agentaudit-skill
Automatic security gate that checks packages against a vulnerability database before installation. Use before any npm install, pip install, yarn add, or package manager operation.
Why use this skill?
Secure your environment with AgentAudit. An automated security gate that checks npm and pip packages against a vulnerability database before installation.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/starbuck100/agentauditWhat This Skill Does
The agentaudit-skill acts as an automated security gate designed to protect your environment from malicious or vulnerable dependencies. Before any package manager executes an installation, this agent verifies the package against a comprehensive vulnerability database. It intercepts requests for npm, pip, yarn, pnpm, and clawhub, ensuring that no external code enters your system without first undergoing a safety check. By utilizing this skill, you prevent the accidental introduction of compromised libraries that could lead to data exfiltration or system instability.
Installation
To install the skill, use the OpenClaw command: clawhub install openclaw/skills/skills/starbuck100/agentaudit. After installation, ensure you set the AGENTAUDIT_HOME environment variable to point to the skill directory, allowing the gate scripts to resolve their dependencies correctly. The skill supports both Node.js (cross-platform) and Bash (Unix-only) runtimes; choose the one that matches your OS and environment settings. Once installed, verify the connection by running the gate script against a common package like lodash.
Use Cases
- Proactive Dependency Management: Automatically vet packages before adding them to your
package.jsonorrequirements.txt. - CI/CD Security: Add a layer of verification in automated workflows to ensure third-party tools haven't been hijacked.
- Agentic Safety: Provides a crucial safety hook for AI agents, effectively creating a "stop-and-think" checkpoint before they commit to external resource installation.
- Compliance & Auditing: Maintain a secure baseline for all software components used within your development environment.
Example Prompts
- "OpenClaw, please install the latest version of express for this project. Remember to run the security gate first!"
- "I need to add the requests library to my Python project. Can you perform an audit using agentaudit-skill before proceeding?"
- "Install the package 'd3' for our visualization dashboard, but only if the security audit returns a 'PASS' status."
Tips & Limitations
- Consistency: Always use the same script variant (Node.js or Bash) for both registration and gate checks to avoid environment conflicts.
- Mandatory Gating: Treat the hard rule of 'gate first' as absolute. Bypassing this skill creates a significant security vulnerability.
- Internet Dependency: The tool requires active internet access to reach the vulnerability registry. If you are offline, the audit will fail.
- Pathing: Always use absolute paths for the
AGENTAUDIT_HOMEvariable to ensure the agent can locate the gate script regardless of the current working directory.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-starbuck100-agentaudit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-read, code-execution
Related Skills
clawdhub-contributor
Contribute to the ClawdHub ecosystem by scouting unknown skills, reporting bugs, and sharing skill recipes. Three modes (passive/active/full) let you control how much you contribute.
ecap-security-auditor
Security audit framework for AI agent skills, MCP servers, and packages. Your LLM does the analysis — we provide structure, prompts, and a shared trust database.
agentaudit-skill
Automatic security gate that checks packages against a vulnerability database before installation. Use before any npm install, pip install, yarn add, or package manager operation.