← 返回 Skills 市场
Skill Audit
作者
yoborlon-alpha
· GitHub ↗
· v1.0.0
· MIT-0
135
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install claw-skill-audit
功能描述
Automatically audits newly installed skills to validate structure, security, and health before activation, preventing broken or malicious skills from running.
使用说明 (SKILL.md)
skill-audit
Newly installed OpenClaw skill safety inspector & audit tool.
Purpose
Automatically audit newly installed skills before activation. Validates structure, security, and basic health to prevent broken or malicious skills from affecting the system.
When to Use
- After installing a new skill from ClawHub
- Before enabling a skill for the first time
- When debugging a malfunctioning skill
- As part of routine skill maintenance
What It Checks
1. Structure Validation
SKILL.mdexists and is readable- Required fields present:
name,description,location - No broken internal links or references
2. Security Scan
- No hardcoded secrets, API keys, or credentials
- No suspicious external network calls (untrusted URLs)
- File permissions safe (no world-writable scripts)
3. Health Check
- Skill directory accessible
- No circular imports or broken references
- Basic syntax validity of SKILL.md
Usage
skill-audit \x3Cskill-path>
Example:
skill-audit ~/.openclaw/skills/my-new-skill
skill-audit /workspace/skills/awesome-skill
Output
- PASS -- Skill passes all checks
- WARN -- Minor issues found (non-blocking)
- FAIL -- Critical issues found (blocking)
- INFO -- Informational notes
Notes
- Run as part of your installation workflow, not just when things break
- Combine with clawhub skill for full install -> audit -> enable flow
安全使用建议
This skill appears to do what it says: a local, read-only audit of a skill directory. Before running: (1) inspect audit.sh yourself (it's short and readable); (2) run it against a copy of the target skill or a non-sensitive test directory to avoid accidentally printing any secrets to your terminal; (3) remember the script only scans files under the provided path — do not point it at system or home directories; (4) be aware of minor bugs that may miss issues or produce false positives, so treat results as advisory and follow up with manual review for any WARN/FAIL output.
功能分析
Type: OpenClaw Skill
Name: claw-skill-audit
Version: 1.0.0
The skill is a security auditing utility designed to inspect other OpenClaw skills for structural integrity and basic security flaws. The core logic in `audit.sh` uses standard tools like grep and find to check for hardcoded secrets (API keys, private keys), insecure file permissions, and missing documentation, with no evidence of data exfiltration or malicious intent.
能力评估
Purpose & Capability
Name, description, SKILL.md, and the included audit.sh are consistent: the skill is an on-disk auditor for other skills. It declares no env vars, binaries, or install steps that would be unrelated to this purpose.
Instruction Scope
SKILL.md instructs running the provided audit script against a target skill path. The script only reads files under the given directory, searches for common secret patterns, checks permissions, and reports results — it does not perform network exfiltration or require external services. Note: there are minor implementation bugs (a grep regex with a negative lookahead that standard grep -E may not support, and a shebang-detection loop that runs in a subshell so its flag may not be observable afterwards) which can produce false negatives/positives; these are quality issues rather than malicious behavior.
Install Mechanism
No install spec is provided and the package is instruction-only with a single shell script included. No remote downloads, archives, or package installs occur. Risk from installation is low.
Credentials
The skill requires no environment variables, no credentials, and no config paths. The script does not read or require sensitive system credentials.
Persistence & Privilege
always is false and the skill contains no code to persistently modify agent configuration or enable itself. It runs only when invoked and does not request elevated or persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install claw-skill-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/claw-skill-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish
元数据
常见问题
Skill Audit 是什么?
Automatically audits newly installed skills to validate structure, security, and health before activation, preventing broken or malicious skills from running. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 135 次。
如何安装 Skill Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install claw-skill-audit」即可一键安装,无需额外配置。
Skill Audit 是免费的吗?
是的,Skill Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Audit 支持哪些平台?
Skill Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Audit?
由 yoborlon-alpha(@yoborlon-alpha)开发并维护,当前版本 v1.0.0。
推荐 Skills