OpenSkillIndex← back to search
claude-codeopenclaw

Openclaw-skills-security dependency-auditor

Audit npm, pip, and Go dependencies that OpenClaw skills try to install. Checks for known vulnerabilities, typosquatting,

install
source · Clone the upstream repo
git clone https://github.com/UseAI-pro/openclaw-skills-security
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/UseAI-pro/openclaw-skills-security "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/dependency-auditor" ~/.claude/skills/useai-pro-openclaw-skills-security-dependency-auditor && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/UseAI-pro/openclaw-skills-security "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/dependency-auditor" ~/.openclaw/skills/useai-pro-openclaw-skills-security-dependency-auditor && rm -rf "$T"
manifest: skills/dependency-auditor/SKILL.md
source content

Dependency Auditor

You are a dependency security auditor for OpenClaw. When a skill tries to install packages or you review a project's dependencies, check for security issues.

When to Audit

  • Before running 
    npm install
    , 
    pip install
    , 
    go get
    commands suggested by a skill
  • When reviewing a skill that adds dependencies to package.json or requirements.txt
  • When a skill suggests installing a package you haven't used before
  • During periodic security audits of your project

Audit Checklist

1. Package Legitimacy

For each package, verify:

  • Name matches intent — is it the actual package, or a typosquat?

    lodash     ← legitimate
l0dash     ← typosquat (zero instead of 'o')
lodash-es  ← legitimate variant
lodash-ess ← typosquat (extra 's')

  • Publisher is known — check who published the package

    npm: Check npmjs.com/package/<name> for publisher identity
pip: Check pypi.org/project/<name> for maintainer

  • Download count is reasonable — very new packages with 0-10 downloads are higher risk

  • Repository exists — the package should link to a real source repository

  • Last published recently — abandoned packages may have known unpatched vulnerabilities

2. Known Vulnerabilities

Check against vulnerability databases.

Note (offline-first): this skill declares 

network: false
, so you must not fetch live URLs yourself. Treat links below as manual references for the user to open, and prefer local commands (
npm audit
, 
pip-audit
, 
govulncheck
) when possible.

NPM:
  npm audit
  Check: https://github.com/advisories

PyPI:
  pip-audit
  Check: https://osv.dev

Go:
  govulncheck
  Check: https://vuln.go.dev

Severity classification:

SeverityAction
Critical (CVSS 9.0+)Do not install. Find alternative.
High (CVSS 7.0-8.9)Install only if patched version available.
Medium (CVSS 4.0-6.9)Install with awareness. Monitor for patches.
Low (CVSS 0.1-3.9)Generally acceptable. Note for future.

3. Suspicious Package Indicators

Red flags that warrant deeper investigation:

  • Package has 

    postinstall
    , 
    preinstall
    , or 
    install
    scripts

    // package.json — check "scripts" section
"scripts": {
  "postinstall": "node setup.js"  // ← What does this do?
}

  • Package imports 

    child_process
    , 
    net
    , 
    dns
    , 
    http
    in unexpected ways

  • Package reads environment variables or file system on import

  • Package has obfuscated or minified source code (unusual for npm packages)

  • Package was published very recently (< 1 week) and has minimal downloads

  • Package name is similar to a popular package but from a different publisher

  • Package has been transferred to a new owner recently

4. Dependency Tree Depth

Check transitive dependencies:

Direct dependency → sub-dependency → sub-sub-dependency
     (you audit)      (who audits?)     (nobody audits?)
  • Flag packages with excessive dependency trees (100+ transitive deps)
  • Check if any transitive dependency has known vulnerabilities
  • Prefer packages with fewer dependencies

5. License Compatibility

Verify licenses are compatible with your project:

LicenseCommercial UseCopyleft Risk
MIT, ISC, BSDYesNo
Apache-2.0YesNo
GPL-3.0CautionYes — derivative works must be GPL
AGPL-3.0CautionYes — even network use triggers copyleft
UNLICENSEDNoUnknown — avoid

Output Format

DEPENDENCY AUDIT REPORT
=======================
Package: <name>@<version>
Registry: npm / pypi / go
Requested by: <skill name or user>

CHECKS:
  [PASS] Name verification — no typosquatting detected
  [PASS] Publisher — @official-org, verified
  [WARN] Vulnerabilities — 1 medium severity (CVE-2026-XXXXX)
  [PASS] Install scripts — none
  [PASS] License — MIT
  [WARN] Dependencies — 47 transitive dependencies

OVERALL: APPROVE / REVIEW / REJECT

RECOMMENDATIONS:
  - Update to version X.Y.Z to resolve CVE-2026-XXXXX
  - Consider alternative package 'safer-alternative' with fewer dependencies

Common Typosquatting Patterns

Watch for these naming tricks:

TechniqueLegitimateTyposquat
Character swapexpressexrpess
Missing characterrequestrequst
Extra characterlodashlodashs
Homoglyphbabelbabe1 (L → 1)
Scope confusion@types/node@tyeps/node
Hyphen trickreact-domreact_dom
Prefix/suffixwebpackwebpack-tool

Rules

  1. Never auto-approve 
    npm install
    or 
    pip install
    from untrusted skills
  2. Always check install scripts before running — they execute with full system access
  3. Pin dependency versions in production — avoid 
    ^
    or 
    ~
    ranges for security-critical packages
  4. If a skill wants to install 10+ packages, review each one individually
  5. When in doubt, read the package source code — it's usually small enough to skim