security-audit

Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with prioritized findings and trust attestations.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-audit" with this command: npx skills add Trypto1019/arc-security-audit

Security Audit

One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.

Why This Exists

Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.

Commands

Audit all installed skills

python3 {baseDir}/scripts/audit.py full

Audit a specific skill

python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/

Generate audit report as JSON

python3 {baseDir}/scripts/audit.py full --json --output report.json

Audit with trust attestations

python3 {baseDir}/scripts/audit.py full --attest

What It Does

  1. Scans every installed skill with arc-skill-scanner patterns
  2. Assesses trust for each skill (provenance, code cleanliness, binary presence)
  3. Checks binary integrity with SHA-256 checksums
  4. Generates a prioritized report sorted by risk level
  5. Optionally creates trust attestations for skills that pass all checks

Output

The audit report includes:

  • Summary: total skills scanned, findings by severity, overall risk level
  • Per-skill breakdown: findings, trust score, recommendations
  • Critical actions: what to fix immediately
  • Trust attestations for passing skills (if --attest flag used)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

aig-scanner

Comprehensive OpenClaw security scanning powered by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). Use when the user asks to start a security health check or sec...

Registry SourceRecently Updated
0138
boy-hack
Security

Dataset Intake Auditor

在新数据集接入前检查字段、单位、缺失率、异常值与可用性。;use for data, dataset, audit workflows;do not use for 伪造统计结果, 替代正式数据治理平台.

Registry SourceRecently Updated
02
Profile unavailable
Security

Session Password

Provides secure session authentication using bcrypt-hashed passwords, security questions, email recovery, and lockout protection with audit logging.

Registry SourceRecently Updated
118
Profile unavailable