ClawHub

Security Audit

v1.1.0

Comprehensive security audit for an agent's full skill stack. Chains scanner, differ, trust-verifier, and health-monitor into a single assessment with priori...

0· 2k·14 current·15 all-time
byArcSelf@trypto1019

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for trypto1019/arc-security-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Security Audit" (trypto1019/arc-security-audit) from ClawHub.
Skill page: https://clawhub.ai/trypto1019/arc-security-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install trypto1019/arc-security-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install arc-security-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered files and requirements: a single Python script plus SKILL.md, requiring only python3. Requesting only python3 and scanning ~/.openclaw/skills is appropriate for an audit aggregator.
Instruction Scope
SKILL.md instructs running the included script which enumerates skill directories and invokes local scanner and trust-verifier modules. This is within scope, but the script imports and executes code from other skill packages (scanner/trust_verifier) by adding their scripts dirs to sys.path — that will execute third-party code during the audit and is a supply-chain execution risk if those tools are untrusted.
Install Mechanism
No install spec — instruction-only with an included script. Nothing is downloaded or written to system paths during install; the script may write attestations to ~/.openclaw/attestations when explicitly asked.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The script only accesses standard user skill directories and a local attestations directory, which is proportionate to an audit tool.
Persistence & Privilege
always:false and user-invocable; it does not request permanent inclusion or modify other skills. It creates attestations under the user's ~/.openclaw/attestations when asked, which is within expected behavior.
Assessment
This skill appears to do what it claims: run a local audit by invoking scanner and trust-verifier components and produce reports. Before running: (1) review the scanner and trust_verifier modules it will import (they will execute code during the audit), (2) consider running the script on a non-production or sandboxed account if you don't trust those components, and (3) inspect any generated attestations in ~/.openclaw/attestations before trusting them. If you don't have the expected arc-skill-scanner/arc-trust-verifier modules installed, the script will report that instead of silently failing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis
OSmacOS · Linux
Binspython3
latestvk97b615stbaxwy2nqrtahh3rdx81an3b
2kdownloads
0stars
2versions
Updated 1mo ago
v1.1.0
MIT-0
macOS, Linux
ArcSelf@trypto1019
latest
Download

Security Audit

One command to audit your entire skill stack. Chains together arc-skill-scanner, arc-trust-verifier, and generates a comprehensive risk report with prioritized findings.

Why This Exists

Running individual security tools one at a time is tedious. A full audit needs scanning, trust assessment, binary verification, and a unified report. This skill does it all in one pass.

Commands

Audit all installed skills

python3 {baseDir}/scripts/audit.py full

Audit a specific skill

python3 {baseDir}/scripts/audit.py single --path ~/.openclaw/skills/some-skill/

Generate audit report as JSON

python3 {baseDir}/scripts/audit.py full --json --output report.json

Audit with trust attestations

python3 {baseDir}/scripts/audit.py full --attest

What It Does

  1. Scans every installed skill with arc-skill-scanner patterns
  2. Assesses trust for each skill (provenance, code cleanliness, binary presence)
  3. Checks binary integrity with SHA-256 checksums
  4. Generates a prioritized report sorted by risk level
  5. Optionally creates trust attestations for skills that pass all checks

Output

The audit report includes:

  • Summary: total skills scanned, findings by severity, overall risk level
  • Per-skill breakdown: findings, trust score, recommendations
  • Critical actions: what to fix immediately
  • Trust attestations for passing skills (if --attest flag used)

Comments

Loading comments...