Official Verified developer tools Safety 5/5

skill-auditor

Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration before installation. Features 0-100 numeric risk scoring, MITRE ATT&CK mappings, base64/hex deobfuscation, IoC database, whitelist system, and SHA256 file inventory. Use before installing any third-party skill. Triggers: audit skill, check security, scan skill, is this skill safe, security review, quarantine.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/aiwithabidi/skill-auditor-v2

Download Source Code (.zip)

What This Skill Does

The Skill Auditor is a comprehensive security tool designed specifically for the OpenClaw agent ecosystem. It functions as a pre-installation defensive layer, performing deep static and dynamic analysis on third-party skills to prevent the execution of malicious payloads. By combining multiple detection layers—including pattern matching for shell execution, network calls, and data exfiltration—it protects the host environment from compromise. It is particularly effective at identifying hidden threats, such as obfuscated base64 strings or hex-encoded command sequences that might otherwise bypass standard security checks. With its robust scoring system, users receive an actionable risk assessment (0-100) before any code is allowed to run.

Installation

To install the Skill Auditor, use the following ClawHub command within your terminal environment: clawhub install openclaw/skills/skills/aiwithabidi/skill-auditor-v2

Ensure that you have appropriate system permissions to execute scripts in the OpenClaw directory, as the auditor performs filesystem scans to verify the integrity of local skill manifests and source files.

Use Cases

Pre-Installation Validation: Scans any third-party skill downloaded from ClawHub before allowing it to register with your agent.
Security Auditing: Ideal for developers who want to verify their own code for unintentional vulnerabilities or bad security practices before publishing to the community.
Update Regression Testing: Use the tool whenever a skill updates to ensure the new version doesn't introduce unwanted permissions or malicious functionality.
Quarantine Management: Provides a safe execution flow for untrusted skills by isolating them during the audit process.

Example Prompts

"Audit the new 'web-search-pro' skill I just downloaded and tell me if it's safe to install."
"Can you perform a security review on the skill directory at /home/user/openclaw/skills/custom-plugin and give me a risk score?"
"Is this skill safe? I found it on a public repository and I'm worried about data exfiltration."

Tips & Limitations

Always review 'Medium Risk' results manually; the auditor identifies potential risks, but human context is vital for determining if a specific permission is actually required for the skill to function.
Ensure your references/ioc-database.json is kept up-to-date to ensure the scanner detects the latest known malicious domains and IP addresses.
While the tool is excellent at detecting known attack patterns, it is a static and heuristic-based scanner; it cannot guarantee absolute security against never-before-seen zero-day exploits.

Read Full Documentation on GitHub

Metadata

Author@aiwithabidi

Stars4473

Updated2026-05-01

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-aiwithabidi-skill-auditor-v2": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#privacy#audit#cybersecurity#scanner

Safety Score: 5/5

Flags: file-read, code-execution

Related Skills

freshsales

Freshsales CRM integration — manage contacts, leads, deals, accounts, tasks, and sales sequences via the Freshsales API. Track deal pipelines, automate lead assignments, log activities, and generate sales reports. Built for AI agents — Python stdlib only, no dependencies. Use for sales CRM, contact management, deal tracking, pipeline reporting, and sales automation.

aiwithabidi 4473

gemini-video-analyzer

Native video analysis using Google Gemini API. Upload and analyze video files — describe scenes, extract text/UI, answer questions about content, transcribe speech, identify objects and actions. Use when: (1) User sends a video file and wants it analyzed, (2) Video summarization or description needed, (3) Extracting text, UI elements, or information from screen recordings, (4) Answering questions about video content, (5) Comparing multiple videos, (6) Analyzing tutorials, demos, or walkthroughs.

aiwithabidi 4473

agent-memory

Full AI agent memory stack — Mem0 unified memory engine with vector search (Qdrant) and knowledge graph (Neo4j), plus SQLite for structured data. Complete setup script and tools. Give your OpenClaw agent a real brain with semantic recall, entity relationships, and structured storage.

aiwithabidi 4473

neon

Neon serverless Postgres — manage projects, branches, databases, roles, endpoints, and compute via the Neon API. Create database branches for development, manage connection endpoints, scale compute, and monitor usage. Built for AI agents — Python stdlib only, zero dependencies. Use for serverless Postgres, database branching, database management, development workflows, and cloud database automation.

aiwithabidi 4473

onepassword

1Password Connect — vaults, items, secrets management for server-side applications.

aiwithabidi 4473