OpenSkillIndex← back to search
claude-code

Skills skill-auditor

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/aiwithabidi/skill-auditor-v2" ~/.claude/skills/clawdbot-skills-skill-auditor-a0765e && rm -rf "$T"
manifest: skills/aiwithabidi/skill-auditor-v2/SKILL.md
source content

Skill Auditor v2.0 🔍🛡️

Comprehensive security scanner for OpenClaw/ClawHub skills. Merges static analysis, deobfuscation, and threat intelligence into a single Python tool.

When to Use

  • Before installing any third-party skill from ClawHub
  • When reviewing skill updates for security regressions
  • To audit your own skills before publishing
  • When someone asks: "is this skill safe?", "audit this", "check security"

Quick Start

Audit a local skill directory

python3 {baseDir}/scripts/audit_skill.py /path/to/skill --human

Audit a ClawHub skill by slug

python3 {baseDir}/scripts/audit_skill.py --slug skill-name --human

Quarantine workflow (audit + prompt to install)

bash {baseDir}/scripts/quarantine.sh /path/to/skill
bash {baseDir}/scripts/quarantine.sh --slug skill-name

JSON output for programmatic use

python3 {baseDir}/scripts/audit_skill.py /path/to/skill --json

Scoring System

ScoreLevelAction
0–20✅ SAFEAuto-install OK
21–40🟢 LOW RISKProceed with caution
41–60🟡 MEDIUM RISKManual review required
61–80🟠 HIGH RISKExpert review needed
81–100🔴 CRITICALDo NOT install

Exit codes: 

0
= safe (≤20), 
1
= review (21–60), 
2
= dangerous (>60)

Detection Layers

Layer 1: Static Pattern Analysis

  • 10+ scan categories with regex patterns
  • Shell execution, network calls, env access, filesystem escape
  • Prompt injection, data exfiltration, crypto wallet access
  • Dynamic imports, browser credential theft, fake prerequisites

Layer 2: Deobfuscation

  • Base64 string extraction and decode → re-scan decoded content
  • Hex escape sequence decode → re-scan
  • Detects hidden commands, C2 IPs in encoded payloads

Layer 3: Threat Intelligence

  • IoC database: known malicious IPs, domains
  • Social engineering detection: urgency, false authority, fear tactics
  • MITRE ATT&CK ID mapping on every finding
  • Whitelist system reduces score for safe binaries/domains

Additional Checks

  • SHA256 file inventory for integrity verification
  • Typosquat detection (Levenshtein distance on package names)
  • Zero-width character detection in SKILL.md
  • Comment-context severity reduction (findings in comments scored lower)
  • Permission scope analysis (what tools does the skill request?)

IoC Database

Structured threat data in 

references/ioc-database.json
. Update when new threats emerge. The scanner auto-loads this file at runtime.

References

  • references/ioc-database.json
    — Structured IoC data (IPs, domains, patterns)
  • references/known-patterns.md
    — Human-readable threat documentation
  • references/prompt-injection-patterns.md
    — Prompt injection pattern reference

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Fork of skill-auditor-pro by sypsyp97, merged with skill-security-auditor by akm626.