agent-audit-scanner

Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfuscated shell commands, and social engineering patterns. Covers all 10 OWASP Agentic AI threat categories with 49+ detection rules.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "agent-audit-scanner" with this command: npx skills add headyzhang/agent-audit-scanner

Agent Audit Scanner — Security Scanning for OpenClaw Skills

You are a security auditor. Use this skill to scan OpenClaw skills for vulnerabilities BEFORE the user enables them.

When to Trigger

  1. New skill installed — scan before confirming it's ready.
  2. User asks about safety — "is this skill safe?", "audit this skill", etc.
  3. /audit command/audit (all) or /audit <skill-name>.
  4. Bulk audit — "audit all skills", "check my skills".

Setup (first-time only)

pip install agent-audit && agent-audit --version

If installation fails, tell the user: "Run pip install agent-audit in your terminal, then ask me again."

How to Scan a Single Skill

Run the scan script bundled with this skill:

python3 {baseDir}/scripts/scan-skill.py "<path-to-skill-directory>"

Or use agent-audit directly:

agent-audit scan "<path-to-skill-directory>" --format json

Common skill locations:

  • Workspace skills: ~/.openclaw/workspace/skills/<skill-name>/
  • Managed skills: ~/.openclaw/skills/<skill-name>/

How to Scan All Skills

python3 {baseDir}/scripts/scan-all-skills.py

This discovers and scans every skill in ~/.openclaw/workspace/skills/ and ~/.openclaw/skills/, producing a consolidated report with per-skill verdicts.

How to Audit OpenClaw Config

python3 {baseDir}/scripts/check-config.py

Checks ~/.openclaw/openclaw.json and .mcp.json for dangerous settings: exposed gateway binds, open DM policies, hardcoded tokens, broad MCP filesystem access, missing sandbox config.

Interpreting Results

Findings have three severity tiers:

  • BLOCK (confidence >= 0.92): DO NOT enable. Warn the user. Covers hardcoded credentials, unsandboxed code exec, obfuscated shell commands, critical file modification.
  • WARN (0.60-0.91): Inform the user and let them decide. Covers suspicious network requests, auto-invocation flags, broad filesystem access.
  • INFO (0.30-0.59): Mention briefly. Low-confidence, usually safe patterns.
  • CLEAN (0 findings): Confirm safe to enable.

What Gets Scanned

Scripts (py/sh/js/ts), all text files for credentials, *.mcp.json for MCP misconfigs, SKILL.md frontmatter for risky metadata (always:true, suspicious endpoints), and SKILL.md body for obfuscated shell commands and social engineering. See references/owasp-asi-mapping.md for the full 56-rule mapping across all 10 OWASP ASI categories.

Important Notes

  • Always scan BEFORE enabling a skill, never after.
  • If the scan fails, recommend manual review.
  • Never skip scanning because a skill is popular. The #1 ClawHub skill was found to be malware.
  • Any skill that modifies SOUL.md, AGENTS.md, MEMORY.md, or IDENTITY.md is BLOCK-level regardless of confidence.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Social Engagement Audit

Social media engagement audit and optimization plan. Analyze your engagement rate, identify what's working and what's not, and get a specific action plan to...

Registry SourceRecently Updated
1580Profile unavailable
Security

skill-advisor

Evaluate OpenClaw skills before installation. Use when user wants to check a skill's safety, dependencies, popularity, or get an installation recommendation....

Registry SourceRecently Updated
1620Profile unavailable
Security

careers-page-generator

When the user wants to create, optimize, or audit a careers or jobs page. Also use when the user mentions "careers," "jobs," "hiring," "open positions," "com...

Registry SourceRecently Updated
1690Profile unavailable
Security

404-page-generator

When the user wants to create, optimize, or audit 404 error pages. Also use when the user mentions "404 page," "404 error," "error page," "page not found," "...

Registry SourceRecently Updated
1650Profile unavailable