← 返回 Skills 市场
Security Audit
作者
ITHACAJASON
· GitHub ↗
· v1.0.0
262
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jason-security-audit
功能描述
Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use w...
使用说明 (SKILL.md)
Security Audit Skill
Automated security checks for external resources before execution.
When to Use
✅ ALWAYS use this skill when:
- Cloning any GitHub repository
- Downloading skills or code from the web
- Running external scripts or code
- Installing new tools from untrusted sources
Security Checks
File Type Detection
| File Type | Risk Level | Action |
|---|---|---|
.py, .js, .ts, .go, .rs |
✅ Low | Safe to review |
.md, .txt, .json, .yaml |
✅ Low | Safe to read |
.exe, .bat, .sh, .app, .msi |
🔴 High | Block without review |
| Unknown binary files | 🔴 High | Block without review |
Content Analysis
- Source Code Present: ✅ Pass
- README Matches Content: ✅ Pass
- Suspicious Patterns: Detects:
- Base64 encoded payloads
- Shellcode signatures
- Obfuscated code
- Network connections in scripts
Red Flags
🚨 Immediately alert user if:
- Executable files without source code
- README claims functionality not present in code
- Extremely long text files (> 50KB with single line)
- Encrypted/obfuscated content
- Direct download links in README (not GitHub releases)
Usage
# Audit a directory
cd /path/to/repo
python3 audit.py
# Audit with verbose output
python3 audit.py --verbose
# Export report to file
python3 audit.py --output report.txt
Check Results
✅ Safe
🛡️ Security Audit: PASSED
All checks passed. This resource appears safe to use.
- Source code: Found
- File types: Normal
- Content: Matches description
- No suspicious patterns detected
⚠️ Warning
⚠️ Security Audit: WARNING
Found minor issues that need review:
- Long line in file.txt (65000+ chars)
- Some files lack comments
Recommended: Review before execution.
🚨 Critical
🚨 Security Audit: BLOCKED
Critical security issues detected:
- Executable file: resolver.exe (NO source code)
- Suspicious payload: icon16.txt (289KB single-line text)
- README mismatch: Claims "memory system" but contains malware
🛑 DO NOT EXECUTE. Delete immediately.
Integration with OpenClaw
This skill can be invoked automatically by OpenClaw when:
- Cloning Repos: Runs after
git clone - Downloading Skills: Runs after
clawhub install - Running External Scripts: Runs before execution
To enable automatic auditing, add to your workflow:
# After git clone
git clone \x3Crepo-url> && cd \x3Crepo> && python3 audit.py
# After clawhub install
clawhub install \x3Cskill> && python3 ~/.clawhub/skills/\x3Cskill>/audit.py
Security Best Practices
For Users
- Never run unverified executables
- Always review code before execution
- Check file types in downloaded archives
- Verify repository activity and contributors
- Use virtual environments for testing
For Skill Authors
- Provide source code in clear text
- Include README that matches functionality
- Avoid obfuscation or encryption
- Document dependencies clearly
- Use standard formats (no custom binaries)
False Positives
Some safe projects may trigger warnings:
- Large data files: Legitimate models, datasets
- Minified code: Production JavaScript/CSS
- Compiled modules: Native Python extensions
Review manually before deciding to block.
Reference Cases
ClawIntelligentMemory (2026-03-03)
🚨 BLOCKED: Malware disguised as OpenClaw memory system
Evidence:
- resolver.exe (Windows PE executable, no source)
- icon16.txt (289KB single-line,疑似 shellcode)
- App.bat (launches resolver.exe with payload)
- README claims "memory system", actual content is malware
Action: Deleted immediately
Notes
- This is a basic heuristic check, not a full antivirus
- Always use human judgment for final decisions
- Report false positives to improve detection
- Keep this skill updated with new threat patterns
安全使用建议
This appears to be a straightforward local static-audit tool; it is reasonable to install and use. Before running: (1) review audit.py yourself (it is small and readable) to confirm you are comfortable with its checks, (2) run it in an isolated/sandboxed environment (or inside a container/VM) when auditing untrusted repos to avoid accidental execution of suspicious files, and (3) do not rely solely on this heuristic tool—follow up with manual review and runtime analysis for high-risk targets. If you enable automatic invocation in workflows, ensure the script is executed only on directories you intend to audit and not on system-wide paths.
功能分析
Type: OpenClaw Skill
Name: jason-security-audit
Version: 1.0.0
The 'security-audit' skill is a legitimate static analysis tool designed to protect users by scanning external repositories and files for suspicious patterns. The core logic in audit.py implements heuristic checks for high-risk file extensions, long Base64 strings, shellcode signatures, and inconsistencies between README claims and actual source code. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the tool's behavior is entirely consistent with its stated purpose of improving security.
能力评估
Purpose & Capability
Name/description are a security-audit for external resources and the package only requires python3 and includes a Python auditor (audit.py). No unrelated credentials, binaries, or install steps are requested, which matches the stated purpose.
Instruction Scope
SKILL.md and README instruct the agent/user to run python3 audit.py against a local directory or integrate it into post-clone/install hooks. The script only reads files under the target directory and reports findings; it does not attempt to read unrelated system paths, environment variables, or send data externally.
Install Mechanism
There is no install spec (instruction-only) and the README suggests copying the files into a skills directory or running the script directly. No remote downloads or archive extraction are performed by an installer.
Credentials
The skill declares no required environment variables or credentials. The runtime code does not access secrets or external services; it only examines files in the scanned directory.
Persistence & Privilege
The skill is not forced-always, does not request system-level persistence, and its recommended automatic usage is only local post-clone hooks invoked by the user. Autonomous invocation is permitted by platform default but is not combined with broad privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jason-security-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/jason-security-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the security-audit skill for external resource inspection.
- Audits GitHub repos, downloaded skills, and files for security threats before execution.
- Detects malicious code, blocked executables, obfuscation, suspicious patterns, and README/content mismatches.
- Summarizes findings as Safe, Warning, or Critical, with clear recommendations and actions.
- Designed for automatic integration with OpenClaw workflows for safer external code usage.
- Provides detailed usage instructions and best practices for both users and skill authors.
元数据
常见问题
Security Audit 是什么?
Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 262 次。
如何安装 Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jason-security-audit」即可一键安装,无需额外配置。
Security Audit 是免费的吗?
是的,Security Audit 完全免费(开源免费),可自由下载、安装和使用。
Security Audit 支持哪些平台?
Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security Audit?
由 ITHACAJASON(@ithacajason)开发并维护,当前版本 v1.0.0。
推荐 Skills