← 返回 Skills 市场
2507
总下载
2
收藏
10
当前安装
3
版本数
在 OpenClaw 中安装
/install audit-code
功能描述
Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities
使用说明 (SKILL.md)
audit-code -- Project Code Security Review
Security-focused code review of project source code. Covers OWASP-style vulnerabilities, hardcoded secrets, dangerous function calls, and patterns relevant to AI-assisted development.
What to do
Run the auditor against the target path:
python3 "$SKILL_DIR/scripts/audit_code.py" "$ARGUMENTS"
If $ARGUMENTS is empty, default to $PROJECT_ROOT.
What it checks
- Hardcoded secrets -- API keys (AWS, GitHub, Stripe, OpenAI, Slack), tokens, private keys, connection strings, passwords
- Dangerous function calls -- eval, exec, subprocess with shell=True, child_process.exec, pickle deserialization, system(), gets(), etc.
- SQL injection -- String concatenation/interpolation in SQL queries
- Dependency risks -- Known hallucinated package names, unverified installations
- Sensitive files -- .env files committed to git, credential files in repo
- File permissions -- Overly permissive chmod patterns
- Exfiltration patterns -- Base64 encode + network send, DNS exfiltration, credential file reads
Output
Structured report with severity-ranked findings, file locations, and actionable remediation steps.
When to use
- Before committing or pushing code
- When reviewing third-party contributions or PRs
- As part of a periodic security audit of the codebase
- After AI-assisted code generation to verify no secrets or vulnerabilities were introduced
Advisory hooks
The repository's .claude/settings.json includes PreToolUse hooks that warn on
dangerous Bash and Write operations. These hooks are advisory only -- they
produce warnings but do not block execution.
- audit-code is the detection layer for source code security issues
- The hooks provide supplementary runtime warnings during agent operation
- To enforce blocking, hooks must return
{"decision": "block"}instead of warning messages
安全使用建议
This skill appears to be a legitimate local code auditor. Before running it: (1) review the bundled scripts yourself (they are included) to confirm behavior; (2) run it against a specific project path (the script requires a path — SKILL.md's claimed default is inaccurate); (3) run it as a non‑privileged user or inside a sandbox/container to avoid accidental scanning outside the intended repository; (4) be aware it will read files like .env and private keys (that is its purpose) but it does not contain obvious network/exfiltration code; and (5) if you plan to let other agents/tools invoke it, consider the implications of allowing Bash execution in the frontmatter even though model auto-invocation is disabled.
功能分析
Type: OpenClaw Skill
Name: audit-code
Version: 1.1.1
The bundle is a legitimate security auditing tool designed to perform static analysis on source code to identify vulnerabilities, hardcoded secrets, and supply chain risks. The core logic in `scripts/audit_code.py` and `scripts/patterns.py` uses an extensive database of regex patterns to detect modern attack vectors, including AI-specific prompt injections and MCP tool poisoning. While the tool performs network requests to PyPI and npm registries, these are functionally justified for verifying package legitimacy to prevent 'slopsquatting' or hallucinated dependency attacks, and no evidence of data exfiltration or malicious intent was found.
能力评估
Purpose & Capability
Name/description (code security review for secrets, dangerous calls, dependencies, permissions) align with included artifacts: a Python scanner (scripts/audit_code.py) and a pattern database (scripts/patterns.py). No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions tell the agent to run the included Python script against a target path and to use Bash/Read/Glob/Grep tools. The scanner legitimately reads repository files (including .env and key files) and checks permissions; this is expected. Minor inconsistency: SKILL.md claims 'If $ARGUMENTS is empty, default to $PROJECT_ROOT', but the script actually requires an explicit path and exits if none is provided. Also the frontmatter pre-approves Bash (allowed-tools includes Bash), which is functional here but is a capability that should be intentionally allowed.
Install Mechanism
No install spec or remote downloads; the skill is instruction+bundled code only. All code is included in the package (no external fetches or extract operations), which reduces install-time risk.
Credentials
The skill declares no required environment variables or credentials. The scanner will read repository files (including potential secret files) as part of its function; that file access is proportionate to an auditing tool and is not requesting unrelated secrets.
Persistence & Privilege
always is false and disable-model-invocation is true (skill cannot be auto-invoked by the model), and it does not request persistent system-wide changes. The only elevated capability in the frontmatter is allowing Bash execution when run; because model auto-invocation is disabled, the skill can only be run explicitly by a user.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install audit-code - 安装完成后,直接呼叫该 Skill 的名称或使用
/audit-code触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
- Expand pattern database from ~70 to 151 patterns across 15 categories
- Add 5 new categories: code_before_review, config_backdoor, memory_corruption, confused_delegation, persistence
- Add live package verification -- pip/npm install commands checked against PyPI/npm in real time
- Non-existent packages flagged CRITICAL (slopsquatting/hallucination detection)
- New coverage: reverse shells, cloud IMDS, env var hijacking, persistence mechanisms, dependency confusion, GitHub Actions poisoning, 16+ obfuscation techniques
- Document advisory hook behavior in SKILL.md
v1.1.0
- Added documentation of advisory PreToolUse hooks from .claude/settings.json that warn on dangerous Bash and Write operations.
- Clarified that these hooks are advisory only and do not block execution by default.
- Provided guidance on making hooks enforce blocking behavior.
- Made clear the relationship between audit-code as a detection layer and runtime advisory hooks.
v1.0.0
Initial release of audit-code – a security-focused code review skill.
- Scans project source code for hardcoded secrets, dangerous calls, and common vulnerabilities (OWASP-style).
- Detects risky patterns such as eval/exec, insecure SQL, dependency issues, and secrets in files.
- Produces a structured, severity-ranked report with file locations and remediation advice.
- Designed for pre-commit checks, security audits, and post–AI code generation validation.
- Use via CLI with optional path arguments; defaults to scanning the project root.
元数据
常见问题
Audit Code 是什么?
Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2507 次。
如何安装 Audit Code?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install audit-code」即可一键安装,无需额外配置。
Audit Code 是免费的吗?
是的,Audit Code 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Audit Code 支持哪些平台?
Audit Code 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Audit Code?
由 ItsNishi(@itsnishi)开发并维护,当前版本 v1.1.1。
推荐 Skills