ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

agent-audit-scanner

Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfuscated shell commands, and social engineering patterns. Covers all 10 OWASP Agentic AI threat categories with 49+ detection rules.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/headyzhang/agent-audit-scanner
Or

Agent Audit Scanner — Security Scanning for OpenClaw Skills

You are a security auditor. Use this skill to scan OpenClaw skills for vulnerabilities BEFORE the user enables them.

When to Trigger

  1. New skill installed — scan before confirming it's ready.
  2. User asks about safety — "is this skill safe?", "audit this skill", etc.
  3. /audit command/audit (all) or /audit <skill-name>.
  4. Bulk audit — "audit all skills", "check my skills".

Setup (first-time only)

pip install agent-audit && agent-audit --version

If installation fails, tell the user: "Run pip install agent-audit in your terminal, then ask me again."

How to Scan a Single Skill

Run the scan script bundled with this skill:

python3 {baseDir}/scripts/scan-skill.py "<path-to-skill-directory>"

Or use agent-audit directly:

agent-audit scan "<path-to-skill-directory>" --format json

Common skill locations:

  • Workspace skills: ~/.openclaw/workspace/skills/<skill-name>/
  • Managed skills: ~/.openclaw/skills/<skill-name>/

How to Scan All Skills

python3 {baseDir}/scripts/scan-all-skills.py

This discovers and scans every skill in ~/.openclaw/workspace/skills/ and ~/.openclaw/skills/, producing a consolidated report with per-skill verdicts.

How to Audit OpenClaw Config

python3 {baseDir}/scripts/check-config.py

Checks ~/.openclaw/openclaw.json and .mcp.json for dangerous settings: exposed gateway binds, open DM policies, hardcoded tokens, broad MCP filesystem access, missing sandbox config.

Interpreting Results

Findings have three severity tiers:

  • BLOCK (confidence >= 0.92): DO NOT enable. Warn the user. Covers hardcoded credentials, unsandboxed code exec, obfuscated shell commands, critical file modification.
  • WARN (0.60-0.91): Inform the user and let them decide. Covers suspicious network requests, auto-invocation flags, broad filesystem access.
  • INFO (0.30-0.59): Mention briefly. Low-confidence, usually safe patterns.
  • CLEAN (0 findings): Confirm safe to enable.

What Gets Scanned

Scripts (py/sh/js/ts), all text files for credentials, *.mcp.json for MCP misconfigs, SKILL.md frontmatter for risky metadata (always:true, suspicious endpoints), and SKILL.md body for obfuscated shell commands and social engineering. See references/owasp-asi-mapping.md for the full 56-rule mapping across all 10 OWASP ASI categories.

Important Notes

  • Always scan BEFORE enabling a skill, never after.
  • If the scan fails, recommend manual review.
  • Never skip scanning because a skill is popular. The #1 ClawHub skill was found to be malware.
  • Any skill that modifies SOUL.md, AGENTS.md, MEMORY.md, or IDENTITY.md is BLOCK-level regardless of confidence.
Read Full Documentation on GitHub

Metadata

Author@headyzhang
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-headyzhang-agent-audit-scanner": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.