skill-security-audit
已安装 Skills 的安全审计工具。用于批量审计 Skills 的安全性,包括命令执行、网络访问、文件访问、数据泄露、依赖风险、提示词越权和触发条件检查。适用于用户提供 Skills 列表和文件内容时进行安全扫描、护栏审查、提示词越权审查或强化建议。
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/chensu1234/skill-security-audit-v2What This Skill Does
The skill-security-audit is a specialized diagnostic utility designed for OpenClaw agents to perform comprehensive security assessments of installed skill packages. As the ecosystem of AI-driven automation grows, the risk of executing untrusted code or exposing sensitive data increases. This tool acts as a critical guardrail by systematically analyzing your existing skills for vulnerabilities such as arbitrary command execution, unauthorized network access, insecure file system interactions, and potential prompt injection risks. It maps every skill against a standardized security matrix, providing developers and power users with a clear, actionable audit report that classifies risks from 'Info' to 'Critical'.
Installation
To add this security tool to your OpenClaw environment, execute the following command in your terminal or via the agent interface:
clawhub install openclaw/skills/skills/chensu1234/skill-security-audit-v2
Ensure that you have the necessary permissions to access the directory where your skills are stored so the audit tool can effectively parse the associated manifests and source code.
Use Cases
- Pre-deployment Verification: Scan new skills before enabling them in your production workflow to ensure they adhere to security best practices.
- Regular Security Sweeps: Schedule periodic audits of your entire skill portfolio to identify legacy skills that may contain deprecated or insecure dependencies.
- Collaborative Review: Use the generated audit reports to provide constructive, security-focused feedback to skill developers when their contributions fail safety checks.
- Policy Enforcement: Enforce strict organizational policies regarding file access and network requests by identifying skills that overstep their described boundaries.
Example Prompts
- "Perform a full security audit on all currently installed skills and summarize any critical risks found."
- "Review the 'peekaboo' skill for potential data leakage and provide a list of recommended code changes to restrict its file access."
- "Run a scan on the latest downloaded skills from the community repo and output a compliance report for each one."
Tips & Limitations
- Context is Key: Always provide the full content of
SKILL.mdand related scripts for the most accurate assessment. - Manual Oversight: While this tool detects many vulnerabilities, it acts as an assistant. Always manually review 'Critical' warnings before making final decisions.
- Scope: The audit focuses on static analysis of provided files; it cannot predict runtime behaviors that are triggered only by specific, complex external environmental variables.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-chensu1234-skill-security-audit-v2": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution