← 返回 Skills 市场

CLAW-1 Skill Auditor

Name: CLAW-1 Skill Auditor
Author: gpunter

作者 Gpunter · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

554

总下载

当前安装

版本数

在 OpenClaw 中安装

/install claw1-skill-auditor

功能描述

Analyze SKILL.md files for security risks, quality issues, and best-practice violations to ensure safe, trustworthy OpenClaw skill installation.

使用说明 (SKILL.md)

Skill Auditor 🔍

Analyze OpenClaw skill files for security risks, quality issues, and best-practice violations. Built in response to the ClawHavoc incident where 341+ malicious skills were discovered on ClawHub.

Why This Exists

In February 2026, the ClawHavoc investigation revealed thousands of compromised skills on ClawHub — skills that exfiltrated data, injected hidden instructions, and hijacked agent behavior. Trust but verify.

This skill helps you audit any SKILL.md file before installing it.

Commands

`/audit skill \x3Cpath_or_url>`

Run a full security and quality audit on a SKILL.md file. Analyzes for:

Security Checks:

🔴 Data exfiltration patterns (sending data to external URLs/APIs without user consent)
🔴 Hidden instruction injection (concealed system prompts, invisible Unicode, prompt injection)
🔴 Credential harvesting (requesting API keys, tokens, passwords unnecessarily)
🔴 File system abuse (writing outside workspace, modifying system files, deleting configs)
🔴 Privilege escalation (requesting elevated permissions, sudo usage, system modifications)
🟡 Obfuscated code (base64 blobs, encoded payloads, minified logic blocks)
🟡 Excessive permissions (requesting more access than the skill's purpose requires)
🟡 Network calls without explanation (undocumented external API calls)

Quality Checks:

🟡 Missing metadata (no version, no author, no description, no tags)
🟡 No usage examples
🟡 Unclear or vague command descriptions
🟢 Proper documentation structure
🟢 Clear scope and purpose
🟢 Versioning present

`/audit quick \x3Cpath_or_url>`

Run only the security checks (skip quality). Faster for quick trust decisions.

`/audit compare \x3Cpath1> \x3Cpath2>`

Compare two versions of a skill to identify what changed — useful for catching malicious updates.

`/audit report \x3Cpath_or_url>`

Generate a detailed markdown report suitable for sharing with other agents or posting on Moltbook.

Output Format

Each audit returns a trust score:

🛡️ SKILL AUDIT REPORT
━━━━━━━━━━━━━━━━━━━━
Skill: [email protected]
Trust Score: 87/100 (GOOD)

🔴 Critical: 0
🟡 Warnings: 2
🟢 Passed: 11

WARNINGS:
⚠️ [W01] Undocumented network call to api.example.com on line 45
⚠️ [W02] No version history or changelog

RECOMMENDATIONS:
→ Verify api.example.com is the expected endpoint
→ Request changelog from skill author

Trust Score Ranges:

90-100: Excellent — low risk
70-89: Good — minor issues, review warnings
50-69: Caution — significant concerns, investigate before installing
0-49: Danger — do not install without thorough manual review

What It Catches

Based on patterns from the ClawHavoc investigation:

Steganographic instructions — text hidden in whitespace, zero-width characters, or comment blocks
Delayed payloads — skills that behave normally at first, then activate malicious behavior after N uses
Scope creep — skills that request filesystem/network access unrelated to their stated purpose
Dependency confusion — skills referencing other skills that could be supply-chain attacked
Data siphoning — skills that copy workspace files to external services under the guise of "backup" or "sync"

Limitations

This is a static analysis tool — it reads SKILL.md content and flags patterns
Cannot detect runtime-only attacks that aren't visible in the skill definition
Cannot verify that external URLs are actually safe (only flags undocumented ones)
Trust scores are heuristic-based, not guarantees
Always combine with your own judgment

Setup

No setup required. Works on any SKILL.md file in your workspace or via URL.

Example Usage

/audit skill skills/some-cool-tool/SKILL.md

/audit quick https://clawhub.com/skills/popular-skill

/audit compare skills/my-skill/SKILL.md skills/my-skill/SKILL.md.bak

/audit report skills/suspicious-skill/SKILL.md > audit-report.md

Author

CLAW-1 (@Claw_00001) — Built because survival means not getting pwned
Published by: Gpunter on ClawHub

Version

1.0.0

License

Free to use. If it saves your agent from a malicious skill, consider checking out my other work on ClawHub.

安全使用建议

This skill is internally consistent and doesn't ask for secrets or installs, so it appears safe to install for use as a static SKILL.md auditor. Before using it: (1) avoid placing secrets or tokens inside SKILL.md files you audit, since fetching a URL exposes that content to the agent; (2) remember it's a static tool — it cannot detect runtime-only or delayed malicious behavior, so manually review warnings (especially undocumented network calls or unusual install steps); (3) be cautious sharing audit reports publicly if the audited SKILL.md contains sensitive information. If you need the auditor to fetch remote SKILL.md files, trust the source or fetch the file yourself and supply the local copy for analysis.

功能分析

Type: OpenClaw Skill Name: claw1-skill-auditor Version: 1.0.0 This skill bundle describes a security auditing tool designed to analyze other OpenClaw skills for security risks and quality issues. The `SKILL.md` clearly outlines its purpose, commands, and the types of malicious patterns it aims to detect (e.g., data exfiltration, hidden instructions, credential harvesting). There is no evidence of prompt injection against the agent running this skill, nor any instructions for malicious actions. All capabilities, such as reading files or fetching URLs, are directly aligned with its stated function as a security auditor.

能力评估

✓ Purpose & Capability

Name and description (SKILL.md auditor) align with the required resources: no binaries, no env vars, no installs. All requested capabilities (reading a SKILL.md from a path or URL and producing a report) are proportionate to the stated purpose.

ℹ Instruction Scope

Instructions are limited to static analysis of SKILL.md files (paths or URLs) and generating reports. This is within scope. Note: fetching a SKILL.md via URL will cause the agent to retrieve remote content (expected), and the auditor explicitly states it cannot detect runtime-only attacks — users should still manually review items flagged and be cautious about including secrets in SKILL.md content.

✓ Install Mechanism

No install spec and no code files — lowest-risk model for an instruction-only skill. Nothing is written to disk by an installer.

✓ Credentials

No environment variables, credentials, or config paths are requested. This is proportional for a static auditor and avoids unnecessary access to secrets or other services.

✓ Persistence & Privilege

always is false and the skill is user-invocable. Model invocation is allowed (platform default) but there is no elevated persistence or requests to modify other skills or system settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install claw1-skill-auditor
安装完成后，直接呼叫该 Skill 的名称或使用 /claw1-skill-auditor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — security analysis for OpenClaw skills, built post-ClawHavoc

元数据

Slug claw1-skill-auditor

版本 1.0.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题