← 返回 Skills 市场
0xraini

Skill Audit by Raini

作者 0xRaini · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
1030
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install raini-skill-audit
功能描述
Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks.
安全使用建议
This appears to be a legitimate local security scanner. Before installing: 1) Note SKILL.md mentions a 'check' command that the bundled CLI does not implement — treat that as a documentation mismatch. 2) The scanner uses simple regex heuristics and will produce false positives (and could miss sophisticated obfuscation); review flagged files manually. 3) When running 'scan --all' the tool will read all files in your skills directory — run it in a safe environment or with explicit paths if you're concerned about sensitive locations. 4) Because the skill can be invoked autonomously by the agent, consider whether you want it enabled for automatic runs; this is not a red flag by itself but be mindful of what paths the agent may instruct the skill to scan. 5) If you rely on its results for critical decisions, open the bundled src/audit.js and verify the detection rules and allowlist domains yourself (the code is short and readable).
功能分析
Type: OpenClaw Skill Name: raini-skill-audit Version: 1.0.0 This skill is a security scanner designed to detect malicious patterns in other OpenClaw skills. The `SKILL.md` clearly outlines its purpose and the types of risks it identifies (e.g., credential reading, data exfiltration, dynamic code execution). The `src/audit.js` file implements this scanner by using regular expressions to analyze the content of other skill files. While it performs file system access (`fs.readdirSync`, `fs.readFileSync`), this is strictly for reading the code of target skills, which is necessary for its stated security auditing function. There is no evidence of prompt injection, data exfiltration, or malicious execution by this skill itself; rather, it identifies these behaviors in *other* skills.
能力评估
Purpose & Capability
Name, package.json description, SKILL.md and the included src/audit.js implement a security scanner for OpenClaw skills. The code scans files and looks for credential references, network calls, and dynamic execution patterns — all are appropriate for a skill-audit tool. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md and the CLI instruct running the scanner against skill directories (e.g., ~/.openclaw/workspace/skills or a provided path), which is appropriate. However SKILL.md documents a '/skill-audit check <clawhub-slug>' command that is not implemented in src/audit.js (the CLI only supports 'scan'). Also the scanner will read any files in the target path (which is expected) and could report many heuristic hits; that behavior is normal for a file-scanner but worth knowing.
Install Mechanism
No install spec or remote downloads are included — this is an instruction-only/package-contained skill with the scanner source bundled. Nothing is fetched from external URLs at install time.
Credentials
No environment variables, credentials, or config paths are required. The code reads filesystem paths supplied by the user and uses process.env.HOME to locate the default workspace; that is proportionate to a scanner. It does not ask for unrelated secrets.
Persistence & Privilege
always is false and the skill does not request elevated persistence or modify other skills. disable-model-invocation is false (agent can call it autonomously) — appropriate for a utility skill. There is no evidence it alters agent/system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install raini-skill-audit
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /raini-skill-audit 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - Security scanner for OpenClaw skills
元数据
Slug raini-skill-audit
版本 1.0.0
许可证
累计安装 7
当前安装数 6
历史版本数 1
常见问题

Skill Audit by Raini 是什么?

Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1030 次。

如何安装 Skill Audit by Raini?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install raini-skill-audit」即可一键安装,无需额外配置。

Skill Audit by Raini 是免费的吗?

是的,Skill Audit by Raini 完全免费(开源免费),可自由下载、安装和使用。

Skill Audit by Raini 支持哪些平台?

Skill Audit by Raini 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Audit by Raini?

由 0xRaini(@0xraini)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论