Skill Security Audit
Scan OpenClaw skills for security vulnerabilities before installation or publication.
Quick Start
# Audit a single skill
skill-security-audit audit /path/to/skill-folder
# Audit all installed skills
skill-security-audit audit-all
# Generate security report
skill-security-audit report /path/to/skill-folder --format json
What This Detects
Critical Issues (Block Installation)
| Issue | Description | Risk Level |
|---|---|---|
| Hardcoded Secrets | API keys, tokens, passwords in code | Critical |
| Shell Injection | Unsanitized input to shell commands | Critical |
| Code Execution | eval(), exec(), dynamic code execution | Critical |
| Unauthorized Network | Calls to unknown/suspicious domains | Critical |
High Issues (Review Required)
| Issue | Description | Risk Level |
|---|---|---|
| Prompt Injection | User input in system prompts without sanitization | High |
| File Path Traversal | Unchecked file paths from user input | High |
| Excessive Permissions | Requests unnecessary system access | High |
Medium Issues (Warnings)
| Issue | Description | Risk Level |
|---|---|---|
| Outdated Dependencies | Packages with known CVEs | Medium |
| Unpinned Versions | Floating dependency versions | Medium |
| Missing License | No license file for distribution | Medium |
Security Patterns
Good Pattern: Environment Variables
# CORRECT: Load secrets from environment
import os
api_key = os.environ.get("OPENAI_API_KEY")
Bad Pattern: Hardcoded Secrets
# DANGEROUS: Secret in code
api_key = "sk-abc123def456..." # NEVER DO THIS
Good Pattern: Sanitized Input
# CORRECT: Validate and sanitize
import re
def safe_filename(name):
return re.sub(r'[^a-zA-Z0-9_-]', '', name)
Bad Pattern: Shell Injection
# DANGEROUS: User input to shell
os.system(f"convert {user_file} output.png") # NEVER DO THIS
Running Audits
Important: Self-Scan Results
When running skill-security-audit audit skill-security-audit/, you will see findings for the pattern definitions themselves. This is expected — the scanner detects the example patterns in its own documentation. These are not real vulnerabilities.
For actual skill audits, this produces accurate results.
Single Skill Audit
skill-security-audit audit ./my-skill/
Output:
- Pass/Fail status
- List of vulnerabilities found
- Severity ratings
- Remediation suggestions
Batch Audit (All Installed Skills)
skill-security-audit audit-all
Scans ~/.openclaw/skills/ and reports on all installed skills.
Report Formats
# JSON for CI/CD integration
skill-security-audit audit ./skill/ --format json
# Markdown for documentation
skill-security-audit audit ./skill/ --format markdown
# Summary for quick review
skill-security-audit audit ./skill/ --format summary
CI/CD Integration
Add to your skill publishing pipeline:
# .github/workflows/publish.yml
- name: Security Audit
run: skill-security-audit audit ./skill/
Exit codes:
- 0: No issues found
- 1: Medium+ issues found (warnings)
- 2: Critical issues found (block)
Publishing Secure Skills
Before publishing to ClawHub:
- Run
skill-security-audit audit ./your-skill/ - Fix all critical and high issues
- Document any required secrets in README
- Include
.env.examplewith placeholder values - Re-run audit to confirm clean
See Also
references/vulnerabilities.md— Complete vulnerability databasereferences/remediation.md— How to fix common issuesscripts/audit.py— Main audit script