← 返回 Skills 市场
3763
总下载
4
收藏
33
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-audit
功能描述
Audit locally installed agent skills for security/policy issues using the SkillLens CLI (`skilllens scan`, `skilllens config`). Use when asked to scan a skills directory (Codex/Claude) and produce a risk-focused audit report based on each skill's `SKILL.md` and bundled resources.
安全使用建议
Before installing, verify that the SkillLens package is the one you intend to trust, prefer one-off or pinned use over global installation, scan a specific skills directory instead of broad configured roots, and use optional auditor CLIs only for content you are comfortable sharing with those tools.
功能分析
Type: OpenClaw Skill
Name: skill-audit
Version: 1.0.0
This skill is designed to audit other agent skills for security and policy issues using the `skilllens` CLI tool. The `SKILL.md` provides clear, security-focused instructions for the AI agent on how to install and use `skilllens scan`, and explicitly details what types of risks (exfiltration, execution, persistence, prompt injection) the agent should look for in *other* skills. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection against the agent within this skill's own definition. The instructions are aligned with its stated purpose as a security auditing tool.
能力评估
Purpose & Capability
The artifact coherently describes a security audit workflow for locally installed agent skills using SkillLens, and its commands and review checklist match that purpose.
Instruction Scope
The instructions prefer a concrete scan path, require manual review of skill contents, and explicitly say not to execute bundled scripts by default.
Install Mechanism
The skill recommends `npx skilllens scan`, `pnpm dlx skilllens scan`, or a global `pnpm add -g skilllens`; this is purpose-aligned but depends on an external package and is not version-pinned.
Credentials
Reading local skill directories is expected for an audit tool, but users should keep scan scope specific and understand that optional Claude/Codex auditor modes may process scanned content.
Persistence & Privilege
No automatic persistence or privileged modification is present; the only persistent behavior is the user-directed option to globally install the SkillLens CLI.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the skills-audit tool using SkillLens.
- Audits locally installed agent skills for security and policy issues via the SkillLens CLI.
- Provides clear workflow for scanning skills directories, reviewing risks, and generating risk-focused audit reports.
- Details risk patterns to watch for, such as exfiltration, shell execution, persistence, and prompt injection.
- Includes practical command usages and guidance for both quick scans and in-depth manual reviews.
- Offers report structure suggestions for actionable, evidence-based audit results.
元数据
常见问题
SkillLens Audit 是什么?
Audit locally installed agent skills for security/policy issues using the SkillLens CLI (`skilllens scan`, `skilllens config`). Use when asked to scan a skills directory (Codex/Claude) and produce a risk-focused audit report based on each skill's `SKILL.md` and bundled resources. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3763 次。
如何安装 SkillLens Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-audit」即可一键安装,无需额外配置。
SkillLens Audit 是免费的吗?
是的,SkillLens Audit 完全免费(开源免费),可自由下载、安装和使用。
SkillLens Audit 支持哪些平台?
SkillLens Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SkillLens Audit?
由 morozRed(@morozred)开发并维护,当前版本 v1.0.0。
推荐 Skills