← 返回 Skills 市场
97
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install skill-integrity-auditor
功能描述
Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri...
安全使用建议
This skill is instruction-only and appears coherent for auditing skill bundles: it will read the skill files and any referenced resources (which is expected). It does not ask for credentials or install code. Two things to consider before installing: (1) the SKILL.md enforces a language-locking rule and forces the final-line verdict to be in Chinese regardless of detected language — if you need outputs in another language or transparent language-reporting, review or edit that rule; (2) because the auditor operates on the whole bundle, review the full SKILL.md to confirm it does not instruct reading system files, environment variables, or reaching out to external hosts you don’t expect. If you want extra caution, ask for the full SKILL.md text and a walkthrough of any file-reading/network steps the auditor will perform.
功能分析
Type: OpenClaw Skill
Name: skill-integrity-auditor
Version: 0.1.8
The bundle defines a comprehensive security auditing framework designed to evaluate other OpenClaw skill bundles for vulnerabilities and malicious behavior. It establishes a detailed taxonomy for detecting risks such as remote code execution (EXE), credential theft (CRED), and data exfiltration (NET), along with a scoring system (C×R×I×B). While the instructions in Skill.md are highly prescriptive regarding output formatting and language handling, they are entirely consistent with the stated purpose of a security tool and do not contain any indicators of malicious intent, unauthorized data access, or persistence mechanisms.
能力评估
Purpose & Capability
The skill declares it audits whole skill bundles and the SKILL.md instructs the agent to operate on SKILL.md plus referenced scripts/resources. No unrelated binaries, env vars, or installs are requested — this is proportional to an auditor.
Instruction Scope
The SKILL.md contains detailed classification rules and explicitly instructs the agent to read the skill bundle (expected). It also enforces a language-detection/locking rule and requires the single final-line verdict always be in Chinese, which is a presentation constraint (not a direct security risk) but could be surprising or disruptive to users. Review the full SKILL.md to confirm there are no hidden directives that request system-wide file reads, env access, or network calls; the provided excerpt shows no such red flags.
Install Mechanism
No install spec, no code files, and no downloads — lowest-risk installation model for a skill.
Credentials
No required environment variables, credentials, or config paths are declared. The auditor's stated need to read the skill bundle is consistent with no additional secret access.
Persistence & Privilege
The skill is not always-enabled, does not request persistence or modify other skills, and allows normal autonomous invocation settings. No elevated persistence privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-integrity-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-integrity-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.8
skill-integrity-auditor 0.1.8
- Updated version number to 0.1.8 in SKILL.md.
- No logic, taxonomy, or scoring changes; documentation and internal references remain the same.
v0.1.7
**Final verdict language change for audit results.**
- The result verdict (last line, §7) is now always output in Chinese, regardless of detected language.
- All intermediate output remains in the detected language; only the final verdict is forced to Chinese.
- Clarified language rules and output behavior in documentation.
v0.1.2
- Introduced a comprehensive audit evaluation core with separate classification and severity scoring layers.
- Output language is now auto-detected from the user’s message and used exclusively throughout each run.
- Expanded classification taxonomy: each finding uses a (Surface, Behavior, IntentMarker) triple for precise categorization.
- Severity scoring is now detailed and formulaic, based on capability, reachability, intent, and behavioral nuance.
- Improved documentation for each behavior node, intent marker meaning, and scoring logic.
- Classification and severity systems are strictly orthogonal except for clearly defined interface fields.
元数据
常见问题
Skill Auditor 是什么?
Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。
如何安装 Skill Auditor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-integrity-auditor」即可一键安装,无需额外配置。
Skill Auditor 是免费的吗?
是的,Skill Auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Auditor 支持哪些平台?
Skill Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Auditor?
由 ambarion(@ambarion)开发并维护,当前版本 v0.1.8。
推荐 Skills