Skills Audit (skills-audit)

A security-oriented skill for managing OpenClaw skills safely, with five core capabilities:

1. Threat scanning (static analysis)
2. Append-only audit logs (local NDJSON)
3. Skills monitoring & notifications (push alerts on changes)
4. File-level diff + content diff (git snapshots)
5. Baseline approval mechanism (approved skills don't repeat-alert)
6. Semantic analysis (dangerous functions + capability analysis)

This skill performs static analysis only — it never executes skill code.

Requirements

• Python ≥ 3.9, standard library only (no third-party dependencies)
• git (for content diff snapshots)
• See scripts/requirements.txt for details

Core Capabilities

1) Threat Scanning (Static Risk Analysis)

skills_audit.py performs static inspection of installed skill directories. If a QianXin token is configured, it also queries QianXin SafeSkill by the stable MD5 of the whole workspace/skills bundle instead of uploading the bundle itself:

• Network indicators: URLs/domains, curl/wget/requests usage
• Dangerous commands: curl|sh, wget|bash, eval, dynamic exec, base64 pipes
• Suspicious behavior: persistence (cron/systemd), sensitive paths (~/.ssh, ~/.aws, /etc)
• Optional QianXin intel: stable MD5 lookup for the full workspace/skills bundle using a user-supplied token

Output fields:

• risk.level: low | medium | high | extreme
• risk.decision: allow | allow_with_caution | require_sandbox | deny
• risk.risk_signals[]: evidence (file + snippet)
• risk.network.domains[]: extracted domains
• risk.source: local or qianxin-md5

QianXin config:

• Config file: config/intelligent.json
• Defaults to enabled: false
• token defaults to empty
• Users can enable it after download by filling in their own token and setting enabled to true
• If disabled, token is empty, or the query fails, the scan automatically falls back to local static analysis

2) Audit Logging (Append-only NDJSON)

All detections are appended as NDJSON to:

• ~/.openclaw/skills-audit/logs.ndjson

State snapshot for diff:

• ~/.openclaw/skills-audit/state.json

Schema defined by log-template.json. Key points:

• sha256: SHA-256 of SKILL.md (integrity field)
• diff: git commit info + per-file stat
• file_changes: file-level added/removed/changed lists
• approved: baseline approval status

3) Skills Monitoring & Push Notifications

Periodic monitoring of workspace/skills for additions, changes, and removals.

• No changes → no output
• Changes detected → one notification
• Baseline-approved unchanged skills are excluded from notifications

Notification template: templates/notify.txt (see templates/README.md for customization).

4) File-level Diff + Content Diff (Git Snapshots)

Each scan snapshots the skills directory into a local git repo (~/.openclaw/skills-audit/snapshots/):