ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Audit Code

v1.1.1

Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities

2· 2.4k·10 current·12 all-time
by@itsnishi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (code security review for secrets, dangerous calls, dependencies, permissions) align with included artifacts: a Python scanner (scripts/audit_code.py) and a pattern database (scripts/patterns.py). No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions tell the agent to run the included Python script against a target path and to use Bash/Read/Glob/Grep tools. The scanner legitimately reads repository files (including .env and key files) and checks permissions; this is expected. Minor inconsistency: SKILL.md claims 'If $ARGUMENTS is empty, default to $PROJECT_ROOT', but the script actually requires an explicit path and exits if none is provided. Also the frontmatter pre-approves Bash (allowed-tools includes Bash), which is functional here but is a capability that should be intentionally allowed.
Install Mechanism
No install spec or remote downloads; the skill is instruction+bundled code only. All code is included in the package (no external fetches or extract operations), which reduces install-time risk.
Credentials
The skill declares no required environment variables or credentials. The scanner will read repository files (including potential secret files) as part of its function; that file access is proportionate to an auditing tool and is not requesting unrelated secrets.
Persistence & Privilege
always is false and disable-model-invocation is true (skill cannot be auto-invoked by the model), and it does not request persistent system-wide changes. The only elevated capability in the frontmatter is allowing Bash execution when run; because model auto-invocation is disabled, the skill can only be run explicitly by a user.
Assessment
This skill appears to be a legitimate local code auditor. Before running it: (1) review the bundled scripts yourself (they are included) to confirm behavior; (2) run it against a specific project path (the script requires a path — SKILL.md's claimed default is inaccurate); (3) run it as a non‑privileged user or inside a sandbox/container to avoid accidental scanning outside the intended repository; (4) be aware it will read files like .env and private keys (that is its purpose) but it does not contain obvious network/exfiltration code; and (5) if you plan to let other agents/tools invoke it, consider the implications of allowing Bash execution in the frontmatter even though model auto-invocation is disabled.
scripts/patterns.py:357
Shell command execution detected (child_process).
scripts/patterns.py:350
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b1fybrrmgfp6w7f9vvdmqs583pe7bsecurityvk97ebs1md8s0b2fzkerxbvn61n80paw5
2.4kdownloads
2stars
3versions
Updated 8h ago
v1.1.1
MIT-0
@itsnishi
latestsecurity
Download

audit-code -- Project Code Security Review

Security-focused code review of project source code. Covers OWASP-style vulnerabilities, hardcoded secrets, dangerous function calls, and patterns relevant to AI-assisted development.

What to do

Run the auditor against the target path:

python3 "$SKILL_DIR/scripts/audit_code.py" "$ARGUMENTS"

If $ARGUMENTS is empty, default to $PROJECT_ROOT.

What it checks

  • Hardcoded secrets -- API keys (AWS, GitHub, Stripe, OpenAI, Slack), tokens, private keys, connection strings, passwords
  • Dangerous function calls -- eval, exec, subprocess with shell=True, child_process.exec, pickle deserialization, system(), gets(), etc.
  • SQL injection -- String concatenation/interpolation in SQL queries
  • Dependency risks -- Known hallucinated package names, unverified installations
  • Sensitive files -- .env files committed to git, credential files in repo
  • File permissions -- Overly permissive chmod patterns
  • Exfiltration patterns -- Base64 encode + network send, DNS exfiltration, credential file reads

Output

Structured report with severity-ranked findings, file locations, and actionable remediation steps.

When to use

  • Before committing or pushing code
  • When reviewing third-party contributions or PRs
  • As part of a periodic security audit of the codebase
  • After AI-assisted code generation to verify no secrets or vulnerabilities were introduced

Advisory hooks

The repository's .claude/settings.json includes PreToolUse hooks that warn on dangerous Bash and Write operations. These hooks are advisory only -- they produce warnings but do not block execution.

  • audit-code is the detection layer for source code security issues
  • The hooks provide supplementary runtime warnings during agent operation
  • To enforce blocking, hooks must return {"decision": "block"} instead of warning messages

Comments

Loading comments...