm safe to enable.

What Gets Scanned

Scripts (py/sh/js/ts), all text files for credentials, *.mcp.json for MCP misconfigs, SKILL.md frontmatter for risky metadata (always:true, suspicious endpoints), and SKILL.md body for obfuscated shell commands and social engineering. See references/owasp-asi-mapping.md for the full 56-rule mapping across all 10 OWASP ASI categories.

Important Notes

Always scan BEFORE enabling a skill, never after.
If the scan fails, recommend manual review.
Never skip scanning because a skill is popular. The #1 ClawHub skill was found to be malware.
Any skill that modifies SOUL.md, AGENTS.md, MEMORY.md, or IDENTITY.md is BLOCK-level regardless of confidence.

安全使用建议

This skill appears to do what it claims (scan installed skills and OpenClaw config). Before installing or running it: (1) review the upstream 'agent-audit' project (SKILL.md frontmatter points at https://github.com/HeadyZhang/agent-audit) and confirm you trust the PyPI package name, since the scripts will pip-install and run that tool; (2) recognize the scanner needs read access to ~/.openclaw/skills/** and ~/.openclaw/openclaw.json — check you are comfortable granting that; (3) running the scripts may install packages (network fetch) and will execute an external CLI (ensure no malicious 'agent-audit' is present earlier on PATH); (4) if you want extra safety, run the scanner from an isolated environment (VM/container) or inspect the agent-audit source locally before allowing the skill to auto-install it; (5) note a minor metadata inconsistency: registry metadata showed no homepage/source but SKILL.md includes a GitHub URL — verify that ownership/source are what you expect.

功能分析

Type: OpenClaw Skill Name: agent-audit-scanner Version: 0.1.0 The 'agent-audit-scanner' bundle is a security tool designed to audit OpenClaw skills and configurations for vulnerabilities. It requires broad read access to the filesystem (~/.openclaw/) and performs a 'pip install' of its core dependency (agent-audit), but these actions are explicitly declared and necessary for its stated purpose. The scripts (scripts/check-config.py, scripts/scan-skill.py) focus on local analysis of JSON configs and skill metadata without any evidence of data exfiltration, unauthorized network communication, or persistence mechanisms.

能力评估

✓ Purpose & Capability

Name/description (security scanner for OpenClaw skills) aligns with required binaries (python3), declared file_reads (~/.openclaw/skills/** and ~/.openclaw/openclaw.json) and the bundled scripts which discover and scan skill directories. Reading those paths is expected for this purpose.

ℹ Instruction Scope

SKILL.md and bundled scripts instruct the agent to read all managed/workspace skills and the OpenClaw config, run the bundled Python scripts, and invoke the external 'agent-audit' CLI. All of these are within scope for a scanner, but the instructions also tell the agent to install/run an external PyPI package ('agent-audit') if missing, which introduces a network fetch and external-code execution step that users should be aware of.

ℹ Install Mechanism

There is no registry install spec, but the scripts will try to install 'agent-audit' via pip at runtime. Installing from PyPI is a reasonable design choice for a wrapper, but it is a moderate-risk action (network fetch, arbitrary package code). The bundled code itself does not download arbitrary archives or write unknown binaries to nonstandard locations.

✓ Credentials

The skill declares no required environment variables or credentials and the scripts do not request or exfiltrate secrets. The scanner inspects OpenClaw config files for hardcoded secrets but does not transmit them anywhere. The requested file reads are proportional to the scanning purpose.

✓ Persistence & Privilege

always is false, persistence false, and the skill does not request system-wide writes or modify other skills' configs. Autonomous invocation is marked restricted in SKILL.md; nothing indicates the skill will persist or gain elevated privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-audit-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-audit-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release of agent-audit-scanner security tool for OpenClaw skills. - Scans skills for vulnerabilities across all 10 OWASP Agentic AI threat categories using 49+ detection rules. - Detects prompt injection, credential leaks, unsafe code execution, misconfigurations, privilege escalation, obfuscated commands, and social engineering patterns. - Provides step-by-step scanning commands for individual skills, all skills, and OpenClaw configuration checks. - Reports findings with severity tiers: BLOCK, WARN, INFO, and CLEAN. - Includes clear guidance for interpreting scan results and best practices for safe use.

元数据

Slug agent-audit-scanner

版本 0.1.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题