← Back to Skills Marketplace
2584
Downloads
1
Stars
4
Active Installs
4
Versions
Install in OpenClaw
/install sona-security-audit
Description
Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.
Usage Guidance
This skill appears to be what it says: a conservative, fail-closed repo/skill auditor that runs trufflehog, semgrep, and a custom Python scanner. Before installing or running it: 1) Run it on a quarantined copy of the repository (do not point it at / or sensitive live directories). 2) Inspect and, if needed, edit scripts/security_audit.sh which contains hard-coded paths (/home/virta/...) so it doesn't scan unintended locations. 3) Expect pipx to be installed into your user environment (~/.local/bin); run_audit_json.sh prepends that path. 4) Confirm you want a fail-closed workflow: the tool treats missing manifest/lockfiles/persistence signals as FAIL by design. 5) If you need offline/no-network guarantees, ensure trufflehog/semgrep are run with update checks disabled (the repo notes this) and review semgrep/trufflehog versions before trusting results. 6) If you are uncertain, run the scripts manually on a copy and review the produced JSON before integrating into automated install/promotion flows.
Capability Analysis
Type: OpenClaw Skill
Name: sona-security-audit
Version: 0.1.3
This skill is a security auditing tool designed to detect malicious behavior, including prompt injection, data exfiltration, persistence, and supply chain vulnerabilities. The `hostile_audit.py` script explicitly scans for these patterns using regular expressions. The `openclaw-skill.json` manifest declares highly restrictive permissions, denying network access and sensitive filesystem paths, while allowing only necessary read/write access and execution of specific, legitimate security tools (`trufflehog`, `semgrep`, `jq`, `python3`). There is no evidence of intentional harmful behavior or prompt injection attempts against the agent; instead, the skill is designed to identify such threats in other code.
Capability Assessment
Purpose & Capability
Name/description (fail-closed security audit) match the declared binaries (trufflehog, semgrep, jq, python3) and the provided scripts implement trufflehog/semgrep runs plus a Python hostile-audit scanner. The requested install packages and subprocess allowances are proportionate to the stated purpose.
Instruction Scope
SKILL.md and scripts instruct the agent to run scripts/run_audit_json.sh <path>, which legitimately reads the target repo/workspace and runs trufflehog/semgrep/hostile_audit.py. The scanner searches file contents for prompt-injection, exfiltration and persistence patterns — expected for this tool. One convenience wrapper (scripts/security_audit.sh) contains hard-coded user-specific paths (e.g., /home/virta/.openclaw/workspace/hybrid_orchestrator) which is an operational oddity you should inspect or edit before using; otherwise instructions do not attempt to transmit findings to external endpoints.
Install Mechanism
Install spec uses apt/brew for jq/trufflehog/semgrep and a shell pipx flow for semgrep (python3 -m pip install --user pipx && pipx install semgrep). These are reasonable but not zero-risk: pipx installs into the user environment (~/.local/bin) and the install script may modify PATH visibility. No opaque downloads or URL shorteners are used.
Credentials
No secrets or unrelated environment variables are requested. The only runtime env var referenced is OPENCLAW_AUDIT_LEVEL (for strictness), and run_audit_json.sh adds $HOME/.local/bin to PATH so pipx-installed binaries are visible. The tool intentionally scans filesystem targets provided by the user — that broad file access is expected for an auditor.
Persistence & Privilege
The skill does not request 'always: true' or elevated persistent presence. It does write temporary files under a tempdir and may write reports to user-specified paths; the manifest/docs describe quarantine/workdir locations. The wrapper script intentionally swallows non-zero exit codes (prints JSON and exits 0) — useful for embedding but something to be aware of when scripting behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sona-security-audit - After installation, invoke the skill by name or use
/sona-security-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.3
Improve description/summary for discoverability
v0.1.2
Add discovery tags
v0.1.1
Documentation: run scripts via 'bash scripts/...' so installs still work if zip downloads do not preserve executable bits.
v0.1.0
Initial public release.
Metadata
Frequently Asked Questions
What is Security Audit (Sona)?
Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing. It is an AI Agent Skill for Claude Code / OpenClaw, with 2584 downloads so far.
How do I install Security Audit (Sona)?
Run "/install sona-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Audit (Sona) free?
Yes, Security Audit (Sona) is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Security Audit (Sona) support?
Security Audit (Sona) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Audit (Sona)?
It is built and maintained by virtaava (@virtaava); the current version is v0.1.3.
More Skills