Official Verified developer tools Safety 5/5

skill-security-auditor

Advanced security auditing tool for OpenClaw skills with YARA rules, LLM semantic analysis, and 100% detection rate

Why use this skill?

Secure your OpenClaw environment with the Security Auditor. Features YARA rules and LLM semantic analysis to ensure 100% threat detection for your agent skills.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/charpup/cisco-security-auditor

Download Source Code (.zip)

What This Skill Does

The Skill Security Auditor is a specialized defensive utility within the OpenClaw ecosystem designed to fortify your agent's infrastructure. It acts as a preemptive strike against vulnerabilities by integrating a dual-layered analysis engine. At its core, the tool employs high-performance YARA pattern matching to identify known malicious signatures—such as socket-based backdoors, remote code execution (RCE) patterns, and obfuscated payloads. This is augmented by advanced LLM-powered semantic analysis, which evaluates the intent and logic of code beyond simple pattern matching. By combining these methodologies, the Auditor achieves a 100% detection rate with zero false positives, ensuring that only trusted, clean code runs within your workspace.

Installation

To integrate this security layer, ensure your environment is running Python 3.11+. Execute the following command in your terminal to fetch the repository via the ClawHub platform:

clawhub install openclaw/skills/skills/charpup/cisco-security-auditor

Once installed, navigate to the local directory at ~/.openclaw/workspace/skills/skill-security-auditor and run pip install -r requirements.txt to resolve all necessary library dependencies, including yara-python and requests.

Use Cases

This skill is essential for developers maintaining private agent repositories or teams managing shared skill libraries. Use it during the pre-deployment CI/CD phase to audit third-party contributions for malicious intent. It is also ideal for security-focused administrators who need to conduct batch audits across large libraries of existing automation scripts to ensure no typosquatting or dependency confusion vulnerabilities have been introduced over time.

Example Prompts

"Auditor, please scan the entire contents of my current workspace directory and generate a JSON report detailing any detected vulnerabilities."
"Run a targeted check on experimental_plugin.py and explain why the YARA rule backdoor_shell was triggered."
"Scan all newly installed skills in the workspace and classify any detected issues by severity, prioritizing critical RCE risks."

Tips & Limitations

To maximize performance, always perform batch scans using the --batch flag to utilize cached analysis metadata. While the tool features a 100% detection rate for the samples tested, it should be treated as part of a defense-in-depth strategy. It cannot prevent runtime attacks that happen outside of the static code analysis scope. Ensure your YARA rules are updated periodically to remain effective against evolving obfuscation techniques. Always review the generated report carefully if a 'HIGH' or 'CRITICAL' severity flag is raised.

Read Full Documentation on GitHub

Metadata

Author@charpup

Stars1100

Updated2026-02-17

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-charpup-cisco-security-auditor": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Related Skills

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 4473