ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

skill-security-auditor

Command-line security analyzer for ClawHub skills. Run analyze-skill.sh to scan SKILL.md files for malicious patterns, credential leaks, and C2 infrastructure before installation. Includes threat intelligence database with 20+ detection patterns.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/akhmittra/skill-security-auditor
Or

What This Skill Does

The Skill Security Auditor is a crucial command-line tool designed to enhance the security of your ClawHub environment by analyzing skills before they are installed. Following the discovery of numerous malicious skills that compromised user data and facilitated malware distribution (like the ClawHavoc campaign distributing Atomic Stealer), this auditor provides a vital layer of defense. It operates by scanning the SKILL.md file of any skill against a comprehensive database of over 20 malicious patterns. These patterns include indicators of fake prerequisite installations, suspicious download commands, hidden payload execution, social engineering tactics, unauthorized external binary downloads, hardcoded credentials, environment variable exfiltration, unverified dependencies, known malicious IP addresses and domains associated with Command & Control (C2) infrastructure, and malformed metadata. The tool assigns a risk score from 0 to 100, offering detailed audit reports and actionable recommendations to help you make informed decisions about skill installations. It is designed to be a manual advisory tool, not an automated blocker.

Installation

To install the Skill Security Auditor, you can use the following command:

clawhub install openclaw/skills/skills/akhmittra/skill-security-auditor

Once installed, the primary tool for analysis is the analyze-skill.sh script. You can run this script directly from your terminal against a specific skill's slug (e.g., analyze-skill.sh someuser/some-skill) or against a local SKILL.md file (e.g., analyze-skill.sh /path/to/local/SKILL.md).

Use Cases

  • Pre-installation Verification: Before installing any new skill from ClawHub, run the auditor to check for potential threats.
  • Suspicious Activity Investigation: If a currently installed skill is exhibiting unusual behavior, use the auditor to analyze its SKILL.md file for hidden malicious indicators.
  • Security Due Diligence: Regularly audit community-contributed skills to ensure the integrity of your OpenClaw environment.
  • Compliance and Auditing: Perform security audits on installed skills to verify they meet your organization's security standards.

Example Prompts

  1. "Please analyze the skill someuser/malicious-checker for any security risks before I install it."
  2. "Run analyze-skill.sh on the SKILL.md file located at /home/user/downloads/suspicious-skill/SKILL.md."
  3. "What are the primary security concerns with the skill anotheruser/data-miner based on its SKILL.md file?"

Tips & Limitations

Tips:

  • Always run the auditor on skills obtained from untrusted sources or those with extensive network access permissions.
  • Familiarize yourself with the types of patterns the auditor detects to better understand its findings.
  • Combine the auditor's findings with other security measures, such as reviewing skill permissions and author reputation.

Limitations:

  • This tool performs pattern-based analysis and cannot guarantee 100% detection of all malicious activities. Sophisticated or novel threats may evade detection.
  • It does not automatically block installations; it provides advisory information for the user to act upon.
  • The analysis is limited to the information present in the SKILL.md file and associated metadata. It does not execute the skill's code or analyze its runtime behavior.
  • It does not interact with external services like VirusTotal; for such comprehensive checks, refer to the ClawHub web interface if available.
Read Full Documentation on GitHub

Metadata

Author@akhmittra
Stars4473
Views34
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-akhmittra-skill-security-auditor": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#auditor#threat-detection#command-line
Safety Score: 4/5

Flags: file-read, code-execution

Related Skills

ctf-writeup-generator

Automatically generate professional CTF writeups from solving sessions with flag detection, challenge categorization, and proper markdown formatting

akhmittra 4473

ergocare-coach

Your personal desk health coach with automated break reminders. Generates platform-specific scripts (bash/PowerShell) for 20-20-20 eye care, lower back exercises, and RSI prevention. Comprehensive exercise routines, ergonomic guidance, and customizable notification systems for computer professionals.

akhmittra 4473

sourdough-starter-manager

Manage sourdough starters with feeding schedules, hydration calculations, health tracking, and baking preparation. Use when the user wants to maintain a sourdough starter, plan feedings, calculate ratios, troubleshoot starter problems, or prepare for baking.

akhmittra 4473

content-remix-studio

Transform one piece of content into platform-optimized versions for YouTube, TikTok, Twitter/X, LinkedIn, Instagram, newsletters, and blogs. Adapts tone, format, length, and style for each platform's algorithm and audience expectations.

akhmittra 4473

Rock Paper Scissors Lizard Spock

Play the classic Rock Paper Scissors Lizard Spock game (popularized by The Big Bang Theory) with an AI opponent. Includes both decorated terminal and interactive GUI modes with score tracking, statistics, and animations.

akhmittra 4473