← 返回 Skills 市场

Skill Audit Framework

Name: Skill Audit Framework
Author: enawareness

作者 LeoYann · GitHub ↗ · v1.2.0 · MIT-0

cross-platform ✓ 安全检测通过

153

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skill-audit-framework

功能描述

Structured security and quality audit framework for AI agent skills. Teaches you what to check before installing any skill.

安全使用建议

This skill is a prompt/template for performing manual-style audits and is internally consistent. Before using it: (1) ensure your agent performs read-only analysis of repositories and skill files and does not automatically execute installers or 'curl | bash' commands it finds, (2) verify any external repository links the auditor checks (confirm author identity and commit history yourself when possible), and (3) treat the auditor's PASS as guidance, not a guarantee—manually review code for high-privilege skills. If you want stricter guarantees, run audits from a sandboxed environment or a separate reviewer account that has no write or credential access.

功能分析

Type: OpenClaw Skill Name: skill-audit-framework Version: 1.2.0 The skill-audit-framework is a purely instructional 'prompt skill' designed to provide a structured security review methodology for AI agents. It contains no executable code, scripts, or external dependencies, and it does not request any sensitive permissions or environment variables. The content in SKILL.md and README.md is defensive in nature, teaching the agent to identify common malicious patterns like credential harvesting and unauthorized persistence in other skills.

能力评估

✓ Purpose & Capability

The name and description claim a review methodology and the SKILL.md contains a detailed audit checklist and report format. There are no declared env vars, binaries, or installs that would be unrelated to a review framework.

✓ Instruction Scope

The runtime instructions tell the agent to inspect skill files, provenance, permissions, and dependencies and to produce a structured report. That matches the stated purpose. The SKILL.md explicitly says the agent cannot execute audited code, and there are no instructions that tell the agent to run arbitrary installers, exfiltrate data, or access unrelated system paths.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files to drop on disk. That minimal footprint is appropriate for a review framework.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. The checklist asks auditors to verify other skills' requires.env entries, but this audit skill itself does not request sensitive values — which is proportionate.

✓ Persistence & Privilege

The skill does not request persistent presence (always:false), does not include install scripts, and does not instruct modifying system or other skills' configurations. It only defines how the agent should analyze other skills.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skill-audit-framework
安装完成后，直接呼叫该 Skill 的名称或使用 /skill-audit-framework 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.0

- Added a homepage field pointing to the official GitHub repository in SKILL.md. - Expanded metadata tags to include "trust". - No changes to the framework or audit methodology—documentation update only.

v1.1.1

- Removed a redundant "requires" section from the skill metadata in SKILL.md. - No changes to audit methodology, features, or usage instructions.

v1.1.0

- Updated framework description to clarify coverage for "AI agent skills," not just ClawHub/MCP. - Improved wording for broader applicability and clarity in the SKILL.md. - No changes to audit methodology or checklist content. - Documentation improvement; no functional changes.

v1.0.1

- Added a new README.md with documentation for the skill. - Updated SKILL.md with minor improvements and documentation alignment (no checklist or logic changes). - No functional changes to the audit framework itself.

v1.0.0

- Initial release of skill-audit-framework. - Provides a structured, checklist-based framework to manually audit ClawHub/MCP skills before installation. - Covers six key audit domains: identity/provenance, permissions, behavior, credential handling, persistence, and dependency chain. - Introduces a report template with domain verdicts (PASS/WARN/FAIL) and recommendations. - Emphasizes thorough review over automated scanning, detailing why manual security checks are essential.

元数据

Slug skill-audit-framework

版本 1.2.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题

Skill Audit Framework 是什么？

Structured security and quality audit framework for AI agent skills. Teaches you what to check before installing any skill. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 153 次。

如何安装 Skill Audit Framework？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-audit-framework」即可一键安装，无需额外配置。

Skill Audit Framework 是免费的吗？

是的，Skill Audit Framework 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Skill Audit Framework 支持哪些平台？

Skill Audit Framework 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Skill Audit Framework？

由 LeoYann（@enawareness）开发并维护，当前版本 v1.2.0。