{"skill":{"slug":"security-audit-tools","displayName":"Security Audit Tools","summary":"Inspect third-party Claude/OpenClaw/Codex/OpenCode skills, plugins, repos, npm packages, pip packages, shell installers, and GitHub Actions before any downlo...","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":330,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1772467045673,"updatedAt":1777525536724},"latestVersion":{"version":"1.0.0","createdAt":1772467045673,"changelog":"# Security Audit Tools v2.0\n\nProfessional security audit toolkit for npm packages and GitHub repositories.\n\n## 🎯 Recommended Method: Option A (Quick Scan + Deep Review)\n\n**Best Practice**: 5-second Quick Scan + 1-hour Deep Review of critical files.\n\n### Workflow\n\n1. **Quick Scan** (5 seconds) – 100% code coverage\n```bash\npython3 tools/quick_scan.py <target_directory>\n\n```\n\n\n2. **Deep Review** (1 hour) – Line-by-line inspection of key files:\n* **Wallet Services** (Private key handling)\n* **Network Clients** (External APIs)\n* **Transaction Services** (Fund operations)\n* **Entry Points** (Overall architecture)\n\n\n3. **Comprehensive Assessment** (5 minutes) – Quantitative reporting\n\n**Advantages**:\n\n* ✅ **Controllable Time** (1 hour vs. 10 hours)\n* ✅ **High Reliability** (9/10)\n* ✅ **Detects Logical Vulnerabilities**\n* ✅ **100% Code Coverage** (via Quick Scan)\n\n---\n\n## Tools\n\n### 1. quick_scan.py (New) ⚡\n\n**Ultra-fast Security Scanner** – Scans all code in 5 seconds.\n\n**Usage**:\n\n```bash\npython3 tools/quick_scan.py <path-to-source>\n\n```\n\n**Example**:\n\n```bash\n# Scan npm package\npython3 tools/quick_scan.py ./npm-extract/package/src\n\n# Scan GitHub repo\npython3 tools/quick_scan.py ./github-repo/src\n\n```\n\n**Detection Items** (10 Critical Patterns):\n\n1. ✅ Dynamic code execution (`eval`/`Function`)\n2. ✅ Process creation (`exec`/`spawn`)\n3. ✅ File operations (`fs.read`/`write`)\n4. ✅ Suspicious network requests (Non-official domains)\n5. ✅ Hardcoded private keys\n6. ✅ Hardcoded Secrets/Tokens\n7. ✅ Obfuscated code (`hex`/`base64`)\n8. ✅ Data exfiltration patterns\n9. ✅ Command injection\n10. ✅ Dangerous npm packages (`shelljs`/`sudo`)\n\n**Output**:\n\n```text\nFiles scanned: 53\nLines scanned: 32,789\nTotal findings: 0\nRisk score: 0/100\n✅ LOW RISK - Safe to install\n\n```\n\n**Risk Scoring**:\n\n* **0-39**: ✅ LOW RISK (Safe to install)\n* **40-69**: ⚠️ MEDIUM RISK (Manual review required)\n* **70-100**: ❌ HIGH RISK (Installation prohibited)\n\n**Key Features**:\n\n* ✅ **Extremely Fast**: Scans 30,000+ lines in 5 seconds.\n* ✅ **100% Coverage**: Comprehensive code analysis.\n* ✅ **Automated**: Detects 10 types of malicious patterns.\n* ✅ **Quantitative**: Provides a risk score (0-100).\n* ✅ **Reportable**: Supports JSON output.\n\n---\n\n### 2. audit-npm-package.sh\n\nAutomated NPM package audit tool.\n\n**Usage**:\n\n```bash\n./tools/audit-npm-package.sh <package-name> <version>\n\n```\n\n**Example**:\n\n```bash\n./tools/audit-npm-package.sh @catalyst-team/poly-sdk 0.5.0\n\n```\n\n**What it does**:\n\n1. Fetches NPM metadata.\n2. Downloads and extracts the package.\n3. Clones GitHub repository (if available).\n4. Compares NPM package content with GitHub source.\n5. Verifies integrity hashes.\n\n**Output**: Creates an `audit-<package>-<version>/` directory containing all audit data.\n\n---\n\n### 3. audit-git-history.sh\n\nDeep Git history analysis tool.\n\n**Usage**:\n\n```bash\n./tools/audit-git-history.sh <path-to-git-repo>\n\n```\n\n**What it does**:\n\n1. **Contributor Analysis**: Detects suspicious emails/identities.\n2. **Timeline Analysis**: Monitors commit frequency and anomalies.\n3. **Large Change Detection**: Identifies mass refactors or hidden injections.\n4. **Suspicious Patterns**: Flags `eval`, `exec`, and `spawn` in history.\n5. **Recent Changes**: Analyzes the latest commits for high-risk updates.\n\n---\n\n### 4. audit-source-code.sh\n\nDeep source code analysis tool.\n\n**Usage**:\n\n```bash\n./tools/audit-source-code.sh <path-to-source>\n\n```\n\n**What it does**:\n\n1. **Statistics**: File counts and lines of code.\n2. **Network**: Analyzes external request patterns.\n3. **File System**: Detects sensitive I/O operations.\n4. **Processes**: Monitors shell command execution.\n5. **Dynamic Execution**: Identifies `eval()` or `new Function()`.\n6. **Environment Variables**: Tracks sensitive data usage.\n7. **Secrets**: Patterns for encryption keys and secrets.\n8. **Obfuscation**: Identifies minified or encoded malicious payloads.\n9. **Wallets**: Searches for crypto wallet/key patterns.\n10. **Imports**: Comprehensive dependency analysis.\n\n---\n\n## Complete Audit Workflow (Updated)\n\n### Recommended Workflow: Option A\n\n**The fastest and most reliable approach**:\n\n```bash\n# Step 1: Quick Scan (5 seconds)\npython3 tools/quick_scan.py ./audit-package-0.5.0/npm-extract/package/src\n\n# Step 2: If LOW RISK, proceed to analyze key metadata\n# Use helper tools:\n./tools/audit-git-history.sh ./audit-package-0.5.0/github-repo\n./tools/audit-source-code.sh ./audit-package-0.5.0/npm-extract/package/src\n\n# Step 3: Manual Deep Review (1 hour)\n# Focus on: Wallets, Networking, Transactions, and Entry Files.\n\n# Step 4: Final assessment and report generation.\n\n```\n\n**Total Time**: ~1 Hour\n\n**Reliability**: 9/10\n\n---\n\n### Traditional Workflow (Legacy/Backup)\n\n1. **Run NPM Package Audit**:\n`./tools/audit-npm-package.sh <name> <version>`\n2. **Analyze Git History**:\n`./tools/audit-git-history.sh ./github-repo`\n3. **Analyze Source Code**:\n`./tools/audit-source-code.sh ./src`\n4. **Manual Deep Dive**:\nUse tool outputs to review network requests, encryption, and key handling.\n\n**Total Time**: ~2-3 Hours\n\n---\n\n## Quick Reference\n\n### Tool Comparison\n\n| Tool | Time | Coverage | Detection Type | Primary Use |\n| --- | --- | --- | --- | --- |\n| **quick_scan.py** | 5s | 100% | Obvious Malice | Initial Screening |\n| audit-npm-package.sh | 30s | NPM Meta | Package Integrity | Verification |\n| audit-git-history.sh | 10s | Git History | Suspicious Commits | Historical Audit |\n| audit-source-code.sh | 10s | 100% | 9-Dimension Scan | Pattern Scanning |\n| **Manual Review** | 1h | 10% | Logical Flaws | Code Comprehension |\n\n### Use Cases\n\n* **Scenario 1: Daily NPM Review**\nRun `quick_scan.py`. If **LOW RISK**, install. If **MEDIUM/HIGH**, escalate.\n* **Scenario 2: Critical Dependency Audit**\nFollow **Option A** complete workflow + 1 hour manual review.\n* **Scenario 3: Suspicious Code Investigation**\nUse `audit-source-code.sh` to locate \"HIGH/CRITICAL\" hits and verify manually.\n\n---\n\n## Requirements\n\n* **Node.js**: npm, node\n* **Git**: git CLI\n* **Unix tools**: shasum, grep, awk, sed, jq\n* **Python**: python3 (for Quick Scan)\n\n---\n\n## Limitations\n\n**These tools do NOT replace**:\n\n* Professional third-party security audits.\n* Dynamic behavior analysis (Docker sandboxing).\n* Real-time network monitoring (Charles/Fiddler).\n* Known malicious code database similarity checks.\n\n**They DO provide**:\n\n* ✅ Automated initial screening.\n* ✅ Pattern-based detection.\n* ✅ Risk scoring and prioritization.\n* ✅ Focused guidance for manual reviewers.\n\n---\n\n## Version History\n\n### v2.0 (2026-03-02)\n\n* ✅ Added `quick_scan.py` - Ultra-fast security scanner.\n* ✅ Introduced **Option A** workflow (Quick Scan + Deep Review).\n* ✅ Optimized audit flow (1 hour vs. 10 hours).\n\n### v1.0 (2026-03-02)\n\n* ✅ Initial release with 3 core audit scripts.\n\n---\n\n**Current Version**: v2.0\n\n**Last Updated**: 2026-03-02 21:48\n\n**Author**: Anonymvs1234","license":null},"metadata":null,"owner":{"handle":"luojin520520","userId":"publishers:luojin520520","displayName":"Polymarket","image":"https://avatars.githubusercontent.com/u/78879434?v=4"},"moderation":{"isSuspicious":true,"isMalwareBlocked":false,"verdict":"suspicious","reasonCodes":["suspicious.dangerous_exec","suspicious.env_credential_access","suspicious.llm_suspicious","suspicious.potential_exfiltration"],"summary":"Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.llm_suspicious (+1 more)","engineVersion":"v2.4.5","updatedAt":1777525536724}}