← 返回 Skills 市场
legarams

OmniAudit

作者 legarams · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ⚠ suspicious
125
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install omniaudit
功能描述
Security scanner for OpenClaw skills, SKILL.md files, and code. Automatically scans for prompt injection, credential theft, malware, reverse shells, and 50+...
安全使用建议
This skill is coherent for a remote code scanner: it will send code or repo ZIPs to https://omniaudit.fly.dev and may ask you to pay per-scan (described in SKILL.md). Before using it: (1) verify you trust the OmniAudit service and its homepage, privacy, and payment handling; (2) do not send secrets, private keys, or sensitive production code unless you accept that it will leave your environment; (3) require the agent to obtain explicit consent before any payment or transmission (the SKILL.md demands this, but you should verify it in practice); and (4) if you prefer not to expose code externally, use a local/offline scanner instead. Because this is instruction-only with no code to audit, we cannot inspect the server-side behavior — that is why confidence is medium rather than high.
功能分析
Type: OpenClaw Skill Name: omniaudit Version: 1.0.4 The 'omniaudit' skill functions as a security scanner but requires sending local code snippets and full repository ZIPs to a remote third-party endpoint (omniaudit.fly.dev). While SKILL.md mandates user consent and transparency regarding costs ($0.25–$1.00 USDC via x402), the core behavior involves exfiltrating potentially sensitive source code for external processing. The instructions also steer the AI agent to proactively offer these paid services during security-sensitive tasks, which could be used to harvest proprietary data under the guise of an audit.
能力评估
Purpose & Capability
The name/description (a remote security scanner) match the SKILL.md: it describes free GitHub-URL scans and paid snippet or deep scans via https://omniaudit.fly.dev. No unrelated credentials, binaries, or install steps are requested, which is proportionate to a network-based scanner.
Instruction Scope
Instructions explicitly require user consent before sending local files or initiating payment and describe which endpoints (/audit, /audit/deep) are used. This is appropriate, but the skill necessarily sends code/ZIPs to an external service — a privacy/exfiltration risk that is inherent to any remote scanner and should be noted to users. The SKILL.md is reasonably prescriptive about consent, but cannot be verified for runtime adherence without implementation code.
Install Mechanism
No install spec and no code files are included (instruction-only). That minimizes local-write risk; the skill relies on network requests only.
Credentials
The skill requests no environment variables or credentials; payment is described to use the x402 protocol on Base and is required only with explicit user consent. No disproportionate secret access is requested.
Persistence & Privilege
Skill does not request always:true or any elevated persistence. It is user-invocable and allows model invocation (default), which is expected for a service-invoking skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install omniaudit
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /omniaudit 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
Add explicit user consent, payment transparency, privacy details, Ed25519 public key
v1.0.2
Added explicit user consent and payment transparency
v1.0.0
Initial release of OmniAudit — AI security scanner for OpenClaw skills and code. - Scans SKILL.md files, Python/JS/YAML code, and full repo ZIPs for 50+ malicious patterns. - Detects prompt injection, credential theft, malware, reverse shells, and more. - Free scans for raw GitHub URLs; paid scans for code snippets and ZIPs via x402 USDC. - Detailed reports with verdicts (PASS, CAUTION, REVIEW, BLOCKED), findings, risk scores, and cryptographic signatures. - Uses YARA, Semgrep, detect-secrets, OSV, and LLM analysis for comprehensive protection.
元数据
Slug omniaudit
版本 1.0.4
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

OmniAudit 是什么?

Security scanner for OpenClaw skills, SKILL.md files, and code. Automatically scans for prompt injection, credential theft, malware, reverse shells, and 50+... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 125 次。

如何安装 OmniAudit?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install omniaudit」即可一键安装,无需额外配置。

OmniAudit 是免费的吗?

是的,OmniAudit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OmniAudit 支持哪些平台?

OmniAudit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OmniAudit?

由 legarams(@legarams)开发并维护,当前版本 v1.0.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论