skill-auditor

Security audit and quarantine system for third-party OpenClaw skills. Use when evaluating, reviewing, or installing any skill from ClawHub or external sources. Automatically triggered before any skill installation.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skill-auditor" with this command: npx skills add aiwithabidi/agxntsix-skill-auditor

Skill Auditor

Security gatekeeper for third-party skill installation. No skill gets installed without passing audit.

When to Use

  • Before installing ANY skill from ClawHub or external sources
  • When asked to review/evaluate a skill's safety
  • When clawhub install or similar installation is requested

Audit Workflow

1. Quarantine First

Never copy a skill directly to the production skills directory. Always quarantine first:

bash skills/skill-auditor/scripts/quarantine.sh /path/to/skill-source

This copies the skill to a temp directory, runs the full audit, and only allows installation if the risk score is CLEAN or LOW.

2. Manual Audit (Python Script Directly)

For inspection without the quarantine wrapper:

python3 skills/skill-auditor/scripts/audit_skill.py /path/to/skill-dir

Outputs JSON report to stdout. Add --human for formatted text output.

3. Interpreting Results

RatingAction
CLEANSafe to install
LOWSafe, minor notes — review findings briefly
MEDIUMDo NOT install without manual review of each finding
HIGHBlock installation — likely malicious patterns detected
CRITICALBlock immediately — active threat indicators (exfil, prompt injection, obfuscated payloads)

4. Exit Codes

  • 0 = CLEAN or LOW (safe)
  • 1 = MEDIUM (needs review)
  • 2 = HIGH or CRITICAL (blocked)

What Gets Scanned

  • All files: inventory, sizes, suspicious file types
  • Code: shell commands, network calls, env access, filesystem escape, obfuscation, dynamic imports
  • SKILL.md: prompt injection patterns, permission scope requests
  • Dependencies: requirements.txt / package.json flagged packages
  • Encoding: base64 payloads, hex/unicode escapes, string manipulation tricks

References

  • references/known-patterns.md — catalog of real attack patterns from ClawHub
  • references/prompt-injection-patterns.md — prompt injection signatures to detect

Important

If a skill scores MEDIUM or above, always show Abidi the full findings before taking any action. Never override or bypass the auditor. This is the last line of defense before untrusted code enters the system.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

S³ Security Audit

Run security audits on codebases using static analysis, dependency scanning, and manual code review patterns. Covers OWASP Top 10, secrets detection, depende...

Registry SourceRecently Updated
2540Profile unavailable
Security

Memory Poison Auditor

Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memor...

Registry SourceRecently Updated
2580Profile unavailable
Security

NotaryOS

Seal AI agent actions with Ed25519 cryptographic receipts. Verify what your agent did and prove what it chose not to do.

Registry SourceRecently Updated
2781Profile unavailable
Security

AgentShield Scanner

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

Registry SourceRecently Updated
3140Profile unavailable