security-audit
Security audit for external resources (GitHub repos, downloaded skills, files). Detects malicious code, suspicious executables, and content mismatches. Use when: (1) cloning GitHub projects, (2) downloading skills from web, (3) running external code/scripts. Always run before trusting or executing external code.
Why use this skill?
Safeguard your OpenClaw environment with the security-audit skill. Automatically detect malicious code, suspicious binaries, and threats before execution.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/ithacajason/jasonlai-security-auditWhat This Skill Does
The security-audit skill is a critical defense mechanism for the OpenClaw ecosystem, designed to act as a gatekeeper for all external code and resources. It performs rigorous static analysis to identify potential threats before they can compromise your environment. By scanning file types, analyzing source code integrity, and detecting obfuscated or malicious payloads, it ensures that your agent only interacts with verified content. The tool maps file types to risk levels, automatically blocking high-risk binary files while providing detailed audit logs for reviewable source code, making it an essential layer of protection against supply chain attacks.
Installation
To install this essential security tool, run the following command in your terminal:
clawhub install openclaw/skills/skills/ithacajason/jasonlai-security-audit
Use Cases
You should employ this skill whenever you are importing external dependencies or automation scripts. Primary use cases include: 1) Initializing a new development environment after cloning a repository from GitHub. 2) Validating a new skill installation from the OpenClaw hub. 3) Auditing scripts received from third-party sources or downloaded via web browsers. By integrating this into your post-download workflow, you protect your local system and agent from executing malicious payloads, shellcode, or unauthorized network-calling scripts.
Example Prompts
- "I just cloned a new project to ~/projects/experimental-bot, please run a security audit on that directory before I start working."
- "I'm downloading a new utility skill from an unofficial repo, run the security-audit tool on it and tell me if it's safe to use."
- "Run a comprehensive security check on the downloaded folder 'my-new-tool' and export the detailed report to audit_log.txt."
Tips & Limitations
Always remember that static analysis is the first line of defense; it does not replace the need for careful human code review. The tool may flag benign code that is heavily minified or uses unconventional patterns. When in doubt, prioritize the 'Critical' warnings. Use virtual environments alongside this tool to sandbox any code execution, ensuring that even if a threat bypasses initial scanning, your host system remains isolated. Keep the audit script updated to ensure the latest malicious signatures are included in your scans.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-ithacajason-jasonlai-security-audit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution