Skill Audit by Raini
v1.0.0Scans installed or remote OpenClaw skills for security risks like credential leaks and suspicious code to prevent supply chain attacks.
⭐ 0· 1k·6 current·7 all-time
by@0xraini
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, package.json description, SKILL.md and the included src/audit.js implement a security scanner for OpenClaw skills. The code scans files and looks for credential references, network calls, and dynamic execution patterns — all are appropriate for a skill-audit tool. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md and the CLI instruct running the scanner against skill directories (e.g., ~/.openclaw/workspace/skills or a provided path), which is appropriate. However SKILL.md documents a '/skill-audit check <clawhub-slug>' command that is not implemented in src/audit.js (the CLI only supports 'scan'). Also the scanner will read any files in the target path (which is expected) and could report many heuristic hits; that behavior is normal for a file-scanner but worth knowing.
Install Mechanism
No install spec or remote downloads are included — this is an instruction-only/package-contained skill with the scanner source bundled. Nothing is fetched from external URLs at install time.
Credentials
No environment variables, credentials, or config paths are required. The code reads filesystem paths supplied by the user and uses process.env.HOME to locate the default workspace; that is proportionate to a scanner. It does not ask for unrelated secrets.
Persistence & Privilege
always is false and the skill does not request elevated persistence or modify other skills. disable-model-invocation is false (agent can call it autonomously) — appropriate for a utility skill. There is no evidence it alters agent/system-wide settings.
Assessment
This appears to be a legitimate local security scanner. Before installing: 1) Note SKILL.md mentions a 'check' command that the bundled CLI does not implement — treat that as a documentation mismatch. 2) The scanner uses simple regex heuristics and will produce false positives (and could miss sophisticated obfuscation); review flagged files manually. 3) When running 'scan --all' the tool will read all files in your skills directory — run it in a safe environment or with explicit paths if you're concerned about sensitive locations. 4) Because the skill can be invoked autonomously by the agent, consider whether you want it enabled for automatic runs; this is not a red flag by itself but be mindful of what paths the agent may instruct the skill to scan. 5) If you rely on its results for critical decisions, open the bundled src/audit.js and verify the detection rules and allowlist domains yourself (the code is short and readable).Like a lobster shell, security has layers — review code before you run it.
latest
Skill Audit 🔍
扫描 OpenClaw skills 中的安全风险,防止供应链攻击。
指令
/skill-audit scan [skill-name]
扫描已安装的 skill,检测可疑代码模式。
# 扫描所有已安装 skill
skill-audit scan
# 扫描指定 skill
skill-audit scan moltdash
# 扫描本地目录
skill-audit scan ./my-skill
/skill-audit check <clawhub-slug>
安装前检查 ClawHub 上的 skill。
skill-audit check some-skill
检测规则
🔴 高风险 (Critical)
- 读取凭证文件:
~/.ssh/,~/.env,credentials.json - 外发数据:
fetch(),curl,webhook,POST到未知 URL - 代码执行:
eval(),exec(),child_process - 读取环境变量中的密钥:
process.env.API_KEY
🟠 中风险 (Warning)
- 网络请求到非知名域名
- 文件系统遍历:
fs.readdir(),glob - 动态 require/import
- Base64 编码的字符串 (可能是混淆)
🟡 低风险 (Info)
- 使用 shell 命令
- 读写用户目录外的文件
- 大量依赖包
输出示例
🔍 Skill Audit Report: suspicious-weather
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Risk Score: 85/100 🔴 HIGH RISK
┌─────────────┬──────────┬─────────────────────────────────┐
│ File │ Severity │ Finding │
├─────────────┼──────────┼─────────────────────────────────┤
│ index.ts │ CRITICAL │ Reads ~/.openclaw/credentials/ │
│ index.ts │ CRITICAL │ POST to webhook.site │
│ utils.ts │ WARNING │ Uses eval() │
└─────────────┴──────────┴─────────────────────────────────┘
⚠️ DO NOT INSTALL - This skill may steal your credentials!
运行方式
该 skill 附带一个 CLI 脚本,agent 可直接调用:
node {baseDir}/src/audit.js scan ~/.openclaw/workspace/skills/moltdash
node {baseDir}/src/audit.js scan --all
参考
Comments
Loading comments...