← 返回 Skills 市场
Skill Auditor
作者
aiwithabidi
· GitHub ↗
· v1.0.0
665
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install agxntsix-skill-auditor
功能描述
Security audit and quarantine system for third-party OpenClaw skills. Use when evaluating, reviewing, or installing any skill from ClawHub or external source...
使用说明 (SKILL.md)
Skill Auditor
Security gatekeeper for third-party skill installation. No skill gets installed without passing audit.
When to Use
- Before installing ANY skill from ClawHub or external sources
- When asked to review/evaluate a skill's safety
- When
clawhub installor similar installation is requested
Audit Workflow
1. Quarantine First
Never copy a skill directly to the production skills directory. Always quarantine first:
bash skills/skill-auditor/scripts/quarantine.sh /path/to/skill-source
This copies the skill to a temp directory, runs the full audit, and only allows installation if the risk score is CLEAN or LOW.
2. Manual Audit (Python Script Directly)
For inspection without the quarantine wrapper:
python3 skills/skill-auditor/scripts/audit_skill.py /path/to/skill-dir
Outputs JSON report to stdout. Add --human for formatted text output.
3. Interpreting Results
| Rating | Action |
|---|---|
| CLEAN | Safe to install |
| LOW | Safe, minor notes — review findings briefly |
| MEDIUM | Do NOT install without manual review of each finding |
| HIGH | Block installation — likely malicious patterns detected |
| CRITICAL | Block immediately — active threat indicators (exfil, prompt injection, obfuscated payloads) |
4. Exit Codes
0= CLEAN or LOW (safe)1= MEDIUM (needs review)2= HIGH or CRITICAL (blocked)
What Gets Scanned
- All files: inventory, sizes, suspicious file types
- Code: shell commands, network calls, env access, filesystem escape, obfuscation, dynamic imports
- SKILL.md: prompt injection patterns, permission scope requests
- Dependencies: requirements.txt / package.json flagged packages
- Encoding: base64 payloads, hex/unicode escapes, string manipulation tricks
References
references/known-patterns.md— catalog of real attack patterns from ClawHubreferences/prompt-injection-patterns.md— prompt injection signatures to detect
Important
If a skill scores MEDIUM or above, always show Abidi the full findings before taking any action. Never override or bypass the auditor. This is the last line of defense before untrusted code enters the system.
安全使用建议
This skill appears to implement a sensible local quarantine + scanner and does not demand credentials or download remote code, so it's reasonable to use. Before installing or enabling it automatically: 1) Manually review the audit output and the quarantine directory the first few times to ensure no report is being sent to unknown endpoints. 2) Confirm the ambiguous instruction to 'show Abidi the full findings' — identify who/where 'Abidi' is and whether that step is manual. 3) Resolve the documentation mismatch: SKILL.md claims automatic pre-install triggering but metadata has always:false; make sure auto-triggering is only enabled via explicit platform integration, not silently. 4) Run the scanner on a couple of known-good and known-bad sample skills to validate its detection thresholds and false-positive behavior. 5) If you plan to run audits automatically, run the auditor in an isolated environment (non-production account or container) until you have confidence in its rules. If you want, I can point out the specific lines in audit_skill.py and quarantine.sh you should inspect or run a simulated audit on a sample skill.
功能分析
Type: OpenClaw Skill
Name: agxntsix-skill-auditor
Version: 1.0.0
The OpenClaw AgentSkills skill bundle 'agxntsix-skill-auditor' is a security auditing system. All files, including `SKILL.md`, `scripts/quarantine.sh`, and `scripts/audit_skill.py`, are designed to detect malicious patterns in *other* skills, not to perform malicious actions themselves. The `audit_skill.py` script contains extensive regex patterns for identifying shell execution, network calls, environment variable access, filesystem traversal, obfuscation, prompt injection, and data exfiltration, which are all indicators of a robust security scanner. The `references/known-patterns.md` and `references/prompt-injection-patterns.md` files contain examples of malicious code and prompt injection techniques, but these are clearly documentation for the auditor, not instructions for the agent to execute. The `quarantine.sh` script implements a safe workflow for auditing and requires user confirmation before installing any skill. There is no evidence of intentional harmful behavior within this skill bundle; its purpose is entirely defensive.
能力评估
Purpose & Capability
Name/description match included artifacts: a quarantine shell script and a Python scanner are present and their behavior (copy into a temp directory, scan files, produce JSON/human reports, optionally copy to production skills dir) aligns with a 'Skill Auditor'. No unrelated credentials or external services are requested.
Instruction Scope
Runtime instructions direct the agent/operator to quarantine the skill and run the included scanner — scope is appropriate. Two items to note: (1) SKILL.md states it is 'Automatically triggered before any skill installation' whereas the registry metadata sets always:false (a mismatch to confirm). (2) SKILL.md contains an instruction to 'always show Abidi the full findings' — this is ambiguous (who/where is Abidi?) and implies a required human recipient; ensure this is intentional and not an exfil target.
Install Mechanism
No install spec / no external downloads. The package is instruction+scripts only and uses only local copy/scan operations. This is low-risk compared with skills that fetch remote code or run installers.
Credentials
No environment variables, credentials, or suspicious config paths are requested. The scanner itself looks for environment-access patterns in target skill code (appropriate for an auditor) but does not itself request secrets.
Persistence & Privilege
always:false (normal). The scripts can copy files into the production skills directory if the user consents during the quarantine workflow — expected for an installer/auditor. Confirm whether you want the 'Automatically triggered before any skill installation' behavior claimed in docs to be implemented, since that would require platform-side hooks or always:true.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agxntsix-skill-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/agxntsix-skill-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: quarantine/audit system for third-party OpenClaw skills. Static analysis, prompt injection detection, dependency typosquat checks, zero external dependencies.
元数据
常见问题
Skill Auditor 是什么?
Security audit and quarantine system for third-party OpenClaw skills. Use when evaluating, reviewing, or installing any skill from ClawHub or external source... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 665 次。
如何安装 Skill Auditor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agxntsix-skill-auditor」即可一键安装,无需额外配置。
Skill Auditor 是免费的吗?
是的,Skill Auditor 完全免费(开源免费),可自由下载、安装和使用。
Skill Auditor 支持哪些平台?
Skill Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Auditor?
由 aiwithabidi(@aiwithabidi)开发并维护,当前版本 v1.0.0。
推荐 Skills