ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

openclaw-skills-audit

Security audit + append-only NDJSON logging + realtime monitoring for OpenClaw skills.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/buffedon/openclaw-skills-audit
Or

Skills Audit (skills-audit)

A security-oriented skill to help you manage OpenClaw skills safely, with three core capabilities:

  1. Threat scanning (static analysis)
  2. Append-only audit logs (local NDJSON)
  3. Skills monitoring & notifications (push alerts on changes)

This skill is designed to be protocol-first: it audits and records changes without executing skill code.

Core Capabilities

1) Threat Scanning / Static Risk Analysis

When scanning an installed skill directory, skills_audit.py performs static inspection and generates a risk summary.

It focuses on three classes of signals:

  • Network indicators: URLs/domains, curl/wget/requests usage hints
  • Dangerous command indicators: curl|sh, wget|bash, eval, dynamic exec, base64 decode pipelines
  • Suspicious file indicators: persistence hooks (cron/systemd), sensitive paths (~/.ssh, ~/.aws, /etc/...)

Output fields:

  • risk.level: low | medium | high | extreme
  • risk.decision: allow | allow_with_caution | require_sandbox | deny
  • risk.risk_signals[]: evidence entries (file + snippet)
  • risk.network.domains[]: domains extracted from text files

Note: this is static analysis only. It never executes the skill code.

2) Audit Logging (Append-only)

All detections are written as one JSON object per line (NDJSON) and appended to:

  • ~/.openclaw/skills-audit/logs.ndjson

A small snapshot file is also maintained for diffing:

  • ~/.openclaw/skills-audit/state.json

The record schema is defined by:

  • skills-audit/log-template.json

Key design points:

  • Append-only: logs are never rewritten
  • Integrity hint: md5 (MD5 of the skill’s SKILL.md if present)
  • No extra sensitive fields: source / approval are intentionally removed from the schema

3) Skills Realtime Monitoring & Push Notifications

For better UX, you can run a scheduled monitor that detects:

  • Skill 新增/变更/删除 under workspace/skills

and pushes a message (e.g., to WeCom) only when changes are detected.

Components:

  • skills_watch_and_notify.py: generates a human-friendly notification text
  • openclaw cron add / edit: OpenClaw owns cron creation/update and delivery routing

Behavior:

  • No changes → no message
  • Has changes → push one notification
Read Full Documentation on GitHub

Metadata

Author@buffedon
Stars4190
Views0
Updated2026-04-18
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-buffedon-openclaw-skills-audit": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

Skills Audit

Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity).

buffedon 4190

Skills Audit

Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity).

buffedon 4190