skill-audit-guardian
Audit dropped ClawHub skill ZIPs, classify risk (SAFE/CAUTION/REMOVE), auto-sort files, and generate a plain-English security dashboard.
Why use this skill?
Automate security audits for OpenClaw ZIP packages. Classify risks, auto-sort files, and generate security dashboards to protect your agent from malicious code.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/howardkusumo/skill-audit-guardianWhat This Skill Does
The Skill Audit Guardian acts as a proactive security layer for your OpenClaw ecosystem. Designed specifically for developers and system administrators, it mitigates the risks associated with downloading third-party skill ZIP files from ClawHub. By automating the inspection process, the skill performs heuristic analysis on incoming ZIP packages to detect suspicious patterns, potentially malicious scripts, or unauthorized system calls before they are deployed. The system categorizes these files into distinct folders—SAFE, CAUTION, and REMOVE—based on their security posture, and generates a comprehensive, human-readable HTML dashboard that explains the reasoning behind every security flag identified during the audit. This removes the manual overhead of unpacking and manually vetting raw code, ensuring your agent environment remains secure.
Installation
To integrate this utility into your development workflow, use the standard OpenClaw installation command via your terminal. Ensure that your environment has sufficient permissions to read and write files within your workspace directory. Run the following command:
clawhub install openclaw/skills/skills/howardkusumo/skill-audit-guardian
Once installed, you can trigger a one-shot scan using bash scripts/skill-zip-audit.sh or enable the continuous monitoring mode by executing bash scripts/skill-zip-watch.sh. The watcher automatically monitors your specified directory and manages file organization in real-time.
Use Cases
This skill is indispensable for developers who frequently integrate third-party OpenClaw skills. Use it to:
- Vet untrusted ZIP files from community marketplaces before installing them into your production agent.
- Standardize security protocols within a team, ensuring no raw, unvetted code enters your local development environment.
- Quickly visualize security threats through an intuitive generated HTML dashboard, allowing for rapid decision-making on whether a package should be purged or safely implemented.
Example Prompts
- "OpenClaw, please run a security audit on the latest zip files dropped in my desktop folder and show me the summary dashboard."
- "Watch the ~/Desktop/skill-drop directory for new files and move anything marked as REMOVE to the trash automatically."
- "Summarize the risks found in the most recent skill package audit and explain why it was marked as CAUTION."
Tips & Limitations
Remember that this skill performs heuristic scanning, which is a pattern-matching approach and not a full malware sandbox. While highly effective at catching common suspicious patterns and potential vulnerabilities, it cannot detect sophisticated zero-day exploits or obfuscated logic that passes static analysis. Always review the generated dashboard carefully, and consider running high-risk or CAUTION-labeled skills inside a containerized or virtualized environment before granting them full access to your host file system or agent environment.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-howardkusumo-skill-audit-guardian": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-write, file-read, code-execution